Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Partyhack 3.0 - Telegram bugbounty writeup

Avatar for Bo0oM Bo0oM
April 12, 2019
0
4k

Partyhack 3.0 - Telegram bugbounty writeup

Avatar for Bo0oM

Bo0oM

April 12, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Носок на сок
Avatar for Bo0oM bo0om
0
1.3k
Выйди и зайди нормально
Avatar for Bo0oM bo0om
0
52
Защита от вредоносной автоматизации сегодня
Avatar for Bo0oM bo0om
0
560
Defending against automatization using nginx
Avatar for Bo0oM bo0om
0
800
Antibot pitch deck
Avatar for Bo0oM bo0om
0
130
31337
Avatar for Bo0oM bo0om
0
160
Your back is white
Avatar for Bo0oM bo0om
0
340
FTP2RCE
Avatar for Bo0oM bo0om
1
7.4k
Interpret it!
Avatar for Bo0oM bo0om
0
1.1k

Featured

See All Featured
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
28
3.8k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
329
39k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
49
7.8k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
172
14k
BBQ
Avatar for Matthew Crist matthewcrist
88
9.6k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
245
12k
Fireside Chat
Avatar for paigeccino paigeccino
37
3.4k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
160
15k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
69
4.6k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
38
1.8k

Transcript

  1. Вступление

  2. None
  3. None
  4. None

  5. КАК-ТО МНЕ НУЖНО БЫЛО ПРИДУМАТЬ ТЕМУ ДЛЯ ДОКЛАДА Как я

    телеграм ломал
  6. None
  7. None

  8. https://github.com/Bo0oM/fuzz.txt

  9. https://github.com/Bo0oM/server-status-monitor

  10. None
  11. None
  12. None

  13. https://github.com/telegramdesktop/tdesktop/blob/cc2c13d0182c62dd5a89784a49ec375306 449797/Telegram/SourceFiles/core/crash_report_window.cpp#L506

  14. None
  15. None
  16. None
  17. None
  18. None

  19. Database: tdesktopdbase Table: users [4 columns] +----------+ | Column |

    +----------+ | id | int(11) | | login | | logincrc | | pwdhash | +----------+ Database: tdesktopdbase Table: keyvalue [3 columns] +--------+ | Column | +--------+ | key | | value | | id | +--------+ Database: tdesktopdbase Table: crashes [6 columns] +----------+ | Column | +----------+ | date | | version | | dump | | id | int(11) | | platform | | viewed | +----------+
  20. None
  21. None
  22. None

  23. https://t.me/WebPwn https://twitter.com/i_bo0om