Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A collection of "Mr. Robot" Season 2 Easter Egg Sites. #mrrobot #hackingrobot #robotegg

Mr. Robot Season 2 Easter Egg Sites

1. Ransomware webpage

On load, this page displays a countdown timer starting at 24:00:00. When time is over, the following "hidden" message is revealed:

I sincerely believe that banking establishments are more dangerous than standing armies, and that the principle of spending money to be paid by posterity, under the name of funding, is but swindling futurity on a large scale.
– Thomas Jefferson

2. E Corp maintenance page

Maintenance page for the fictive E Corp webpage. Opposite of the Evil Corp version.

3. Evil Corp maintenance page

Maintenance page for the fictive Evil Corp webpage. Opposite of the E Corp version.

A subdomain of the evil corp site is shown in a S2 trailer on Facebook, when Elliot connects as follows:

ssh -l root bkuw300ps345672-cs30.serverfarm.evil-corp-usa.com

4. Confictura Industries webpage

GIF-bloated 90's "Under construction" webpage. Nothing special here (afaik).
In S02E01, the QR code in Elliot's notebook points to this website.

5. Others

@eyecatchup

This comment has been minimized.

Show comment
Hide comment
Owner

eyecatchup commented Jul 12, 2016

@GavinEke

This comment has been minimized.

Show comment
Hide comment
@GavinEke

GavinEke Jul 14, 2016

A side note about the evil corp subdomain in number 3.

bkuw300ps345672 is the hostname of the server which Elliot finds the fsociety00.dat file and CS30 is the "honeypot" Allsafe implements in Evil Corp's network,

A side note about the evil corp subdomain in number 3.

bkuw300ps345672 is the hostname of the server which Elliot finds the fsociety00.dat file and CS30 is the "honeypot" Allsafe implements in Evil Corp's network,

@jeroenvisser101

This comment has been minimized.

Show comment
Hide comment

http://www.fsoc.sh/ -> "LEAVE ME HERE"

@glennferrie

This comment has been minimized.

Show comment
Hide comment
@glennferrie

glennferrie Aug 12, 2016

From Season 2 Episode 6, Did anyone figure out anything useful to do with the femtocell that Angela left under the desk @ E-Corp?

http://l4713116.e-corp-usa.com/ (address of the femtocell that Angela access from her terminal)

From Season 2 Episode 6, Did anyone figure out anything useful to do with the femtocell that Angela left under the desk @ E-Corp?

http://l4713116.e-corp-usa.com/ (address of the femtocell that Angela access from her terminal)

@saschalalala

This comment has been minimized.

Show comment
Hide comment
@saschalalala

saschalalala Aug 12, 2016

@glennferrie you can only cd bin and then ./EnableAttack with the same parameters Angela has to use in the episode. Nothing more afaik

@glennferrie you can only cd bin and then ./EnableAttack with the same parameters Angela has to use in the episode. Nothing more afaik

@lesthack

This comment has been minimized.

Show comment
Hide comment
@lesthack

lesthack Aug 15, 2016

yep @saschalalala, some like that: ./EnableAttack femtopwn WLAN0,WLAN1 2

lesthack commented Aug 15, 2016

yep @saschalalala, some like that: ./EnableAttack femtopwn WLAN0,WLAN1 2

@aaranmcguire

This comment has been minimized.

Show comment
Hide comment
@thinkbeforecoding

This comment has been minimized.

Show comment
Hide comment
@thinkbeforecoding

thinkbeforecoding Aug 19, 2016

There's also http://192.251.68.245 from the direction board in S02E06... with this strange message in the BBS:

I really love this BBS! I've been reading all kinds of things. The other day!
I looked at some cool ANSI Art. And then I Paged that Sysops guy! but he
didn't respond so I checked the bulletins, paged Sysops AGAIN, checked
out some ANSI Art and paged Sysops just to see if he was there and then
delved into the Bulletins section once more.

I tried the same sequence but could not find anything new

thinkbeforecoding commented Aug 19, 2016

There's also http://192.251.68.245 from the direction board in S02E06... with this strange message in the BBS:

I really love this BBS! I've been reading all kinds of things. The other day!
I looked at some cool ANSI Art. And then I Paged that Sysops guy! but he
didn't respond so I checked the bulletins, paged Sysops AGAIN, checked
out some ANSI Art and paged Sysops just to see if he was there and then
delved into the Bulletins section once more.

I tried the same sequence but could not find anything new

@Rep7il3

This comment has been minimized.

Show comment
Hide comment

Rep7il3 commented Sep 16, 2016

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Sep 23, 2016

If you type in "A P B P A P B" at the http://102.251.68.245 site, you can download 8 jpegs of "Affirmations".
You have to wait for the sysop to not respond after entering each "P".

ghost commented Sep 23, 2016

If you type in "A P B P A P B" at the http://102.251.68.245 site, you can download 8 jpegs of "Affirmations".
You have to wait for the sysop to not respond after entering each "P".

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Sep 23, 2016

If you type in "A P B P A P B" at the http://192.251.68.245 site, you can download 8 jpegs of "Affirmations".
You have to wait for the sysop to not respond after entering each "P".

ghost commented Sep 23, 2016

If you type in "A P B P A P B" at the http://192.251.68.245 site, you can download 8 jpegs of "Affirmations".
You have to wait for the sysop to not respond after entering each "P".

@johnowhitaker

This comment has been minimized.

Show comment
Hide comment
@johnowhitaker

johnowhitaker Sep 24, 2016

e-corp-usa.com (the maintenance page) has an employee login option. evil-corp-usa.com does not, but going to http://www.evil-corp-usa.com/login/ gets you a username and password entry. No luck getting further so far.

e-corp-usa.com (the maintenance page) has an employee login option. evil-corp-usa.com does not, but going to http://www.evil-corp-usa.com/login/ gets you a username and password entry. No luck getting further so far.

@enociz

This comment has been minimized.

Show comment
Hide comment
@enociz

enociz Sep 30, 2016

@eyecatchup @Rep7il3 found anything about the logins for the stage.*.com's?

enociz commented Sep 30, 2016

@eyecatchup @Rep7il3 found anything about the logins for the stage.*.com's?

@enociz

This comment has been minimized.

Show comment
Hide comment
@enociz

enociz Sep 30, 2016

http://www.conficturaindustries.com/

Clicking the "Geocity of the day" image/widget takes you to http://www.red-wheelbarrow.com/. This also has a menu... I'm not sure what more you'd want with it. The Red Wheelbarrow is where Tyrell draws his quote from at the start of the S2E12.

enociz commented Sep 30, 2016

http://www.conficturaindustries.com/

Clicking the "Geocity of the day" image/widget takes you to http://www.red-wheelbarrow.com/. This also has a menu... I'm not sure what more you'd want with it. The Red Wheelbarrow is where Tyrell draws his quote from at the start of the S2E12.

@philerooski

This comment has been minimized.

Show comment
Hide comment
@philerooski

philerooski Oct 3, 2016

An employee at my company sent us the "Ransomware webpage" as a link - no comments whatsoever - via Slack and we ended up banning his Slack account before realizing the joke. Way too legitimate!

An employee at my company sent us the "Ransomware webpage" as a link - no comments whatsoever - via Slack and we ended up banning his Slack account before realizing the joke. Way too legitimate!

@jamiechong

This comment has been minimized.

Show comment
Hide comment
@jamiechong

jamiechong Oct 14, 2016

@johnowhitaker perhaps the username is Angela_Moss as seen in S02E06 00:31:39

@johnowhitaker perhaps the username is Angela_Moss as seen in S02E06 00:31:39

@jamiechong

This comment has been minimized.

Show comment
Hide comment
@jamiechong

jamiechong Oct 14, 2016

@johnowhitaker Actually the login info to http://www.e-corp-usa.com/login can be found at S02E09 00:15:12
u: joseph.green
p: holidayarmadillo

Sending an email to the "help desk" gives a nice auto response, with possibly some more easter eggs. The email sent to me has a case number 5B834E0D662F4E004E2A586B5B576E38620F are they all the same?

jamiechong commented Oct 14, 2016

@johnowhitaker Actually the login info to http://www.e-corp-usa.com/login can be found at S02E09 00:15:12
u: joseph.green
p: holidayarmadillo

Sending an email to the "help desk" gives a nice auto response, with possibly some more easter eggs. The email sent to me has a case number 5B834E0D662F4E004E2A586B5B576E38620F are they all the same?

@MonkeyDo

This comment has been minimized.

Show comment
Hide comment
@MonkeyDo

MonkeyDo Oct 30, 2016

@jamiechong, confirmed, case number 5B834E0D662F4E004E2A586B5B576E38620F

@jamiechong, confirmed, case number 5B834E0D662F4E004E2A586B5B576E38620F

@merlinnusr

This comment has been minimized.

Show comment
Hide comment
@merlinnusr

merlinnusr Dec 5, 2016

http://www.racksure.com/
https://www.seeso.com/ (keep an eye on stage.seeso.com)

In What episode, this sites appears ?

http://www.racksure.com/
https://www.seeso.com/ (keep an eye on stage.seeso.com)

In What episode, this sites appears ?

@Krolo2

This comment has been minimized.

Show comment
Hide comment
@Krolo2

Krolo2 May 24, 2017

37.3992,-122.0333 are the coordinates of the host of the help desk email. Does this help? XD

Krolo2 commented May 24, 2017

37.3992,-122.0333 are the coordinates of the host of the help desk email. Does this help? XD

@0x44616564616c7573

This comment has been minimized.

Show comment
Hide comment
@0x44616564616c7573

0x44616564616c7573 Oct 12, 2017

https://compute.e-corp-usa.com/
Season three. Found via following his Shodan search on the premiere episode.
If I had to guess, I would say it probably requires an Apache exploit because it's labeled as an Apache website last changed in 2015- but I'm not willing to stray that far past the line of illegality to find out.

Reminds me of Equifax, actually.

If anyone does check into that, I would suggest contacting them before trying anything stupid, especially with their terms and conditions. (Full range of legal remedies, etc, etc.)

https://compute.e-corp-usa.com/
Season three. Found via following his Shodan search on the premiere episode.
If I had to guess, I would say it probably requires an Apache exploit because it's labeled as an Apache website last changed in 2015- but I'm not willing to stray that far past the line of illegality to find out.

Reminds me of Equifax, actually.

If anyone does check into that, I would suggest contacting them before trying anything stupid, especially with their terms and conditions. (Full range of legal remedies, etc, etc.)

@krisztian999tr

This comment has been minimized.

Show comment
Hide comment
@krisztian999tr

krisztian999tr May 9, 2018

The page from the "shipping" scene:
https://www.e-corp-usa.com/cp/directory/shipping/1088989/
AdobeTracking.pageName = 'E-Corp USA Shipping : 1088989 : Login Error';

krisztian999tr commented May 9, 2018

The page from the "shipping" scene:
https://www.e-corp-usa.com/cp/directory/shipping/1088989/
AdobeTracking.pageName = 'E-Corp USA Shipping : 1088989 : Login Error';

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment