Open source windows vcard editor3/31/2023 ![]() ![]() 149 cell phone numbers matched to real names.Hundreds of profiles with pictures of real people.Numbers to Names Conclusion Messaging App I’ll have to figure out a way to capture the requests and pull out the name – phone number pairs or see if there’s an API to pull this information from directly. After the initial import, the app stopped showing these messages in the “Add Contacts” area. 751 of my contacts were found to be on the service and, of those, 149 different numbers showed the “In your phone contacts as *phone number*” message. The Messenger app also started matching up phone numbers to actual names! While not all of the profile names were accurate, a large number of them seemed to be real names with profile pictures. ![]() As expected, a large number of my contacts were confirmed to be on the service. The final messenger app I tried was Facebook Messenger. This doesn’t give us a direct correlation with their identity but it confirms a large number of valid cell phone numbers and profile pictures that can be cross-referenced against other open source intelligence resources. Again, some of the phone numbers had real pictures and profiles associated with their accounts. After importing my contacts, the app showed that 1492 of my contacts were valid. WhatsApp had similar results to Telegram but with a much larger portion of my contacts. While this doesn’t directly give us their true identity, it can help when continuing searches with tools such as Maltego or Intel Techniques’ resources. Some of these had profile pictures with the person’s real face. In total, 35 Telegram accounts were shown in the app. Almost immediately after giving access to my contacts, I started getting messages about which phone numbers were on Telegram. I had trouble receiving the confirmation text message but the automated call came through without a problem. Overall, I found 31 Signal accounts in this cell phone block. However, when I went to start a new message in Signal, the valid numbers showed up at the top of the Signal Messenger contacts list. I did not receive messages for every valid Signal account in my Android contacts list. Within a few minutes, messages started showing up telling me different contacts were on Signal. for i in do echo -e "BEGIN:VCARD\r\nVERSION:2.1\r\nN:$i 200 704 \r\nFN:704 200$i\r\nTEL CELL:704200i\r\nEND:VCARD\r\n" > 704200.vcf doneĪndroid imported the contacts after opening the VCard file and I was ready to start going through the messaging apps. I then created a Bash one-liner to iterate through all possible numbers in a block and output them to a VCard file. I exported a contact from my phone and opened the VCard file (.vcf) in a text editor to see what kind of format I would need. Once I had chosen an area code and prefix, the final part of setup was to create a VCard file with all possible phone numbers in the suffix block. This site also provided a list of phone number prefixes for each area code. I found that the site would show the carrier without having to pay for the results. A lot of the reverse phone number lookup sites were a waste of time and would not verify the carrier associated with the number. Next, I needed a block of phone numbers that would largely contain cell phones. To receive confirmation messages, I set up text message and phone call forwarding on Twilio to my cell phone. I chose to go with a Twilio number since it would be easier to generate extra phone numbers as necessary. My remaining options were to buy a cheap sim card, set up a Google Voice number, or set up a Twilio phone number. ![]() I had tried to use a free throw-away SMS site in the past but the confirmation text never came through. During Signal account creation, I knew that a text message confirmation would be required before I would be given a valid account. ISOs for the operating system can be found at. To avoid filling up the contacts on my phone, I set up an Android x86 ISO in VirtualBox. This got me to thinking: if I had every phone number in a block in my contacts, could I start mapping every Signal user? Also, would this work for other messaging services? Virtual Machine Setup I didn’t realize I still had his number in my contacts. When I reinstalled Signal, I went through all of the “*phone number* is on Signal!” messages and found that a friend I hadn’t spoken to in a while was on the list. While researching a different subject, I stumbled across a way to correlate cell phone numbers with real people using Facebook Messenger. One piece of information that can be difficult to find is employee cell phone numbers. During red team engagements, we try to gather information about our targets as quietly as possible. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |