Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Partyhack 3.0 - Telegram bugbounty writeup

Avatar for Bo0oM Bo0oM
April 12, 2019
0
4k

Partyhack 3.0 - Telegram bugbounty writeup

Avatar for Bo0oM

Bo0oM

April 12, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Носок на сок
Avatar for Bo0oM bo0om
0
1.7k
Выйди и зайди нормально
Avatar for Bo0oM bo0om
0
70
Защита от вредоносной автоматизации сегодня
Avatar for Bo0oM bo0om
0
570
Defending against automatization using nginx
Avatar for Bo0oM bo0om
0
820
Antibot pitch deck
Avatar for Bo0oM bo0om
0
140
31337
Avatar for Bo0oM bo0om
0
170
Your back is white
Avatar for Bo0oM bo0om
0
350
FTP2RCE
Avatar for Bo0oM bo0om
1
7.4k
Interpret it!
Avatar for Bo0oM bo0om
0
1.1k

Featured

See All Featured
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
248
1.3M
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.1k
A better future with KSS
Avatar for Kyle Neath kneath
238
17k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
35
2.4k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
50
5.5k
Building Applications with DynamoDB
Avatar for Matt Wood mza
95
6.5k
Gamification - CAS2011
Avatar for David Bonilla davidbonilla
81
5.4k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
Designing for humans not robots
Avatar for Tammie Lister tammielis
253
25k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
90
590k
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k

Transcript

  1. Вступление

  2. None
  3. None
  4. None

  5. КАК-ТО МНЕ НУЖНО БЫЛО ПРИДУМАТЬ ТЕМУ ДЛЯ ДОКЛАДА Как я

    телеграм ломал
  6. None
  7. None

  8. https://github.com/Bo0oM/fuzz.txt

  9. https://github.com/Bo0oM/server-status-monitor

  10. None
  11. None
  12. None

  13. https://github.com/telegramdesktop/tdesktop/blob/cc2c13d0182c62dd5a89784a49ec375306 449797/Telegram/SourceFiles/core/crash_report_window.cpp#L506

  14. None
  15. None
  16. None
  17. None
  18. None

  19. Database: tdesktopdbase Table: users [4 columns] +----------+ | Column |

    +----------+ | id | int(11) | | login | | logincrc | | pwdhash | +----------+ Database: tdesktopdbase Table: keyvalue [3 columns] +--------+ | Column | +--------+ | key | | value | | id | +--------+ Database: tdesktopdbase Table: crashes [6 columns] +----------+ | Column | +----------+ | date | | version | | dump | | id | int(11) | | platform | | viewed | +----------+
  20. None
  21. None
  22. None

  23. https://t.me/WebPwn https://twitter.com/i_bo0om