12:12 Bulk domain hijacking | |
If you suddenly turn someone with a request to explain how he could take away the domain is not surprised. Due to the trite outdated information in the registration data of any domain at risk of becoming prey for a hacker. And if you connect to this number of useful tools, for an extremely short period of time, perhaps dozens of others just to get a domain! Video Project SocialWare.ru That just does not come to mind from boredom. Here we are, having nothing to do decided to have purposed to something global and see if there really is not access to multiple domains, and at once to many! And we did. Stay recorders! First and foremost we wanted to see a small domain statistics, how many of them at any registrar, many are exempt and which are already razdelegirovany. But it does nothing special happened, and we began to think further. After some deliberation had the idea to sort the domains to mailboxes and then we got to a point. Bingo! The site 1stat.ru /? Show = whois you can use this chip as the replacement of one symbol, or replacement of any amount, and most importantly you can list the domain owner via email, which we have used. We have entered a query % @ mail.ru. and get results. An 500 domain (from 60000). Five hundred domains is nice, but as you already understood it does not limit the opportunities and to increase the output list of domains, we need only register on the site. Incidentally, they have pretty strict registration, got registered only the second time. After the procedure done, the result is increased 10 times! * An 5000 domains. But replacing any number of characters as not cool, you still fly the first 5000 domain. And how do you make so that others hatched ... In general, you can use brute force and make requests of the form * @ mail.ru, then ** @ mail.ru and so on until you rack up all the 60 thousand. A search can be ready-made base. Rumor has it that they are sold (though fairly cheap and totally legal) site, which will be discussed, below. Can you imagine the magnitude, 60k domains and it is only in the zone mail.ru, and yet how much more they are not affected by. Go ahead. Should be brought into the working form, all these lists of domains. To do this, we can use the great feature of this huiza and save the results to output in csv. (Not always possible to save the developers probably somewhere made a mistake). In this case, you can simply select all and paste into excel, is also an option. But to our great regret, the control boxes are shown in the pictures, but when you export from the site, this table simply not there. And because we really want to fuck this list boxes. Having estimated a possible jackpot, he immediately decided that it can be a bit raskashelitsya and buy the program (or, to find alternative solutions). Epochta whois extractor, discounted cost $ 350r (to get a discount 300r, you just post it on any blog post, about what a cool program and provide a support link). Hopefully you've already realized that having a checklist boxes to certain domains, this list can be checked for validity, because for sure with time, many boxes of obsolete and removed. So, find out what the boxes are free, we can easily register them, and restore them access to the domain! And at some abandoned boxes, surely there is a large number of parked and also abandoned domain names that may just waiting for you to become their new owner. The database 1stat.ru, nearly 2.5 million domains! Difficult to imagine how many domains you can take away! And so it went. Account, we have already registered, the list of domain composition. Now we need that same program, whois extractor, with which we grab all the control boxes. It's very simple, paste a list of domains, click the button "start" and then stores the result in a convenient format. Second on the list, this is our most important process, checking all the boxes on employment. For this we use a program FreeMail, which was written by a man nick Zdez Bil Ya (icq 1414351), for which he single respect. It is a pity that the prog is paid, but the prices do not bite, and keeping in mind the ultimate objective, we sacrifice a certain amount still to this very useful in our business software. Loaded from the file list of our boxes. I want to see the list must be only of the names without pristavki@mail.ru. After selecting a zone in which they are going to check again the "start". Well, here it will fall as chip. :) We are waiting for a while, and then rejoice at the result. Oh, believe me, count the free boxes you very happy. And now, a list of email addresses ready and we move on. It remains only to record all cases and to restore access. But to do it hands not our method. What we need everything to be as quick and easy. Actually that's why we found a program Mail.ru Registrator.2.0, which can automate the entire process of registering a large count boxes. What to do after we get access to the control panel domain - everyone's business. But in any case it is necessary to think in advance where to put all these domains and how quickly transfer them to another registrar (not to forget about the new amendment, which commits to provide a scan of the passport). Well, that's all. As you can see, everything is very simple and a bit of endeavor for sure can make good money! In the video, there are programs such as: Excel. Epochta whois extractor www.epochta.ru/products/whois/ (a free alternative, more on that later). FreeMail 1.2 from Zdez Bil Ya (icq 1414351). + Zareganny ACC site 1stat.ru (after registering more provides a list of domains, up to 5000 soon) + software for mass registering boxes (unless of course you want to record all the boxes by hand). Well, all it seems. Simple and tasteful) Where to watch the video: www.youtube.com/watch?v=7e1bi3y0_Pk ---> no sound. Vimeo.com / socialware multi-up.com/194868 spylabs.org / domens.avi PS. A little about alternatives to the program Epochta whois extractor. If you look at the links with pictures email adresses you will see: 1stat.ru/email.php? E = Zm9tNjhAbWFpbC5ydQ == 1stat.ru/email.php? e = ZG9tYWlub2Z0cmFpZGVyc0BtYWlsLnJ1 1stat.ru/email.php? e = YmVybGx5eUBtYWlsLnJ1 So, what after e - email in base64 Decode just : echo base64_decode ('Zm9tNjhAbWFpbC5ydQ =='); And we'll see: fom68@mail.ru Similarly, with other domains ... PPS. Authors GoodGod and morty10. | |
|
| |
| Total comments: 0 | |