Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.

i-1000th idea to make money online via python-chained sqlmaps!

My i-1000th idea to make money online came to me one morning when playing around with Kali tools and gaining access to stuff I shouldnā€™t have access to. There was a little bit of a moral dilemma that came to play when I thought to myself about the opportunity to see if someoneā€™s password was re-used on other sites when I found 10s 1000s of them in plain text, or create a mailing list to sell like merchandise from lists of 10s 1000s emails on different sites onlineā€¦ but I thought Iā€™d take the whitehat approach and see if I could make people aware of some of their security holes in exchange for the opportunity to sell them security solutions.

#1) Create a pentesting automated script that identifies open databases or other securityĀ holes

Thereā€™s myriad tools that come to mind to make this process easier, but I found some manipulation of sqlmap and scraping bing results in Python using Scrapy that allowed me to index exposed databases heuristically. Iā€™d targetĀ .ca domain names with certain trailing patterns in the Bing results (alas, Google was too tough to scrape and Bing was far easier) using inurl parameters inĀ search.

#2) Penetrate them lightly in a non-offensive manner

Iā€™d save the databases that were penetrated into local files and the resulting logs that had filesize >0 bytes I knew had database names and entry points to find additional info, if I was so inclined.

#3) Scrape contact details for siteā€™s proprietors

Next, I created a like Scrapy script that looked for links on the landing page to other pages on the same domain and scraped email addresses and phone numbers from all associated pages (viaĀ RegEx).

#4) MassĀ mail

MailChimp to the rescue? Iā€™d send them something like ā€˜your database names are ___ ___ ___ but we didnā€™t go any further. Anyone else anywhere on the internet with the same freely available tools would have access to all your saved information, like personally identifiable information of your siteā€™s visitors.ā€™

#5) Package outsourced proactive IT security solutions

Create a landing page, sell packages of dedicated time from IT pros (who would have eventually been located overseas at a bargain) and itā€™sĀ go-time.

#6) Repeat

Then, after go-time, is time to repeat theĀ process.

What kept me from capitalizing on the internet in such a manner? Iā€™d sent an email to my lawyer and said ā€˜exactly how exposed would I be to legal action that would damage me with the above planā€™ and she wrote back ā€˜letā€™s sit down and discuss, but first weā€™d have to work out our retainer feeā€™ and at this point in time I was broke as sinā€Šā€”ā€Šlooking for ways to capitalize on Bing Dorksā€Šā€”ā€Šso I didnā€™t moveĀ forward.

Like what youā€™ve read? Give me a follow and make sure to watch Hackernoon progress as it moves away from Medium into a new and improved platform for stories exactly like (and far better than) thisĀ one!

i-1000th idea to make money online via python-chained sqlmaps! was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.

Publication date
Author
Jarett Dunn
Article source

Disclaimer

The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.

Tags