Posted May 28, 20169 yr Hey, I was wondering if anyone here knew how to get passed cloudflare? I'm aware you can just get the original main IP, but that thing is hidden away. Even when trying to bypass it using subdomains.
May 29, 20169 yr Depending on what software the server is running, there could be exploits, e.g. if they got some forum software where you can set your avatar by url, the server will connect to it and it could reveal the actual server ip. If they got a https image proxy, post an image, the server will crawl it as well. I saw a lot people who fail to setup cf properly, so you can still get the IP with a mail / other subdomain dns entry, but i guess this wont be the case here, like you said
May 29, 20169 yr Author Some people make it sound so easy. They brag about being able to bypass the cloudflare and accessing the main server with ease.
May 29, 20169 yr 4 hours ago, evo85 said: Some people make it sound so easy. They brag about being able to bypass the cloudflare and accessing the main server with ease. I wasn't bragging, I just told you the methods you COULD do to obtain the real server ip. If you would provide us the site URL i could tell you what you could do there, as it really depends on the target, what software it is running, how it is configured etc.
May 29, 20169 yr Author Ah, I was not refering to you at all. I was talking about other members/social media when I would google this topic.
June 12, 20169 yr A few main ways I do it: direct.site.com - this used to by default go to the original IP, many people forgot to remove it, cloudflare eventually caught onto this and change it, but if it's a site that's been using CF for a while they might still have this problem. Try looking for the mail server, dig site.com mx Check for non-plain-HTTP services like game servers, websocket servers, video or audio streams, etc, and see if any of those IPs work Look for external grabbers, things that will download images from your own server for example Figure out what provider they use, if they mention it somewhere, then blast their whole provider's subnet scanning until you find their webpage showing up when you send their host header - this won't work if the admins actually configure to only allow CF IPs but many don't bother Check if the site is on CloudFlare Watch and check for historical IPs on domaintools, etc if all else fails, there are several tools available which can be used to bruteforce DNS to find hidden subdomains, which might often reveal an original IP
March 29, 20187 yr https://medium.com/secure-hacker/bypass-cloudflare-protection-get-subdomains-ofa-website-2cb1d749c510 Try it
Create an account or sign in to comment