[00:01] *** Sk1d has joined #archiveteam-bs [00:04] *** Pixi has joined #archiveteam-bs [00:07] *** chimyatta has quit IRC (Read error: Connection reset by peer) [00:09] *** Sk1d has quit IRC (Read error: Operation timed out) [00:11] *** Sk1d has joined #archiveteam-bs [00:56] *** VADemon has quit IRC (Quit: left4dead) [00:57] *** VADemon has joined #archiveteam-bs [01:12] we can brute force the mp3s on mp3lizard.com : www.mp3lizard.com/download_2.cfm?id=6856 [01:12] i figure one you guys can do it [01:13] you may also want to download this these pages too so we have metadata : http://www.mp3lizard.com/download.cfm?id=6856 [01:13] they redirect to mp3 files but wget they don't redirect [01:13] so we can the html [01:14] *can get [01:25] t3: Yep, not as far as I know. [01:56] *** VerfiedJ has quit IRC (Quit: Leaving) [02:02] *** BlueMax has joined #archiveteam-bs [02:19] *** m007a83 has quit IRC (Read error: Operation timed out) [02:39] *** m007a83 has joined #archiveteam-bs [02:43] *** qw3rty115 has joined #archiveteam-bs [02:46] *** qw3rty114 has quit IRC (Read error: Operation timed out) [03:14] *** ndiddy has quit IRC (Ping timeout: 252 seconds) [03:14] *** qw3rty116 has joined #archiveteam-bs [03:16] *** qw3rty115 has quit IRC (Ping timeout: 600 seconds) [03:29] *** qw3rty116 has quit IRC (Ping timeout: 600 seconds) [03:29] *** qw3rty116 has joined #archiveteam-bs [03:43] godane: THat's because the server checks if the headers contain 'Referer: http://www.mp3lizard.com/' [03:43] Add in the header and you get a 302 `location: http://dl.mp3lizard.com/jonandal/06%2Emp3` [03:45] ok [03:45] i was only point out what i found [03:45] i'm not mirroring it [03:45] i have tons of stuff to grab for you guys [03:49] Dont have the storage or the bandwith otherwise I would do it [03:50] *** qw3rty117 has joined #archiveteam-bs [03:50] *** Sk1d has quit IRC (Read error: Operation timed out) [03:53] *** qw3rty116 has quit IRC (Read error: Operation timed out) [03:54] *** Sk1d has joined #archiveteam-bs [03:55] *** qw3rty118 has joined #archiveteam-bs [03:58] *** qw3rty117 has quit IRC (Read error: Operation timed out) [04:00] *** Sk1d has quit IRC (Read error: Operation timed out) [04:00] *** qw3rty119 has joined #archiveteam-bs [04:02] *** Sk1d has joined #archiveteam-bs [04:05] *** qw3rty118 has quit IRC (Read error: Operation timed out) [04:23] *** qw3rty111 has joined #archiveteam-bs [04:26] *** qw3rty119 has quit IRC (Ping timeout: 600 seconds) [04:30] *** qw3rty112 has joined #archiveteam-bs [04:33] *** qw3rty111 has quit IRC (Read error: Operation timed out) [04:36] *** ndiddy has joined #archiveteam-bs [04:37] *** qw3rty113 has joined #archiveteam-bs [04:39] *** ndiddy has quit IRC (Client Quit) [04:40] *** qw3rty112 has quit IRC (Read error: Operation timed out) [04:43] *** Despatche has quit IRC (Read error: Operation timed out) [04:44] *** odemgi_ has joined #archiveteam-bs [04:46] *** odemgi has quit IRC (Ping timeout: 252 seconds) [04:47] *** odemg has quit IRC (Ping timeout: 265 seconds) [04:59] *** odemg has joined #archiveteam-bs [05:01] *** HashbangI has quit IRC (Ping timeout: 960 seconds) [05:04] *** HashbangI has joined #archiveteam-bs [05:13] *** Despatche has joined #archiveteam-bs [05:34] *** wp494 has joined #archiveteam-bs [05:39] *** Sk1d has quit IRC (Read error: Operation timed out) [05:41] *** wp494_ has quit IRC (Read error: Operation timed out) [05:42] *** Sk1d has joined #archiveteam-bs [05:46] *** yano_ has joined #archiveteam-bs [05:46] *** swebb has quit IRC (Read error: Operation timed out) [05:46] *** c4rc4s has quit IRC (Read error: Operation timed out) [05:46] *** Frogging has quit IRC (Read error: Operation timed out) [05:46] *** Frogging has joined #archiveteam-bs [05:46] *** simon816 has quit IRC (Ping timeout: 246 seconds) [05:47] *** fredgido has joined #archiveteam-bs [05:47] *** svchfoo1 has quit IRC (Read error: Operation timed out) [05:47] *** frainz has quit IRC (Read error: Operation timed out) [05:47] *** Sk1d has quit IRC (Read error: Operation timed out) [05:47] *** yano has quit IRC (Read error: Operation timed out) [05:48] *** swebb has joined #archiveteam-bs [05:48] *** bithippo has quit IRC (Ping timeout: 246 seconds) [05:48] *** Petri152 has quit IRC (Ping timeout: 246 seconds) [05:48] *** JAA has quit IRC (Ping timeout: 246 seconds) [05:49] *** frainz has joined #archiveteam-bs [05:50] *** Sk1d has joined #archiveteam-bs [05:50] *** decay_ has joined #archiveteam-bs [05:52] *** fredgido_ has quit IRC (Read error: Operation timed out) [05:52] *** godane has quit IRC (Read error: Operation timed out) [05:52] *** decay has quit IRC (Ping timeout: 492 seconds) [05:52] *** decay_ is now known as decay [05:59] *** Sk1d has quit IRC (Read error: Operation timed out) [06:02] *** Sk1d has joined #archiveteam-bs [06:03] *** godane has joined #archiveteam-bs [06:46] *** svchfoo1 has joined #archiveteam-bs [06:46] *** simon816 has joined #archiveteam-bs [06:46] *** Petri152 has joined #archiveteam-bs [06:46] *** c4rc4s has joined #archiveteam-bs [06:47] *** svchfoo3 sets mode: +o svchfoo1 [06:47] *** JAA has joined #archiveteam-bs [06:48] *** bakJAA sets mode: +o JAA [06:48] *** odemg has quit IRC (Ping timeout: 265 seconds) [06:49] *** odemg has joined #archiveteam-bs [06:53] *** HashbangI has quit IRC (net_error) [07:01] *** HashbangI has joined #archiveteam-bs [07:08] *** wyatt8740 has quit IRC (Read error: Operation timed out) [07:22] *** Sk1d has quit IRC (Read error: Operation timed out) [07:24] *** Sk1d has joined #archiveteam-bs [08:51] *** Hani has quit IRC (Read error: Connection reset by peer) [08:52] *** Hani has joined #archiveteam-bs [09:02] *** Oddly has joined #archiveteam-bs [09:06] *** Sk1d has quit IRC (Read error: Operation timed out) [09:09] *** Sk1d has joined #archiveteam-bs [09:13] *** Despatche has quit IRC (Read error: Operation timed out) [10:31] *** xLovely has joined #archiveteam-bs [11:04] *** xLovely has quit IRC (Quit: Leaving) [11:05] *** xLovely has joined #archiveteam-bs [11:06] *** xLovely has quit IRC (Client Quit) [11:08] *** xLovely has joined #archiveteam-bs [11:09] *** xLovely has quit IRC (Client Quit) [11:09] *** xLovely has joined #archiveteam-bs [12:00] *** Oddly has quit IRC (Ping timeout: 259 seconds) [12:08] Kaz: Can I have wedpics-disco please? 15th Feb 2019 is their sunset date [12:22] *** lindalap has joined #archiveteam-bs [12:24] Few ArchiveBot requests again, this time new Finnish government agency websites [12:25] liikennevirasto.fi (Finnish Transport Infrastructure Agency / Liikennevirasto) became vayla.fi (Väylävirasto) [12:26] trafi.fi (Finnish Transport Safety Agency) and ficora.fi (Finnish Communications Regulatory Authority) became traficom.fi (TRAFICOM) [12:27] Previous domains now redirect to the new ones, redirects seem to be working so far. [12:27] The website designs have also changed. [12:27] Since 2019-01-01 [12:35] JAA: xD [12:35] So it looks like melissakayle2014 = MelissaKayle2014 [12:36] And also NTA4MDk3 = nta4mdk3 [12:36] (From -ot) [12:36] Oh, I thought the codes were random. [12:36] Well, we're not going to bruteforce 16-char 0-9a-z codes... [12:36] That would be a bad idea [12:37] This is what melissakayle2014 gives https://nta4mdk3.wedpics.com/ [12:37] So might be better to brute force the subdomain portion [12:37] Could we not brute force it with a modified URLTEAM code? [12:38] There’s enough power running their to do some of that work [12:38] Perhaps, but I am not familiar with URLTeam [12:38] Flashfire: You underestimate the size of the [0-9a-z]{16} keyspace. [12:38] s/code [12:38] At 1 million requests per second, it would still take several times as long as the universe is old to cover all of those codes. [12:39] JAA maths was never my strong point. Though we could still do a bit of it. Assuming that it starts at single character [12:39] Or shelf the stupid idea I suggested at nearly midnight [12:39] kiska: Do all of those "custom names" map to a random code of <= 8 chars? [12:40] invite code "test123" gives "MjgxMDI" [12:40] 8 chars is still pretty damn long though. That's 2.8 trillion combinations. [12:40] Hrm... [12:41] Aren’t we doing that with one of the URL team projects anyway? [12:41] No [12:41] Longest is 7 chars. [12:41] Alright my iPod is gonna go flat if I don’t plug it in to charge I’ll be back on kayer [12:42] 7 chars of 0-9a-z reduces it to 78 billion combinations, which still takes a long time but is doable. [12:42] Invite "ERICLAURA326" gives urlkey "GE3TQMBXG42A" [12:42] Ew [12:43] Yuck indeed [12:44] Hrm... we may need to run discovery and grab concurrently [12:45] And I doubt that project sonar will have all of those domains as well [12:46] *vomit* [12:46] *** Darkstar has quit IRC (Ping timeout: 612 seconds) [12:46] Grab code will have to use scrolling... [12:48] I am unsure how its doing the scrolling, network doesn't reveal anything [12:49] Here is the album response: https://pastebin.com/snx3hx8u [12:49] *** HashbangI has quit IRC (net_error) [12:49] Looks like there's a websocket connection... :-| [12:49] *** HashbangI has joined #archiveteam-bs [12:50] Hrm I wonder what happens if I block websocket connections... [12:50] This is getting better and better... :-( [12:52] The actual image URLs use a 6-char hex code plus a decimal number up to at least 8 digits. Not bruteforcable either (1677 trillion combinations)... [12:58] JAA: Hrm I suppose wpull might work here [12:58] Or better yet chromebot [13:00] * PurpleSym has been summoned. [13:00] What site are we talking about? [13:00] wedpics [13:00] Eeek! It is a websocket... wss://ws.wedpics.com:8098/ws?wpid=rKv-q_pwQfyCmK1SxJRIzw [13:04] Wait, is this even public stuff? [13:07] Presumably, since all you need is a invite code [13:08] And I'd assume that some of those domains are in project sonar's data set, so it might as well be considered public [13:08] I mean, there’s names and email addresses in there. [13:09] Can you show an example of email addresses? Since I can't find that information on the example invite code I have [13:10] https://nta4mdk3.wedpics.com/weddings/getWedding [13:10] It even got Facebook access tokens?! [13:10] Hrm... [13:13] So in this case we omit getWedding endpoint, as far as I can see that is the only endpoint leaking this information [13:14] *** Sk1d has quit IRC (Read error: Operation timed out) [13:14] *** Oddly has joined #archiveteam-bs [13:15] Hrm... I am not too sure how to deal with the websocket connection [13:16] There websocket does not seem to be used for album display. [13:17] Yeah are there anymore endpoints that leak personal information? I can filter those out [13:18] I’m checking right now. [13:18] *** Sk1d has joined #archiveteam-bs [13:18] Definitely https://nta4mdk3.wedpics.com/user/getUsers [13:19] I get this: {"data":"FAILURE"} on that endpoint [13:20] Works with POST only. [13:20] I see... [13:20] Well blocking that endpoint [13:22] Looks like you can essentially enumerate all users with that endpoint :facepalm: [13:24] And you can enumerate all wedding photos using the /media/ids endpoint. [13:30] *sigh* Is this a sign of a badly programmed service? [13:33] This is a sign of privacy desaster. [13:34] Or the person who programmed this, did not do web security 101 [13:36] Either way, we should not archive this. [13:36] Alright [13:41] Anyone in here who can assess the impact of the Facebook access token in that data? What information can you access with that? [14:27] Regarding the discussion about bruteforcing track IDs on MP3Lizard: I'm running a wpull for that now. More specifically, for the IDs that weren't already retrieved by my previous crawl. So far, it didn't find anything. [14:33] *** wp494_ has joined #archiveteam-bs [14:34] Yup, no hidden tracks on that site. [14:36] *** wp494 has quit IRC (Read error: Operation timed out) [14:40] *** Oddly has quit IRC (Ping timeout: 255 seconds) [14:56] kiska: did anyone sort tracker (I'm assuming that's what you meant) [15:02] Actually we decided to not archive wedpics [15:02] So there is no need for a tracker and github repo [15:04] understood [15:15] *** Sk1d has quit IRC (Read error: Operation timed out) [15:18] *** Sk1d has joined #archiveteam-bs [15:20] *** lindalap has quit IRC (Quit: lindalap) [15:20] *** lindalap has joined #archiveteam-bs [15:22] *** Darkstar has joined #archiveteam-bs [15:33] *** lindalap has quit IRC (Quit: lindalap) [15:36] *** omarroth has joined #archiveteam-bs [15:38] *** C4K3 has joined #archiveteam-bs [15:38] *** C4K3 has quit IRC (Connection closed) [15:46] *** Sk1d has quit IRC (Read error: Operation timed out) [15:51] *** Sk1d has joined #archiveteam-bs [15:53] *** VerfiedJ has joined #archiveteam-bs [15:57] *** odemg has quit IRC (Ping timeout: 265 seconds) [16:00] *** odemg has joined #archiveteam-bs [16:19] *** yano_ is now known as yano [16:32] *** Oddly has joined #archiveteam-bs [17:07] *** Oddly has quit IRC (Ping timeout: 255 seconds) [18:10] *** LFlare has quit IRC (Quit: The Lounge - https://thelounge.chat) [18:18] *** Sk1d has quit IRC (Read error: Operation timed out) [18:21] *** Sk1d has joined #archiveteam-bs [18:23] *** Oddly has joined #archiveteam-bs [18:25] *** Sk1d has quit IRC (Read error: Operation timed out) [18:28] *** Sk1d has joined #archiveteam-bs [18:35] *** RichardG has quit IRC (Read error: Connection reset by peer) [18:35] *** RichardG has joined #archiveteam-bs [18:37] *** omarroth has quit IRC (Ping timeout: 268 seconds) [18:45] *** HashbangI has quit IRC (net_error) [18:46] *** HashbangI has joined #archiveteam-bs [19:22] https://twitter.com/BBCBreaking/status/1088879270158462976 [19:44] *** odemg has quit IRC (Ping timeout: 265 seconds) [19:45] *** odemg has joined #archiveteam-bs [19:53] *** Oddly has quit IRC (Ping timeout: 255 seconds) [20:14] *** xLovely has quit IRC (Quit: Leaving) [20:57] *** omarroth has joined #archiveteam-bs [21:00] *** omarroth has quit IRC (Konversation terminated!) [21:01] *** Mateon1 has quit IRC (Ping timeout: 360 seconds) [21:01] *** Mateon1 has joined #archiveteam-bs [21:16] *** LFlare has joined #archiveteam-bs [21:45] *** robogoat_ is now known as robogoat [21:53] *** omarroth has joined #archiveteam-bs [22:17] *** odemg has quit IRC (Ping timeout: 265 seconds) [22:20] *** odemg has joined #archiveteam-bs [22:30] *** omarroth has quit IRC (Read error: Connection reset by peer) [23:28] *** Sk1d has quit IRC (Read error: Operation timed out) [23:31] *** Sk1d has joined #archiveteam-bs [23:33] *** wp494 has joined #archiveteam-bs [23:38] *** Sk1d has quit IRC (Read error: Operation timed out) [23:40] *** Sk1d has joined #archiveteam-bs [23:42] *** wp494_ has quit IRC (Ping timeout: 615 seconds) [23:46] *** Sk1d has quit IRC (Read error: Operation timed out) [23:49] *** Sk1d has joined #archiveteam-bs