Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Partyhack 3.0 - Telegram bugbounty writeup

Bo0oM
April 12, 2019
0
3.8k

Partyhack 3.0 - Telegram bugbounty writeup

Bo0oM

April 12, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Защита от вредоносной автоматизации сегодня
bo0om
0
340
Defending against automatization using nginx
bo0om
0
580
Antibot pitch deck
bo0om
0
78
31337
bo0om
0
66
Your back is white
bo0om
0
170
FTP2RCE
bo0om
0
6.2k
Interpret it!
bo0om
0
960
At Home Among Strangers
bo0om
1
3.2k
2000day in Safari
bo0om
2
1.9k

Featured

See All Featured
Designing Experiences People Love
moore
133
22k
For a Future-Friendly Web
brad_frost
168
8.2k
Fashionably flexible responsive web design (full day workshop)
malarkey
395
64k
Building Adaptive Systems
keathley
29
1.6k
The MySQL Ecosystem @ GitHub 2015
samlambert
240
11k
We Have a Design System, Now What?
morganepeng
40
6.3k
How To Stay Up To Date on Web Technology
chriscoyier
780
250k
Art, The Web, and Tiny UX
lynnandtonic
285
18k
Learning to Love Humans: Emotional Interface Design
aarron
265
38k
Scaling GitHub
holman
455
140k
Why Our Code Smells
bkeepers
PRO
329
56k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k

Transcript

  1. Вступление

    View Slide

  2. View Slide

  3. View Slide

  4. View Slide

  5. КАК-ТО МНЕ
    НУЖНО БЫЛО
    ПРИДУМАТЬ
    ТЕМУ ДЛЯ
    ДОКЛАДА
    Как я
    телеграм
    ломал

    View Slide

  6. View Slide

  7. View Slide

  8. https://github.com/Bo0oM/fuzz.txt

    View Slide

  9. https://github.com/Bo0oM/server-status-monitor

    View Slide

  10. View Slide

  11. View Slide

  12. View Slide

  13. https://github.com/telegramdesktop/tdesktop/blob/cc2c13d0182c62dd5a89784a49ec375306
    449797/Telegram/SourceFiles/core/crash_report_window.cpp#L506

    View Slide

  14. View Slide

  15. View Slide

  16. View Slide

  17. View Slide

  18. View Slide

  19. Database: tdesktopdbase
    Table: users
    [4 columns]
    +----------+
    | Column |
    +----------+
    | id | int(11) |
    | login |
    | logincrc |
    | pwdhash |
    +----------+
    Database: tdesktopdbase
    Table: keyvalue
    [3 columns]
    +--------+
    | Column |
    +--------+
    | key |
    | value |
    | id |
    +--------+
    Database: tdesktopdbase
    Table: crashes
    [6 columns]
    +----------+
    | Column |
    +----------+
    | date |
    | version |
    | dump |
    | id | int(11) |
    | platform |
    | viewed |
    +----------+

    View Slide

  20. View Slide

  21. View Slide

  22. View Slide

  23. https://t.me/WebPwn
    https://twitter.com/i_bo0om

    View Slide