Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Partyhack 3.0 - Telegram bugbounty writeup

Avatar for Bo0oM Bo0oM
April 12, 2019
0
4k

Partyhack 3.0 - Telegram bugbounty writeup

Avatar for Bo0oM

Bo0oM

April 12, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Носок на сок
Avatar for Bo0oM bo0om
0
1.7k
Выйди и зайди нормально
Avatar for Bo0oM bo0om
0
67
Защита от вредоносной автоматизации сегодня
Avatar for Bo0oM bo0om
0
570
Defending against automatization using nginx
Avatar for Bo0oM bo0om
0
820
Antibot pitch deck
Avatar for Bo0oM bo0om
0
140
31337
Avatar for Bo0oM bo0om
0
170
Your back is white
Avatar for Bo0oM bo0om
0
350
FTP2RCE
Avatar for Bo0oM bo0om
1
7.4k
Interpret it!
Avatar for Bo0oM bo0om
0
1.1k

Featured

See All Featured
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
299
21k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
130
19k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
53
7.7k
BBQ
Avatar for Matthew Crist matthewcrist
89
9.7k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
31
1.3k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
20
1.3k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
35
2.4k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
251
21k
A better future with KSS
Avatar for Kyle Neath kneath
238
17k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
695
190k

Transcript

  1. Вступление

  2. None
  3. None
  4. None

  5. КАК-ТО МНЕ НУЖНО БЫЛО ПРИДУМАТЬ ТЕМУ ДЛЯ ДОКЛАДА Как я

    телеграм ломал
  6. None
  7. None

  8. https://github.com/Bo0oM/fuzz.txt

  9. https://github.com/Bo0oM/server-status-monitor

  10. None
  11. None
  12. None

  13. https://github.com/telegramdesktop/tdesktop/blob/cc2c13d0182c62dd5a89784a49ec375306 449797/Telegram/SourceFiles/core/crash_report_window.cpp#L506

  14. None
  15. None
  16. None
  17. None
  18. None

  19. Database: tdesktopdbase Table: users [4 columns] +----------+ | Column |

    +----------+ | id | int(11) | | login | | logincrc | | pwdhash | +----------+ Database: tdesktopdbase Table: keyvalue [3 columns] +--------+ | Column | +--------+ | key | | value | | id | +--------+ Database: tdesktopdbase Table: crashes [6 columns] +----------+ | Column | +----------+ | date | | version | | dump | | id | int(11) | | platform | | viewed | +----------+
  20. None
  21. None
  22. None

  23. https://t.me/WebPwn https://twitter.com/i_bo0om