#archiveteam-bs 2019-01-25,Fri

↑back Search

Time Nickname Message
00:01 πŸ”— Sk1d has joined #archiveteam-bs
00:04 πŸ”— Pixi has joined #archiveteam-bs
00:07 πŸ”— chimyatta has quit IRC (Read error: Connection reset by peer)
00:09 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
00:11 πŸ”— Sk1d has joined #archiveteam-bs
00:56 πŸ”— VADemon has quit IRC (Quit: left4dead)
00:57 πŸ”— VADemon has joined #archiveteam-bs
01:12 πŸ”— godane we can brute force the mp3s on mp3lizard.com : www.mp3lizard.com/download_2.cfm?id=6856
01:12 πŸ”— godane i figure one you guys can do it
01:13 πŸ”— godane you may also want to download this these pages too so we have metadata : http://www.mp3lizard.com/download.cfm?id=6856
01:13 πŸ”— godane they redirect to mp3 files but wget they don't redirect
01:13 πŸ”— godane so we can the html
01:14 πŸ”— godane *can get
01:25 πŸ”— Somebody2 t3: Yep, not as far as I know.
01:56 πŸ”— VerfiedJ has quit IRC (Quit: Leaving)
02:02 πŸ”— BlueMax has joined #archiveteam-bs
02:19 πŸ”— m007a83 has quit IRC (Read error: Operation timed out)
02:39 πŸ”— m007a83 has joined #archiveteam-bs
02:43 πŸ”— qw3rty115 has joined #archiveteam-bs
02:46 πŸ”— qw3rty114 has quit IRC (Read error: Operation timed out)
03:14 πŸ”— ndiddy has quit IRC (Ping timeout: 252 seconds)
03:14 πŸ”— qw3rty116 has joined #archiveteam-bs
03:16 πŸ”— qw3rty115 has quit IRC (Ping timeout: 600 seconds)
03:29 πŸ”— qw3rty116 has quit IRC (Ping timeout: 600 seconds)
03:29 πŸ”— qw3rty116 has joined #archiveteam-bs
03:43 πŸ”— eientei95 godane: THat's because the server checks if the headers contain 'Referer: http://www.mp3lizard.com/'
03:43 πŸ”— eientei95 Add in the header and you get a 302 `location: http://dl.mp3lizard.com/jonandal/06%2Emp3`
03:45 πŸ”— godane ok
03:45 πŸ”— godane i was only point out what i found
03:45 πŸ”— godane i'm not mirroring it
03:45 πŸ”— godane i have tons of stuff to grab for you guys
03:49 πŸ”— Flashfire Dont have the storage or the bandwith otherwise I would do it
03:50 πŸ”— qw3rty117 has joined #archiveteam-bs
03:50 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
03:53 πŸ”— qw3rty116 has quit IRC (Read error: Operation timed out)
03:54 πŸ”— Sk1d has joined #archiveteam-bs
03:55 πŸ”— qw3rty118 has joined #archiveteam-bs
03:58 πŸ”— qw3rty117 has quit IRC (Read error: Operation timed out)
04:00 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
04:00 πŸ”— qw3rty119 has joined #archiveteam-bs
04:02 πŸ”— Sk1d has joined #archiveteam-bs
04:05 πŸ”— qw3rty118 has quit IRC (Read error: Operation timed out)
04:23 πŸ”— qw3rty111 has joined #archiveteam-bs
04:26 πŸ”— qw3rty119 has quit IRC (Ping timeout: 600 seconds)
04:30 πŸ”— qw3rty112 has joined #archiveteam-bs
04:33 πŸ”— qw3rty111 has quit IRC (Read error: Operation timed out)
04:36 πŸ”— ndiddy has joined #archiveteam-bs
04:37 πŸ”— qw3rty113 has joined #archiveteam-bs
04:39 πŸ”— ndiddy has quit IRC (Client Quit)
04:40 πŸ”— qw3rty112 has quit IRC (Read error: Operation timed out)
04:43 πŸ”— Despatche has quit IRC (Read error: Operation timed out)
04:44 πŸ”— odemgi_ has joined #archiveteam-bs
04:46 πŸ”— odemgi has quit IRC (Ping timeout: 252 seconds)
04:47 πŸ”— odemg has quit IRC (Ping timeout: 265 seconds)
04:59 πŸ”— odemg has joined #archiveteam-bs
05:01 πŸ”— HashbangI has quit IRC (Ping timeout: 960 seconds)
05:04 πŸ”— HashbangI has joined #archiveteam-bs
05:13 πŸ”— Despatche has joined #archiveteam-bs
05:34 πŸ”— wp494 has joined #archiveteam-bs
05:39 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
05:41 πŸ”— wp494_ has quit IRC (Read error: Operation timed out)
05:42 πŸ”— Sk1d has joined #archiveteam-bs
05:46 πŸ”— yano_ has joined #archiveteam-bs
05:46 πŸ”— swebb has quit IRC (Read error: Operation timed out)
05:46 πŸ”— c4rc4s has quit IRC (Read error: Operation timed out)
05:46 πŸ”— Frogging has quit IRC (Read error: Operation timed out)
05:46 πŸ”— Frogging has joined #archiveteam-bs
05:46 πŸ”— simon816 has quit IRC (Ping timeout: 246 seconds)
05:47 πŸ”— fredgido has joined #archiveteam-bs
05:47 πŸ”— svchfoo1 has quit IRC (Read error: Operation timed out)
05:47 πŸ”— frainz has quit IRC (Read error: Operation timed out)
05:47 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
05:47 πŸ”— yano has quit IRC (Read error: Operation timed out)
05:48 πŸ”— swebb has joined #archiveteam-bs
05:48 πŸ”— bithippo has quit IRC (Ping timeout: 246 seconds)
05:48 πŸ”— Petri152 has quit IRC (Ping timeout: 246 seconds)
05:48 πŸ”— JAA has quit IRC (Ping timeout: 246 seconds)
05:49 πŸ”— frainz has joined #archiveteam-bs
05:50 πŸ”— Sk1d has joined #archiveteam-bs
05:50 πŸ”— decay_ has joined #archiveteam-bs
05:52 πŸ”— fredgido_ has quit IRC (Read error: Operation timed out)
05:52 πŸ”— godane has quit IRC (Read error: Operation timed out)
05:52 πŸ”— decay has quit IRC (Ping timeout: 492 seconds)
05:52 πŸ”— decay_ is now known as decay
05:59 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
06:02 πŸ”— Sk1d has joined #archiveteam-bs
06:03 πŸ”— godane has joined #archiveteam-bs
06:46 πŸ”— svchfoo1 has joined #archiveteam-bs
06:46 πŸ”— simon816 has joined #archiveteam-bs
06:46 πŸ”— Petri152 has joined #archiveteam-bs
06:46 πŸ”— c4rc4s has joined #archiveteam-bs
06:47 πŸ”— svchfoo3 sets mode: +o svchfoo1
06:47 πŸ”— JAA has joined #archiveteam-bs
06:48 πŸ”— bakJAA sets mode: +o JAA
06:48 πŸ”— odemg has quit IRC (Ping timeout: 265 seconds)
06:49 πŸ”— odemg has joined #archiveteam-bs
06:53 πŸ”— HashbangI has quit IRC (net_error)
07:01 πŸ”— HashbangI has joined #archiveteam-bs
07:08 πŸ”— wyatt8740 has quit IRC (Read error: Operation timed out)
07:22 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
07:24 πŸ”— Sk1d has joined #archiveteam-bs
08:51 πŸ”— Hani has quit IRC (Read error: Connection reset by peer)
08:52 πŸ”— Hani has joined #archiveteam-bs
09:02 πŸ”— Oddly has joined #archiveteam-bs
09:06 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
09:09 πŸ”— Sk1d has joined #archiveteam-bs
09:13 πŸ”— Despatche has quit IRC (Read error: Operation timed out)
10:31 πŸ”— xLovely has joined #archiveteam-bs
11:04 πŸ”— xLovely has quit IRC (Quit: Leaving)
11:05 πŸ”— xLovely has joined #archiveteam-bs
11:06 πŸ”— xLovely has quit IRC (Client Quit)
11:08 πŸ”— xLovely has joined #archiveteam-bs
11:09 πŸ”— xLovely has quit IRC (Client Quit)
11:09 πŸ”— xLovely has joined #archiveteam-bs
12:00 πŸ”— Oddly has quit IRC (Ping timeout: 259 seconds)
12:08 πŸ”— kiska Kaz: Can I have wedpics-disco please? 15th Feb 2019 is their sunset date
12:22 πŸ”— lindalap has joined #archiveteam-bs
12:24 πŸ”— lindalap Few ArchiveBot requests again, this time new Finnish government agency websites
12:25 πŸ”— lindalap liikennevirasto.fi (Finnish Transport Infrastructure Agency / Liikennevirasto) became vayla.fi (VΓ€ylΓ€virasto)
12:26 πŸ”— lindalap trafi.fi (Finnish Transport Safety Agency) and ficora.fi (Finnish Communications Regulatory Authority) became traficom.fi (TRAFICOM)
12:27 πŸ”— lindalap Previous domains now redirect to the new ones, redirects seem to be working so far.
12:27 πŸ”— lindalap The website designs have also changed.
12:27 πŸ”— lindalap Since 2019-01-01
12:35 πŸ”— kiska JAA: xD
12:35 πŸ”— kiska So it looks like melissakayle2014 = MelissaKayle2014
12:36 πŸ”— kiska And also NTA4MDk3 = nta4mdk3
12:36 πŸ”— JAA (From -ot)
12:36 πŸ”— JAA Oh, I thought the codes were random.
12:36 πŸ”— JAA Well, we're not going to bruteforce 16-char 0-9a-z codes...
12:36 πŸ”— kiska That would be a bad idea
12:37 πŸ”— kiska This is what melissakayle2014 gives https://nta4mdk3.wedpics.com/
12:37 πŸ”— kiska So might be better to brute force the subdomain portion
12:37 πŸ”— Flashfire Could we not brute force it with a modified URLTEAM code?
12:38 πŸ”— Flashfire There’s enough power running their to do some of that work
12:38 πŸ”— kiska Perhaps, but I am not familiar with URLTeam
12:38 πŸ”— JAA Flashfire: You underestimate the size of the [0-9a-z]{16} keyspace.
12:38 πŸ”— kiska s/code
12:38 πŸ”— JAA At 1 million requests per second, it would still take several times as long as the universe is old to cover all of those codes.
12:39 πŸ”— Flashfire JAA maths was never my strong point. Though we could still do a bit of it. Assuming that it starts at single character
12:39 πŸ”— Flashfire Or shelf the stupid idea I suggested at nearly midnight
12:39 πŸ”— JAA kiska: Do all of those "custom names" map to a random code of <= 8 chars?
12:40 πŸ”— kiska invite code "test123" gives "MjgxMDI"
12:40 πŸ”— JAA 8 chars is still pretty damn long though. That's 2.8 trillion combinations.
12:40 πŸ”— kiska Hrm...
12:41 πŸ”— Flashfire Aren’t we doing that with one of the URL team projects anyway?
12:41 πŸ”— JAA No
12:41 πŸ”— JAA Longest is 7 chars.
12:41 πŸ”— Flashfire Alright my iPod is gonna go flat if I don’t plug it in to charge I’ll be back on kayer
12:42 πŸ”— JAA 7 chars of 0-9a-z reduces it to 78 billion combinations, which still takes a long time but is doable.
12:42 πŸ”— kiska Invite "ERICLAURA326" gives urlkey "GE3TQMBXG42A"
12:42 πŸ”— JAA Ew
12:43 πŸ”— kiska Yuck indeed
12:44 πŸ”— kiska Hrm... we may need to run discovery and grab concurrently
12:45 πŸ”— kiska And I doubt that project sonar will have all of those domains as well
12:46 πŸ”— kiska *vomit*
12:46 πŸ”— Darkstar has quit IRC (Ping timeout: 612 seconds)
12:46 πŸ”— kiska Grab code will have to use scrolling...
12:48 πŸ”— kiska I am unsure how its doing the scrolling, network doesn't reveal anything
12:49 πŸ”— kiska Here is the album response: https://pastebin.com/snx3hx8u
12:49 πŸ”— HashbangI has quit IRC (net_error)
12:49 πŸ”— JAA Looks like there's a websocket connection... :-|
12:49 πŸ”— HashbangI has joined #archiveteam-bs
12:50 πŸ”— kiska Hrm I wonder what happens if I block websocket connections...
12:50 πŸ”— JAA This is getting better and better... :-(
12:52 πŸ”— JAA The actual image URLs use a 6-char hex code plus a decimal number up to at least 8 digits. Not bruteforcable either (1677 trillion combinations)...
12:58 πŸ”— kiska JAA: Hrm I suppose wpull might work here
12:58 πŸ”— kiska Or better yet chromebot
13:00 πŸ”— * PurpleSym has been summoned.
13:00 πŸ”— PurpleSym What site are we talking about?
13:00 πŸ”— kiska wedpics
13:00 πŸ”— kiska Eeek! It is a websocket... wss://ws.wedpics.com:8098/ws?wpid=rKv-q_pwQfyCmK1SxJRIzw
13:04 πŸ”— PurpleSym Wait, is this even public stuff?
13:07 πŸ”— kiska Presumably, since all you need is a invite code
13:08 πŸ”— kiska And I'd assume that some of those domains are in project sonar's data set, so it might as well be considered public
13:08 πŸ”— PurpleSym I mean, there’s names and email addresses in there.
13:09 πŸ”— kiska Can you show an example of email addresses? Since I can't find that information on the example invite code I have
13:10 πŸ”— PurpleSym https://nta4mdk3.wedpics.com/weddings/getWedding
13:10 πŸ”— PurpleSym It even got Facebook access tokens?!
13:10 πŸ”— kiska Hrm...
13:13 πŸ”— kiska So in this case we omit getWedding endpoint, as far as I can see that is the only endpoint leaking this information
13:14 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
13:14 πŸ”— Oddly has joined #archiveteam-bs
13:15 πŸ”— kiska Hrm... I am not too sure how to deal with the websocket connection
13:16 πŸ”— PurpleSym There websocket does not seem to be used for album display.
13:17 πŸ”— kiska Yeah are there anymore endpoints that leak personal information? I can filter those out
13:18 πŸ”— PurpleSym I’m checking right now.
13:18 πŸ”— Sk1d has joined #archiveteam-bs
13:18 πŸ”— PurpleSym Definitely https://nta4mdk3.wedpics.com/user/getUsers
13:19 πŸ”— kiska I get this: {"data":"FAILURE"} on that endpoint
13:20 πŸ”— PurpleSym Works with POST only.
13:20 πŸ”— kiska I see...
13:20 πŸ”— kiska Well blocking that endpoint
13:22 πŸ”— PurpleSym Looks like you can essentially enumerate all users with that endpoint :facepalm:
13:24 πŸ”— PurpleSym And you can enumerate all wedding photos using the /media/ids endpoint.
13:30 πŸ”— kiska *sigh* Is this a sign of a badly programmed service?
13:33 πŸ”— PurpleSym This is a sign of privacy desaster.
13:34 πŸ”— kiska Or the person who programmed this, did not do web security 101
13:36 πŸ”— PurpleSym Either way, we should not archive this.
13:36 πŸ”— kiska Alright
13:41 πŸ”— PurpleSym Anyone in here who can assess the impact of the Facebook access token in that data? What information can you access with that?
14:27 πŸ”— JAA Regarding the discussion about bruteforcing track IDs on MP3Lizard: I'm running a wpull for that now. More specifically, for the IDs that weren't already retrieved by my previous crawl. So far, it didn't find anything.
14:33 πŸ”— wp494_ has joined #archiveteam-bs
14:34 πŸ”— JAA Yup, no hidden tracks on that site.
14:36 πŸ”— wp494 has quit IRC (Read error: Operation timed out)
14:40 πŸ”— Oddly has quit IRC (Ping timeout: 255 seconds)
14:56 πŸ”— Kaz kiska: did anyone sort tracker (I'm assuming that's what you meant)
15:02 πŸ”— kiska Actually we decided to not archive wedpics
15:02 πŸ”— kiska So there is no need for a tracker and github repo
15:04 πŸ”— Kaz understood
15:15 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
15:18 πŸ”— Sk1d has joined #archiveteam-bs
15:20 πŸ”— lindalap has quit IRC (Quit: lindalap)
15:20 πŸ”— lindalap has joined #archiveteam-bs
15:22 πŸ”— Darkstar has joined #archiveteam-bs
15:33 πŸ”— lindalap has quit IRC (Quit: lindalap)
15:36 πŸ”— omarroth has joined #archiveteam-bs
15:38 πŸ”— C4K3 has joined #archiveteam-bs
15:38 πŸ”— C4K3 has quit IRC (Connection closed)
15:46 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
15:51 πŸ”— Sk1d has joined #archiveteam-bs
15:53 πŸ”— VerfiedJ has joined #archiveteam-bs
15:57 πŸ”— odemg has quit IRC (Ping timeout: 265 seconds)
16:00 πŸ”— odemg has joined #archiveteam-bs
16:19 πŸ”— yano_ is now known as yano
16:32 πŸ”— Oddly has joined #archiveteam-bs
17:07 πŸ”— Oddly has quit IRC (Ping timeout: 255 seconds)
18:10 πŸ”— LFlare has quit IRC (Quit: The Lounge - https://thelounge.chat)
18:18 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
18:21 πŸ”— Sk1d has joined #archiveteam-bs
18:23 πŸ”— Oddly has joined #archiveteam-bs
18:25 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
18:28 πŸ”— Sk1d has joined #archiveteam-bs
18:35 πŸ”— RichardG has quit IRC (Read error: Connection reset by peer)
18:35 πŸ”— RichardG has joined #archiveteam-bs
18:37 πŸ”— omarroth has quit IRC (Ping timeout: 268 seconds)
18:45 πŸ”— HashbangI has quit IRC (net_error)
18:46 πŸ”— HashbangI has joined #archiveteam-bs
19:22 πŸ”— Kaz https://twitter.com/BBCBreaking/status/1088879270158462976
19:44 πŸ”— odemg has quit IRC (Ping timeout: 265 seconds)
19:45 πŸ”— odemg has joined #archiveteam-bs
19:53 πŸ”— Oddly has quit IRC (Ping timeout: 255 seconds)
20:14 πŸ”— xLovely has quit IRC (Quit: Leaving)
20:57 πŸ”— omarroth has joined #archiveteam-bs
21:00 πŸ”— omarroth has quit IRC (Konversation terminated!)
21:01 πŸ”— Mateon1 has quit IRC (Ping timeout: 360 seconds)
21:01 πŸ”— Mateon1 has joined #archiveteam-bs
21:16 πŸ”— LFlare has joined #archiveteam-bs
21:45 πŸ”— robogoat_ is now known as robogoat
21:53 πŸ”— omarroth has joined #archiveteam-bs
22:17 πŸ”— odemg has quit IRC (Ping timeout: 265 seconds)
22:20 πŸ”— odemg has joined #archiveteam-bs
22:30 πŸ”— omarroth has quit IRC (Read error: Connection reset by peer)
23:28 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
23:31 πŸ”— Sk1d has joined #archiveteam-bs
23:33 πŸ”— wp494 has joined #archiveteam-bs
23:38 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
23:40 πŸ”— Sk1d has joined #archiveteam-bs
23:42 πŸ”— wp494_ has quit IRC (Ping timeout: 615 seconds)
23:46 πŸ”— Sk1d has quit IRC (Read error: Operation timed out)
23:49 πŸ”— Sk1d has joined #archiveteam-bs

irclogger-viewer