And the biggest question that all of that raises and stays unaddressed is how a US official and regulated gambling website is developped and probably operated directly from China?
Meaning all PII (name, address , id scans, ip, ...) are available to Chinese individuals.
The argument that the dev website is just developped in China doesn't hold as you can see that the prod admin panel is also partially in Chinese.
And what to say about the admin that is really using 123456 as password in production...
xraystyle 101 days ago [-]
What's this 'subs' command being run to enumerate subdomains?
bauruine 101 days ago [-]
Not sure what it is but certificate transparency logs are a goldmine for this.
"CONTEXT: PL/pgSQL function web_apis(text,text[],text[]) line 4671 at FOR over EXECUTE statement
ERROR: server conn crashed?"
May be pushing a bit too hard on their postgres-rest ?
xraystyle 101 days ago [-]
That's interesting. Suppose it doesn't do you any good if you're looking for subdomains that don't have certs though.
jweather 99 days ago [-]
Not familiar with that one, but two that come with Kali use search engines to locate subdomains. Your DNS server would have to be pretty misconfigured to allow zone transfers to the general public, which would be the only way to discover a truly "unlisted" subdomain.
gs17 101 days ago [-]
I suspect it's a bespoke script. The first use outputs "[domain] -> [ip]", the second use outputs "[domain] [http code] [?] [size?] [title] [info]".
perrysmith 101 days ago [-]
I was wondering the same thing. Ran to my Kali instance and tried it out lol
xraystyle 101 days ago [-]
So is it a thing in security distros? Is there a github for it?
perrysmith 100 days ago [-]
[dead]
uncivilized 101 days ago [-]
This was a really great read. Thanks for sharing.
Rendered at 14:29:11 GMT+0000 (Coordinated Universal Time) with Vercel.
Meaning all PII (name, address , id scans, ip, ...) are available to Chinese individuals.
The argument that the dev website is just developped in China doesn't hold as you can see that the prod admin panel is also partially in Chinese.
And what to say about the admin that is really using 123456 as password in production...
https://crt.sh/?q=liuxinyi1.cn
"CONTEXT: PL/pgSQL function web_apis(text,text[],text[]) line 4671 at FOR over EXECUTE statement ERROR: server conn crashed?"
May be pushing a bit too hard on their postgres-rest ?