Easy way to get a lot of valid email addresses
In the topic about people vandy , I said that in the wands themselves there may be a list of valid email addresses that can be used for spam, but it is more profitable to use MailAgent's built-in search. This time I decided to check how easy it is to get them from there.
So, as everyone probably knows, MailRu has its own instant messaging network, which consists of users of the company's main service, mail. And MailRu is currently the de facto standard in the choice of mail (although many are now migrating to gmail.com). In other words, this company now has the largest number of business addresses, not counting, perhaps, Contact.
What, in fact, is the essence of the problem: the user’s mailing address is used for authentication as the login and unique identifier. Since there is a contact search function in the protocol (which is quite logical), and there’s an address in the output, then you can easily make a valid email address grabber. And even more - you can do a search by criteria (age, country, gender) and whether the contact is online. By default, mAgent has the option to notify the user when a new letter is received in the mailbox. What do we have as a result? We are looking for people from a certain target audience online, send them spam, they will even receive a notification about a new letter and it is quite likely that they will read it.
')
As for the protocol. Although the specification is there, it has not been updated for a long time. Package MRIM_CS_CHANGE_STATUS changed and became larger. MRIM_CS_LOGIN2 generally increased by several times. It now transmits some undocumented things, including the name of the OS, processor and video card. I remember, not so long ago there were none.
Actually, here is the program . Attention, it is given for informational purposes. Do not use it for its intended purpose. Oh yeah, they always tell me that my code is crooked, and I myself am a fool - I agree with everyone in advance. The program does not provide any abnormal situations such as the fact that someone went to the same account.
And yet, to go to the server, of course, you need an account in MailRu, but use the mail you don’t feel sorry for losing, how does the company react to such jokes.
So, as everyone probably knows, MailRu has its own instant messaging network, which consists of users of the company's main service, mail. And MailRu is currently the de facto standard in the choice of mail (although many are now migrating to gmail.com). In other words, this company now has the largest number of business addresses, not counting, perhaps, Contact.
What, in fact, is the essence of the problem: the user’s mailing address is used for authentication as the login and unique identifier. Since there is a contact search function in the protocol (which is quite logical), and there’s an address in the output, then you can easily make a valid email address grabber. And even more - you can do a search by criteria (age, country, gender) and whether the contact is online. By default, mAgent has the option to notify the user when a new letter is received in the mailbox. What do we have as a result? We are looking for people from a certain target audience online, send them spam, they will even receive a notification about a new letter and it is quite likely that they will read it.
What made
No-no, if I write again “what made the developers bla-bla-bla,” I’ll start repeating myself. I will say it easier, to make the user ID (to send messages through it, and so on) to some unique id, and not to shine someone’s mail at all (people will have to find out - they will ask the other person), the problem would disappear by itself. And note that you could leave the login through the postal address. Yes, yes, I know, "you are the one who is the smartest, and in the MailRu one fools sit without you, of course, they don’t know how correctly."')
What to do with the received addresses
- Spam to send, mostly. Having a real user name (and it is also in the search results, although my program does not issue it), you can make spam / scam more reliable.
- To pobruit on qwerty or the birthday of the user (and he is in the issuance of the search), and we have a working email account with all the correspondence.
The program itself
I wrote on php, no requirements for modules / packages, the main thing is that fsockopen would work. 200 lines, 6 hours of work, including time to study the protocol. Finds ~ 450 addresses per minute.As for the protocol. Although the specification is there, it has not been updated for a long time. Package MRIM_CS_CHANGE_STATUS changed and became larger. MRIM_CS_LOGIN2 generally increased by several times. It now transmits some undocumented things, including the name of the OS, processor and video card. I remember, not so long ago there were none.
Actually, here is the program . Attention, it is given for informational purposes. Do not use it for its intended purpose. Oh yeah, they always tell me that my code is crooked, and I myself am a fool - I agree with everyone in advance. The program does not provide any abnormal situations such as the fact that someone went to the same account.
And yet, to go to the server, of course, you need an account in MailRu, but use the mail you don’t feel sorry for losing, how does the company react to such jokes.
Source: https://habr.com/ru/post/92596/
All Articles