telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)
Type: Information Disclosure
Affected Users, Versions, Devices: All Telegram Users
Still not fixed/unpatched. brute.py is available exploit written under python.
Suppose ali
is hacktivist. His telegram user ID is 21788973
and mobile number is hidden. He lives in pakistan (+92).
We can add any user to contact by phone number. We will add phones numbers from range +92-0000000000
to +92-9999999999
.
So if any number successfully added and that user ID is 21788973
, that's mean ali
number is successfully exposed !
Note: All above information supplied is hypothetical.
Remember, current example range was 9 digits long. We can reduce it more by social engineerring, sim code knowledge, password resets (specially gmail,paypal)... The more low range, the more less time will it take.
This bug been exploited in wild from long. This appreciated us to investigate and open source its exploit for making telegram to patch it soon.
Suppose, we have an telegram victim that number starts with 92313
, ends with 89
and in between there are 5
unknown digits
We will generate all comibnations of number list within range 92313-xxxxx-89
.
Use num_gen.py. It will write numbers to 92313xxxxx89.txt
. Before, must edit following:
92313
5
89
*phone: insert your phone number including country code, without including spaces or +(plus)
*api_id: create app and insert api id. learn more
*api_hash: create app and api hash. learn more
*numlist : the path to your numbers list or wordlist
*username_or_id: insert numeric id or username without @
of victim. Better use kotatogram as it supports showing user id in profile.
use_proxy: Enable or Disable proxy
proxy_server: domain or ip of proxy DNS
proxy_secret: hex encoded secret of proxy that serves as password
proxy_port: numeric port, mostly 443
should_resume: resume capability. whether to start from where numbers left ?
threads: # numbers to be tried on each try, don't increase else won't work
delay: delay in seconds on each try to lower telegram block time interval