-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
GBH. dont think this considered "leak" since they are exposed.
Hello. Today i go share exposed webhooks that i managed two find by scraping PSBDMP. At end of my signed message you find just slack webhook URLs and RAR dumps from where webhooks where found.
Take these slack webhooks with a grain salt. when checked if they were still up they display "invalid_payload"
only way to check is to send a curl, or a python request,
curl -X POST -H 'Content-type: application/json' --data '{"text":""}' https://hooks.slack.com/services/SOME_FU...ID_I_THINK
if hookd will return a "no_text" or "missing_text_or_fallback_or_attachments" or "no_team" it mean that webhook is still active. sending empty text does not notify a company or owners of webhook.
"no_service" or "no_active_hooks" = dead webhook.
"invalid_payload" and "invalid_token" means its active.
here is link to there shitty webhook documenation
https://api.slack.com/messaging/webhooks
enjoi!@!
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmiweVaQXQMpuBjaZHyOSe9wawRMFAmajofAACgkQHyOSe9wa
wRM6QRAAiNSLf2zNEYYqqtEgUvAz7EcJ2UFWUNDp5xVy30Q/1jnzHWaB9dFbIrO8
iM3JRcKGz0d/hCS+BRIyesHK02CCks6eZV0NbEhEDnN3INwuJNK1bsBWkPU9MbRs
4mQGgGlhwaeFBFD4rmj7nf+mJME3e+sTFAfhWlt1wODZLP8y0HTm55szwWdfsq89
5EJz01h+Px91ulRC1yKo79EzSrkJGTcXQV3h7gYuL4wIfyowfAbAl09F3nlYYHNC
quQ8gu2BnLYo5XT8S3KK4Q4boBVT2HRX62CqrGsABhN5FWQ0/KgKToxyGtvbpS6j
0JEPRQpBXYhrnyPHqy7oKt4pWDu68sqbDNgof2DTeniNX3ziYPuDad77I1G7cwXR
/ulI5gWrFpHPP3C0WnE5zNRYGUv56VHRh8HmBMY0mQYCYkJkpuNkZExBmqJFGaAu
P0Ngc70IyOtSMFumjwFJ8q8jgYQu1Wp2I13YMjhyhyYFs/ALCnD7Uul6uD1GGCIu
KsoS59yaNAZV5Gwk0iT8Epj5cMW17NyeaBd3fKFuMTSUFImOAB948Mzwufs20Yv6
zfYdG9oN8ojpaBts3VAP6NsWHuz3iT75DyFcG7E6twwsqJ4C9cp2dFPYy8fHs0Uf
BsnrqAP91mo+etHGtOtFOmLAW+dalUCoV/DaBke7T1jr6XVKiWo=
=JWD0
-----END PGP SIGNATURE-----
Slack webhook urls:
Raw PSBDMP dumps:
credits are high to prevent leechers, "cybersec experts" and feds fucking lurking.
EDIT: fuck it. removed credits since they can be searched anyways. enojy
Hash: SHA256
GBH. dont think this considered "leak" since they are exposed.
Hello. Today i go share exposed webhooks that i managed two find by scraping PSBDMP. At end of my signed message you find just slack webhook URLs and RAR dumps from where webhooks where found.
Take these slack webhooks with a grain salt. when checked if they were still up they display "invalid_payload"
only way to check is to send a curl, or a python request,
curl -X POST -H 'Content-type: application/json' --data '{"text":""}' https://hooks.slack.com/services/SOME_FU...ID_I_THINK
if hookd will return a "no_text" or "missing_text_or_fallback_or_attachments" or "no_team" it mean that webhook is still active. sending empty text does not notify a company or owners of webhook.
"no_service" or "no_active_hooks" = dead webhook.
"invalid_payload" and "invalid_token" means its active.
here is link to there shitty webhook documenation
https://api.slack.com/messaging/webhooks
enjoi!@!
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEmiweVaQXQMpuBjaZHyOSe9wawRMFAmajofAACgkQHyOSe9wa
wRM6QRAAiNSLf2zNEYYqqtEgUvAz7EcJ2UFWUNDp5xVy30Q/1jnzHWaB9dFbIrO8
iM3JRcKGz0d/hCS+BRIyesHK02CCks6eZV0NbEhEDnN3INwuJNK1bsBWkPU9MbRs
4mQGgGlhwaeFBFD4rmj7nf+mJME3e+sTFAfhWlt1wODZLP8y0HTm55szwWdfsq89
5EJz01h+Px91ulRC1yKo79EzSrkJGTcXQV3h7gYuL4wIfyowfAbAl09F3nlYYHNC
quQ8gu2BnLYo5XT8S3KK4Q4boBVT2HRX62CqrGsABhN5FWQ0/KgKToxyGtvbpS6j
0JEPRQpBXYhrnyPHqy7oKt4pWDu68sqbDNgof2DTeniNX3ziYPuDad77I1G7cwXR
/ulI5gWrFpHPP3C0WnE5zNRYGUv56VHRh8HmBMY0mQYCYkJkpuNkZExBmqJFGaAu
P0Ngc70IyOtSMFumjwFJ8q8jgYQu1Wp2I13YMjhyhyYFs/ALCnD7Uul6uD1GGCIu
KsoS59yaNAZV5Gwk0iT8Epj5cMW17NyeaBd3fKFuMTSUFImOAB948Mzwufs20Yv6
zfYdG9oN8ojpaBts3VAP6NsWHuz3iT75DyFcG7E6twwsqJ4C9cp2dFPYy8fHs0Uf
BsnrqAP91mo+etHGtOtFOmLAW+dalUCoV/DaBke7T1jr6XVKiWo=
=JWD0
-----END PGP SIGNATURE-----
Slack webhook urls:
Raw PSBDMP dumps:
credits are high to prevent leechers, "cybersec experts" and feds fucking lurking.
EDIT: fuck it. removed credits since they can be searched anyways. enojy
PGP info| https://sebsauvage.net/paste/?64a8f3aac0...5ISu4/ZSw=
All posts/replies will be signed.
All posts/replies will be signed.
