I continue with the 2020 OSINT quiz, this time doing questions for the Soruce & JSON category.
On Monday the sixth of April I made a brief joke about the website onlyfans. The done-to-death funny and original joke was basically “What if onlyfans lived up to its name and was solely dedicated to fans of the ‘air go speedy’ kind?” I then thought “You know what , I could make a twitter bot for this.” And so began my four day journey into insanity, all in the name of a joke that isn’t actually funny. So, the program begins by importing a whole load of stuff. I don’t know what is necessary and what isn’t anymore, but to be honest I don’t want to. Tweepy is the library I use to make requests to the twitter API, requests is used to get the URL of an image from the quant API time is used to wait for a bit, and PIL and IO are used to save images. The code Down below is doing all the basic stuff. I set the name of the image to egg.jpg for no reason other than I wanted the image to have the same name each time. Sometimes the image won’t convert to a jpeg, but if it doesn’t it’ll
Intro Hi all, I'm going to run through this as I do it. That's because, even if it doesn't work on , I don't think this is a bad idea per se. It could work on other sites similar to blogspot that allow you to directly edit HTML and add scripts to a site with external cookies on them. If this comes to an abrupt end, then I'll definitely try some of those. I'm also pretty sure this has limited use see. Idea After seeing some examples of XSS being used to steal sessions. Now XSS is usually used to steal the cookies of someone else's site, but I had a thought - what stops you from stealing other website's cookies on your website, from other websites. For example, if you have a google account cookie on your blog, can you steal that? This has probably been thought of before, and it has probably been thought of. However, I feel like knowing something has been done before, or knowing that it isn't possible, can often get in the way of a good learning experie
So, recently I heard about a virus that exfiltrates data via telegram, and it got me thinking. What if you could use telegram for a reverse shell? What other ways are there which you could do for this? And I feel like I've come up with pretty good answers to each of these questions. Telegram Possibly the only kind of useful thing on this list, the fact that telegram is encrypted end-to end, meaning that is is very difficult to glean info on what is being send to received, the fact that it is a relatively innocuous and widely used messaging app, and the fact that it is relatively anonymous. However, there are some things which make the jobs of blue teams everywhere a little bit easier. It's not completely anonymous, as you need a phone number to sign up, and the phone number needs to be verified. This fact alone would make this a rather silly idea for people in countries that care, because once that sim connects your government gets a decent idea of where you are. However,