telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)

Overview

CVE-2019-15514

Type: Information Disclosure

Affected Users, Versions, Devices: All Telegram Users

Still not fixed/unpatched. brute.py is available exploit written under python.

Description

Suppose ali is hacktivist. His telegram user ID is 21788973 and mobile number is hidden. He lives in pakistan (+92). We can add any user to contact by phone number. We will add phones numbers from range +92-0000000000 to +92-9999999999. So if any number successfully added and that user ID is 21788973, that's mean ali number is successfully exposed !

Note: All above information supplied is hypothetical.

Remember, current example range was 9 digits long. We can reduce it more by social engineerring, sim code knowledge, password resets (specially gmail,paypal)... The more low range, the more less time will it take.

Background

This bug been exploited in wild from long. This appreciated us to investigate and open source its exploit for making telegram to patch it soon.

Proof Of Concept

Generate wordlist:

Suppose, we have an telegram victim that number starts with 92313, ends with 89 and in between there are 5 unknown digits We will generate all comibnations of number list within range 92313-xxxxx-89.

Use num_gen.py. It will write numbers to 92313xxxxx89.txt. Before, must edit following:

  • prefix: a number should starts with. Here example, its 92313
  • middle_range: total digits of unknown middle range. Here example, its 5
  • suffix: a number should ends with. Here example, its 89

Brute force:

  • *phone: insert your phone number including country code, without including spaces or +(plus)

  • *api_id: create app and insert api id. learn more

  • *api_hash: create app and api hash. learn more

  • *numlist : the path to your numbers list or wordlist

  • *username_or_id: insert numeric id or username without @ of victim. Better use kotatogram as it supports showing user id in profile.

  • use_proxy: Enable or Disable proxy

  • proxy_server: domain or ip of proxy DNS

  • proxy_secret: hex encoded secret of proxy that serves as password

  • proxy_port: numeric port, mostly 443

  • should_resume: resume capability. whether to start from where numbers left ?

  • threads: # numbers to be tried on each try, don't increase else won't work

  • delay: delay in seconds on each try to lower telegram block time interval

Features:

  1. multi-threaded i.e checks 19 numbers at time
  2. resume capability
  3. waits when blocked, time it waits equals to time telegram blocks
  4. accurate results

Credits:

I Love ALLAH + Holy Prophet + Islam and Pakistan.

You might also like...
This tool help you to check if your Windows machine has hidden miner.

Hidden Miner Detector This tool help you to check if your Windows machine has hidden miner. Miners track when you open antivirus software or task mana

Advanced subdomain scanner,  any domain hidden subdomains
Advanced subdomain scanner, any domain hidden subdomains

little advanced subdomain scanner made in python, works very quick and has options to change the port u want it to connect for

Data Recovery from your broken Android phone

Broken Phone Recovery a guide how to backup data from your locked android phone if you broke your screen (and more) you can skip some steps depending

Yesitsme - Simple OSINT script to find Instagram profiles by name and e-mail/phone
Yesitsme - Simple OSINT script to find Instagram profiles by name and e-mail/phone

Simple OSINT script to find Instagram profiles by name and e-mail/phone

A Telegram Bot to force users to join a specific channel before sending messages in a group.

Promoter A Telegram Bot to force users to join a specific channel before sending messages in a group. Introduction A Telegram Bot to force users to jo

PreviewGram is for users that wants get a more private experience with the Telegram's Channel.
PreviewGram is for users that wants get a more private experience with the Telegram's Channel.

PreviewGram is for users that wants get a more private experience with the Telegram's Channel.

Exploit for CVE-2021-3129

laravel-exploits Exploit for CVE-2021-3129

SonicWALL SSL-VPN Web Server Vulnerable Exploit
SonicWALL SSL-VPN Web Server Vulnerable Exploit

SonicWALL SSL-VPN Web Server Vulnerable Exploit

Proof of Concept Exploit for vCenter CVE-2021-21972
Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972

Comments
  • blocked after three tries

    blocked after three tries

    hey, I try to active the code, but after 3 times (19*3) I'm getting a block for like 200 seconds, and then again. any suggestion on how to fix it? thanks

    opened by ronb65 0
Owner
Gray Programmerz
I'm day time programmer and night time thinker.
Gray Programmerz
log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

说明 about author: 我超怕的 blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

null 3 Aug 13, 2022
Tinyman exploit finder - Tinyman exploit finder for python

tinyman_exploit_finder There was a big tinyman exploit. You can read about it he

fish.exe 9 Dec 27, 2022
Discord-email-spammer-exploit - A discord email spammer exploit with python

Discord-email-spammer-exploit was made by Love ❌ code ✅ ?? ・Description First it

Rdimo 25 Aug 13, 2022
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

?? Public Bug Bounty Targets Data By BugBountyResources A collection of over 5.1M sub-domains and assets belonging to bug bounty targets, all put in a

Bug Bounty Resources 87 Dec 13, 2022
👑 Discovery Header DoD Bug-Bounty

?? Discovery Header DoD Bug-Bounty Did you know that DoD accepts server headers? ?? (example: apache"version" , php"version") ? In this code it is pos

KingOfTips 38 Aug 9, 2022
Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

BugAlert.org 208 Dec 15, 2022
BETA: Layla - recon tool for bug bounty

WELCOME TO LAYLA Layla is a python script that automatically performs recon on a

Matheus Faria 68 Jan 4, 2023
IPscan - This Script is Framework To automate IP process large scope For Bug Hunting

IPscan This Script is Framework To automate IP process large scope For Bug Hunti

0xd2rdir 8 Mar 12, 2022
Meterpreter Reverse shell over TOR network using hidden services

Poiana Reverse shell over TOR network using hidden services Features -> Create a hidden service -> Generate non-staged payload (python/meterpreter_rev

calfcrusher 80 Dec 21, 2022
DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

vijay sahu 12 Dec 17, 2022