Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



   1161

[FREE] [telegram exploit] find any user's hidden phone number

by muhammadali999 - 22 December, 2021 - 10:34 AM
This post is by a banned member (muhammadali999) - Unhide
55
Posts
11
Threads
3 Years of service
#1
(This post was last modified: 22 December, 2021 - 03:35 PM by muhammadali999. Edited 2 times in total.)
source:https://github.com/graysuit/CVE-2019-15514

CVE-2019-15514
Type: Information Disclosure
Affected Users: All Telegram Users
Still not fixed/unpatched. brute.py is available exploit written under python.


Description:
Suppose ali is hacktivist. His telegram user ID is 21788973 and mobile number is hidden. He lives in pakistan (+92). We can add any user to contact by phone number. We will add phones numbers from range +92-0000000000 to +92-9999999999. So if any number successfully added and that user ID is 21788973, that's mean ali number is successfully exposed !

Note: All above information supplied is hypothetical.

Remember, current example range was 9 digits long. We can reduce it more by social engineering, sim code knowledge, password resets (specially gmail,paypal)... The more low range, the more less time will it take.


Background:
This bug been exploited in wild from long. This appreciated us to investigate and open source its exploit for making telegram to patch it soon.

Proof Of Concept
Suppose, we have an telegram victim that number starts with 92313, ends with 89 and in between there are 5 unknown digits We will generate all combinations of number list within range 92313-xxxxx-89.

Use num_gen.py. It will write numbers to 92313xxxxx89.txt. Before, must edit following:
  • prefix: a number should starts with. Here example, its 92313
  • middle_range: total digits of unknown middle range. Here example, its 5
  • suffix: a number should ends with. Here example, its 89

Brute force:
  • *phone: insert your phone number including country code, without including spaces or +(plus)
  • *api_id: create app and insert api id. learn more
  • *api_hash: create app and api hash. learn more
  • *numlist : the path to your numbers list or wordlist
  • *username_or_id: insert numeric id or username without @ of victim. Better use kotatogram as it supports showing user id in profile.
  • use_proxy: Enable or Disable proxy
  • proxy_server: domain or ip of proxy DNS
  • proxy_secret: hex encoded secret of proxy that serves as password
  • proxy_port: numeric port, mostly 443
  • should_resume: resume capability. whether to start from where numbers left ?
  • threads: # numbers to be tried on each try, don't increase else won't work
  • delay: delay in seconds on each try to lower telegram block time interval

Features:
  1. multi-threaded i.e checks 19 numbers at time
  2. resume capability
  3. waits when blocked, time it waits equals to time telegram blocks
  4. accurate results
Credits: I Love ALLAH + Holy Prophet + Islam and Pakistan.
[Image: dark-prince.jpg]
I'm Masoom Shetaan (innocent evil). Both are opposites. It just depend upon challenge I have been assigned.
This post is by a banned member (muhammadali999) - Unhide
55
Posts
11
Threads
3 Years of service
#2
This is a bump
[Image: dark-prince.jpg]
I'm Masoom Shetaan (innocent evil). Both are opposites. It just depend upon challenge I have been assigned.
This post is by a banned member (muhammadali999) - Unhide
55
Posts
11
Threads
3 Years of service
#3
This is a bump
[Image: dark-prince.jpg]
I'm Masoom Shetaan (innocent evil). Both are opposites. It just depend upon challenge I have been assigned.
This post is by a banned member (Lokos4444) - Unhide
This post is by a banned member (oppsy) - Unhide
oppsy  
Registered
303
Posts
11
Threads
2 Years of service
#5
ill check
This post is by a banned member (DARK1877) - Unhide
DARK1877  
Registered
39
Posts
0
Threads
2 Years of service
#6
(This post was last modified: 01 September, 2022 - 10:43 AM by DARK1877.)
hih[

hhpo0
This post is by a banned member (error_01) - Unhide
error_01  
Registered
12
Posts
0
Threads
#7
how i get user id of the user
 
(22 December, 2021 - 10:34 AM)muhammadali999 Wrote: Show More
source:https://github.com/graysuit/CVE-2019-15514

CVE-2019-15514
Type: Information Disclosure
Affected Users: All Telegram Users
Still not fixed/unpatched. brute.py is available exploit written under python.


Description:
Suppose ali is hacktivist. His telegram user ID is 21788973 and mobile number is hidden. He lives in pakistan (+92). We can add any user to contact by phone number. We will add phones numbers from range +92-0000000000 to +92-9999999999. So if any number successfully added and that user ID is 21788973, that's mean ali number is successfully exposed !

Note: All above information supplied is hypothetical.

Remember, current example range was 9 digits long. We can reduce it more by social engineering, sim code knowledge, password resets (specially gmail,paypal)... The more low range, the more less time will it take.


Background:
This bug been exploited in wild from long. This appreciated us to investigate and open source its exploit for making telegram to patch it soon.

Proof Of Concept
Suppose, we have an telegram victim that number starts with 92313, ends with 89 and in between there are 5 unknown digits We will generate all combinations of number list within range 92313-xxxxx-89.

Use num_gen.py. It will write numbers to 92313xxxxx89.txt. Before, must edit following:
  • prefix: a number should starts with. Here example, its 92313
  • middle_range: total digits of unknown middle range. Here example, its 5
  • suffix: a number should ends with. Here example, its 89

Brute force:
  • *phone: insert your phone number including country code, without including spaces or +(plus)
  • *api_id: create app and insert api id. learn more
  • *api_hash: create app and api hash. learn more
  • *numlist : the path to your numbers list or wordlist
  • *username_or_id: insert numeric id or username without @ of victim. Better use kotatogram as it supports showing user id in profile.
  • use_proxy: Enable or Disable proxy
  • proxy_server: domain or ip of proxy DNS
  • proxy_secret: hex encoded secret of proxy that serves as password
  • proxy_port: numeric port, mostly 443
  • should_resume: resume capability. whether to start from where numbers left ?
  • threads: # numbers to be tried on each try, don't increase else won't work
  • delay: delay in seconds on each try to lower telegram block time interval

Features:
  1. multi-threaded i.e checks 19 numbers at time
  2. resume capability
  3. waits when blocked, time it waits equals to time telegram blocks
  4. accurate results
Credits: I Love ALLAH + Holy Prophet + Islam and Pakistan.

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)