Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


Getting Real IP Behind Cloudflare

  • 5 Vote(s) - 4.2 Average


09-20-2012, 11:09 PM #1
Sho0ter Offline MadLeets Vip ******
V.I.P
Posts:87 Threads:14 Joined:Jun 2012 Reputation: 1
Mood: Cool
Getting Real IP Behind Cloudflare

Today i am going to share few methods i have using to find the Real IP behing a Cloudflare.We are going to discuss 4 different methods here.

1-DNS Records And Ping.

For this method we are going to use emillionforum.com as an example.
Code:
emillionforum.com
Using Multiple IP's:173.245.60.62,173.245.60.157
Let us scan this site on network-tools.com.
Code:
IP address: 173.245.60.157
Host name: emillionforum.com

Alias:
emillionforum.com
173.245.60.157 is from United States(US) in region North America

TraceRoute to 173.245.60.157 [emillionforum.com]

Hop    (ms)    (ms)    (ms)             IP Address    Host name
1       35       0       0          206.123.64.42      -  

2       113       124       68          64.124.196.225     xe-4-2-0.er2.dfw2.us.above.net  
3       4       3       2          206.223.118.61     equinix.tge9-3.ar1.dfw1.us.nlayer.net  
4       0       0       1          69.31.63.182     as13335.xe-4-0-5.ar1.dfw1.us.nlayer.net  
5       1       1       2          173.245.60.157     cf-173-245-60-157.cloudflare.com  

Trace complete

Retrieving DNS records for emillionforum.com...
DNS servers
hank.ns.cloudflare.com [173.245.59.116]
ruth.ns.cloudflare.com [173.245.58.143]

Answer records
emillionforum.com        NS    hank.ns.cloudflare.com    86400s
emillionforum.com        TXT    v=spf1 a mx include:websitewelcome.com ~all    300s
emillionforum.com        A    173.245.60.157    300s
emillionforum.com        SOA    
server:    hank.ns.cloudflare.com
email:    [email protected]
serial:    2012031313
refresh:    10000
retry:    2400
expire:    604800
minimum ttl:    3600
    86400s
emillionforum.com        NS    ruth.ns.cloudflare.com    86400s
emillionforum.com        A    173.245.60.62    300s
emillionforum.com        MX    
preference:    0
exchange:    direct-connect.emillionforum.com
    300s
Authority records
Additional records
direct-connect.emillionforum.com        A    174.120.63.195    300s

Here through this scan we got a subdomain of emillionforum.com.
Code:
subdomain:direct-connect.emillionforum.com
Lets ping it and see what happens.
Code:
Pinging direct-connect.emillionforum.com [174.120.63.195] with 32 bytes of data:

Reply from 174.120.63.195: bytes=32 time=367ms TTL=44
Reply from 174.120.63.195: bytes=32 time=367ms TTL=44
Reply from 174.120.63.195: bytes=32 time=365ms TTL=44
Reply from 174.120.63.195: bytes=32 time=364ms TTL=44

Ping statistics for 174.120.63.195:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 364ms, Maximum = 367ms, Average = 365ms
So we got another IP now
Quote:174.120.63.195
Lets reverse this ip and see where it leads us to.
Code:
Found 21 domains hosted on the same web server as 174.120.63.195.
We can see that emillionareforum.com is located on this IP.This is the real IP of emillionareforum.

2-NetCraft Toolbar (Hosting History)

In Some Cases we can also use netcraft toolbar.Here we gonna take ubers.org as an example.
Code:
Code:
http://toolbar.netcraft.com/site_report?url=http://www.ubers.org
It will only work if the site is old and has recently changed to CloudFlare.It is meant to see the "Hosting History" of the scanned site.

Code:
Hosting HistoryNetblock Owner    IP address    OS    Web Server    Last changed
AltusHost Inc.    79.142.78.77    Linux    Apache/2.2.21 Unix mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635    11-Feb-2012
AltusHost Inc.    79.142.78.79    Linux    Apache    19-Jan-2012
AltusHost Inc.    79.142.78.79    Linux    Apache/2.2.21 Unix mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.5 Perl/v5.8.8    7-Jan-2012
AltusHost Inc.    31.3.153.133    Linux    Apache/2.2.21 Unix mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.8    3-Jan-2012
AltusHost Inc.    31.3.153.133    Linux    Apache/2.2.21 Unix mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.3.8    23-Dec-2011
AltusHost Inc.    128.127.110.38    Linux    LiteSpeed    19-Dec-2011
AltusHost Inc.    128.127.110.38    Linux    LiteSpeed    2-Dec-2011

3- Using Fierce v0.9.9
We can also use Fierce v0.9.9 perl script.It wont work everytime but it is worth trying.For more details please check this thread.
Code:
https://blackhats.net/0x0/showthread.php?tid=406&pid=1489#pid1489

4-Nmaping-Hosts
This method i came across while searching but i didn't test personally.
For more details read this thread.
Code:
http://calderonpale.com/blog/nmaping-hosts-behind-cloudflares-service

I hope you enjoyed reading it.
Sho0ter


Sho0ter

09-20-2012, 11:15 PM #2
H4x0rl1f3 Offline Commander In Cheif *******
Administrators
Posts:1,129 Threads:25 Joined:Jun 2012 Reputation: 15
Mood: Stoned
Wonderfull Bro Smiley1

Always Aspect Reward from the Creator and not anyone or anything Created.
For Complaints & Help Contact:- [email protected]
Zone-h
http://zone-h.org/archive/notifier=H4x0rL1f3
I am the orphan of Gaza & Kashmir. Ruins of Iraq,Syria & Palestine Bombarded of Pakistan,Afghanistan, Mali & Yemen Change of Libya and Egypt Discriminated of Bahrain & Turkey Freedom of Earth's paradise and Al-AQSA. I am the hunger stricken child of Somalia, Ethopia, & rest of Africa I am the suffering of each and every single corner of the world. But Listen!!! Hope is what I am!!


09-20-2012, 11:19 PM #3
Pain006 Offline Super Moderator ******
Super Moderators
Posts:575 Threads:28 Joined:Jun 2012 Reputation: 0
Mood: None
Nice
keep it up Biggrinsmiley

09-20-2012, 11:19 PM #4
THE RUDE Offline Respected *****
Respected
Posts:40 Threads:3 Joined:Jun 2012 Reputation: 0
Mood: None
nice Tonguesmiley

09-20-2012, 11:36 PM #5
chaos0000 Offline im NUCleAR BOOm ***
Registered
Posts:169 Threads:16 Joined:Jun 2012 Reputation: 0
Mood: Thinking
very pro work
thx for share
salam

AM PART OF THE CHAOS THEORY
AM CHAOS0000
ChILL OuT

10-10-2012, 12:34 PM #6
jincorn Offline Junior Member **
Registered
Posts:12 Threads:2 Joined:Jun 2012 Reputation: 0
Mood: None
Just add bro Smiley1
So sorry for TM

i am get with the php code..

try this : cloud.php

this is screen shoot:
http://sphotos-c.ak.fbcdn.net/hphotos-ak...7678_n.jpg


Attached Files
.php cloud.php Size: 1.51 KB  Downloads: 56

11-25-2012, 12:14 AM #7
[email protected]___Sql1 Offline Junior Member **
Registered
Posts:29 Threads:3 Joined:Nov 2012 Reputation: 0
Mood: None
Nice TuT brother

12-09-2012, 09:19 PM #8
anon Offline I'm anonymous ***
Registered
Posts:148 Threads:0 Joined:Dec 2012 Reputation: 0
Mood: None
thanx for the nice tut bro Smiley1

anon88

12-26-2012, 12:23 AM #9
[email protected] Offline Posting Freak *****
Registered
Posts:936 Threads:133 Joined:Dec 2012 Reputation: 1
Mood: None
Good Dude



06-07-2013, 05:41 PM #10
hack2012 Offline Member ***
Registered
Posts:51 Threads:0 Joined:Jun 2013 Reputation: 0
Mood: None
for chinese version

http://www.waitalone.cn/how-to-find-the-...-site.html

??????????????--BY?????






Forum Jump:


Users browsing this thread:1 Guest(s)