Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
US Caller ID Lookup
Posted by: PaPPy
Date: July 28, 2011 07:52PM

So I came across a Twitter post from Kevin Mitnick
https://twitter.com/#!/kevinmitnick/status/96331122321006592
"Wow! ATT gives out your information to anyone. Check it out: http://tnid.us"

So tnid.us allows you to put in a cellphone number and it will give you the corresponding Caller ID information.(and some other info)

Well I noticed that they had no automation protection (other than the caller ID is in a simple image, but OCR software reads it easy).

So I put together this PHP script (on windows, with OCR software to install in comments of script). http://bitly.com/nXcfPd

That should look up ~2,335,999,708 possible telephone numbers and save the number and caller ID to a database.

After looking around on the internet, it looks like more than 200 requests will get your IP banned from the site.

So that means to fetch all 2.3b results you will need 11,679,999 IP addresses.

As I dont have access to a botnet, I figured I would publish the script.

Glad it only took me a few minutes to put it together.

Enjoy!

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: US Caller ID Lookup
Posted by: PaPPy
Date: January 13, 2012 08:31AM

I know this is an old post, but here is some break downs




7,889,999,999 possibilities (no exclusions from 2010000000 - 9899999999)

divide by 199 attempts a day

39,648,242 days require to check all

divide by 365 days

108,626 years to complete




3,270,000,461 possibilities (according to possibilities on their website. excludes non available area codes)

divide by 199 attempts a day

16,432,164 days required to check all

divide by 365 days

45,020 years to complete



2,335,999,708 possibilities (according to wikipedia)

divide by 199 attempts a day

11,738,692 days required to check all

divide by 365 days

32,161 years to complete


So even if you had access to the largest botnet (conficker) which was estimated at 1mil to 10 mil, it would still take you a while to complete

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote
Re: US Caller ID Lookup
Posted by: Skyphire
Date: January 13, 2012 08:21PM

Unless you can spoof it, the application probably doesn't look if the IP is real. It's a pity it doesn't run NGINX, otherwise you might spoof by using it's own server IP.

Options: ReplyQuote
Re: US Caller ID Lookup
Posted by: PaPPy
Date: May 25, 2012 04:13PM

Looks like someone beat me to the punch: http://tndb.us/

http://www.xssed.com/archive/author=PaPPy/

Options: ReplyQuote


Sorry, only registered users may post in this forum.