telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)

Overview

CVE-2019-15514

Type: Information Disclosure

Affected Users, Versions, Devices: All Telegram Users

Still not fixed/unpatched. brute.py is available exploit written under python.

Description

Suppose ali is hacktivist. His telegram user ID is 21788973 and mobile number is hidden. He lives in pakistan (+92). We can add any user to contact by phone number. We will add phones numbers from range +92-0000000000 to +92-9999999999. So if any number successfully added and that user ID is 21788973, that's mean ali number is successfully exposed !

Note: All above information supplied is hypothetical.

Remember, current example range was 9 digits long. We can reduce it more by social engineerring, sim code knowledge, password resets (specially gmail,paypal)... The more low range, the more less time will it take.

Background

This bug been exploited in wild from long. This appreciated us to investigate and open source its exploit for making telegram to patch it soon.

Proof Of Concept

Generate wordlist:

Suppose, we have an telegram victim that number starts with 92313, ends with 89 and in between there are 5 unknown digits We will generate all comibnations of number list within range 92313-xxxxx-89.

Use num_gen.py. It will write numbers to 92313xxxxx89.txt. Before, must edit following:

  • prefix: a number should starts with. Here example, its 92313
  • middle_range: total digits of unknown middle range. Here example, its 5
  • suffix: a number should ends with. Here example, its 89

Brute force:

  • *phone: insert your phone number including country code, without including spaces or +(plus)

  • *api_id: create app and insert api id. learn more

  • *api_hash: create app and api hash. learn more

  • *numlist : the path to your numbers list or wordlist

  • *username_or_id: insert numeric id or username without @ of victim. Better use kotatogram as it supports showing user id in profile.

  • use_proxy: Enable or Disable proxy

  • proxy_server: domain or ip of proxy DNS

  • proxy_secret: hex encoded secret of proxy that serves as password

  • proxy_port: numeric port, mostly 443

  • should_resume: resume capability. whether to start from where numbers left ?

  • threads: # numbers to be tried on each try, don't increase else won't work

  • delay: delay in seconds on each try to lower telegram block time interval

Features:

  1. multi-threaded i.e checks 19 numbers at time
  2. resume capability
  3. waits when blocked, time it waits equals to time telegram blocks
  4. accurate results

Credits:

I Love ALLAH + Holy Prophet + Islam and Pakistan.

Owner
Gray Programmerz
I'm day time programmer and night time thinker.
Gray Programmerz
A honey token manager and alert system for AWS.

SpaceSiren SpaceSiren is a honey token manager and alert system for AWS. With this fully serverless application, you can create and manage honey token

287 Nov 09, 2022
Open-source jailbreaking tool for many iOS devices

Open-source jailbreaking tool for many iOS devices *Read disclaimer before using this software. checkm8 permanent unpatchable bootrom exploit for hund

6.7k Jan 05, 2023
This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

Pedro Havay 12 Nov 18, 2022
Simple yara rule manager

Yara Manager A simple program to manage your yara ruleset in a (sqlite) database. Todos Search rules and descriptions Cluster rules in rulesets Enforc

Nils Kuhnert 65 Nov 17, 2022
A simple way to store your passwords without requiring third party applications

SimplePasswordManager A simple way to store your passwords without requiring third party applications Simple To Use. Store Your Passwords For Each Web

Leone Odinga 1 Dec 23, 2021
Hikvision 流媒体管理服务器敏感信息泄漏

Hikvisioninformation Hikvision 流媒体管理服务器敏感信息泄漏 Options optional arguments: -h, --help show this help message and exit -u url, --url url

Henry4E36 13 Nov 09, 2022
SSRF search vulnerabilities exploitation extended.

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters).

Andri Wahyudi 13 Jul 04, 2021
Subdomain enumeration,Web scraping and finding usernames automation script written in python

Subdomain enumeration,Web scraping and finding usernames automation script written in python

Syam 12 Nov 22, 2022
A python script written for lazy people to hack their school systen ;D

F-ck-the-system A python script written for lazy people to hack their school systen ;D Python voice notes writer This is a python script to record you

Sachit 2 Jan 09, 2022
MD5-CRACKER - A gmail brute force app created with python3

MD5-CRACKER So this is my first app i created with python3 . if you guys downloa

2 Nov 10, 2022
Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

Open Source Security Foundation (OpenSSF) 221 Jan 01, 2023
Simples brute forcer de diretorios para web pentest.

🦑 dirbruter Simples brute forcer de diretorios para web pentest. ❕ Atenção Não ataque sites privados. Isto é illegal. 🖥️ Pré-requisitos Ultima versã

Dio brando 6 Jan 22, 2022
pwncat module that automatically exploits CVE-2021-4034 (pwnkit)

pwncat_pwnkit Introduction The purpose of this module is to attempt to exploit CVE-2021-4034 (pwnkit) on a target when using pwncat. There is no need

Dana Epp 33 Jul 01, 2022
A Python application to predict what is cooking

ez-cuisine-classifier A Python application to predict what is cooking Environment Python 3.9 Windows 10 Install python -m venv venv .\venv\Scripts\act

Zeheng Li 1 Jun 21, 2022
List of S3 Hacks

s3-leaks List of AWS S3 Leaks Feel free to send in a PR if you know of other leaks Date Description Notes Aug2020 S3 bucket mess up exposed 182GB of s

Nag 291 Dec 28, 2022
Dumping revelant information on compromised targets without AV detection

DonPAPI Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI (link ) We a

Login Securite 580 Jan 09, 2023
Buffer Overflow para SLmail5.5 32 bits

SLmail5.5-Exploit-BoF Buffer Overflow para SLmail5.5 32 bits con un par de utilidades para que puedas hacer el tuyo REQUISITOS PARA QUE FUNCIONE: Desa

Luis Javier 15 Jul 30, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

About Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Changed from sam-the-admin. Usage SAM THE ADMIN CVE-202

Evi1cg 500 Jan 06, 2023
Apache OFBiz rmi反序列化EXP(CVE-2021-26295)

Apache OFBiz rmi反序列化EXP(CVE-2021-26295) 目前仅支持nc弹shell 将ysoserial.jar放置在同目录下,py3运行,根据提示输入漏洞url,你的vps地址和端口 第二次使用建议删除exp.ot 本工具仅用于安全测试,禁止未授权非法攻击站点,否则后果自负

15 Nov 09, 2022
The best Python Backdoor👌

Backdoor The best Python Backdoor Files Server file is used in all of cases If client is Windows, the client need execute EXE file If client is Linux,

13 Oct 28, 2022