fixed typos & added a closing statement

This commit is contained in:
ae 2024-10-29 19:01:33 +02:00
parent cbc3b761de
commit ab2a5741b3
Signed by: ae
GPG Key ID: 995EFD5C1B532B3E

View File

@ -42,7 +42,7 @@ function saveFile(name, type, data) {
The resulting webpage would display 12/15/18/21/24 input fields for a crypto wallet seed phrases of various lengths. The resulting webpage would display 12/15/18/21/24 input fields for a crypto wallet seed phrases of various lengths.
The scammers were using Telegram as the backend, but didn't apparently care enough to even attempt to hide the API token and chat ID from the source with some obfuscation logic. Telegram also follows a certain logic with the chat IDs (private chats don't have a dash prefix, whereas supergroups and channels have a `-100` prefix) which helps in determining that the data is exfiltrated into a private chat instead of a group. The scammer was using Telegram as the backend, but didn't apparently care enough to even attempt to hide the API token and chat ID from the source with some obfuscation logic. Additionally it's also clear that the data was being exfiltrated into a private chat based on the chat ID format (private chats don't have a dash prefix, whereas supergroups and channels have a `-100` prefix).
```javascript ```javascript
// Add your telegram token,chatid // Add your telegram token,chatid
@ -160,3 +160,5 @@ while True:
send_msg(words, CHAT_ID) send_msg(words, CHAT_ID)
sleep(random.randint(1, 10)) sleep(random.randint(1, 10))
``` ```
In the end I was able to send roughly 10k messages before the scammer revoked the API token. I hope he'll have a fun time trying to sort out the legitimate responses from the ones I sent.