How we made $5000 with this exploit
Vložit
- čas přidán 9. 09. 2024
- Hi, thanks for watching our video about the Sandwich Attack !
In this video we’ll walk you through:
- How did we find the vulnerability ?
- What's a UUIDv1 ?
- The recipe of the Sandwich Attack
- Struggles and mitigations
- The CTF Challenge
LINKS
sandwich.rb:
- github.com/Lup...
More about the Sandwich Attack:
- versprite.com/...
HacktivityCon:
- • Vulnerabilities I've F...
Underscore_:
- • On a reçu le hacker qu...
ABOUT THE CHANNEL
The channel is about cybersecurity. We cover lots of cool stuff such as bug bounty hunting, cool vulnerabilities and breaking stuff for fun !
Follow me on Twitter:
/ 0xlupin
Don’t forget to subscribe !
CREDITS:
Produced By: Lupin & Holmes
Presented by: Roni “Lupin” Carta
Edited by: Gabriel Jardin
Artistic Direction: Amandine “Idnamaa” Kohlmuller
Thumbnail by: Justicia Satria, Amandine “Idnamaa” Kohlmuller
Outro by: Math “blueish” Dumoulin
Directed by: Roni “Lupin” Carta
Written by: Roni “Lupin” Carta
Guest Star: Stök
Inspired by: LiveOverflow, InsiderPHD, Stök, Sylvqin, Versprite
Amazing edit and great content ! Thank you for it
Thanks a lot ! :D
One of the most super simple and super detailed video🔥🔥🔥
Great video!!
Wow you just did a very great work ^^
Waiting for more !
Thank you so much !
The production and edit is too good
Cool vuln, great video! 🔥
super cool find man. it really makes me wonder how something so arbitrary looking like UUID tokens have so much depth and expose attack surface. would never skip over uuids ever again xD.
Thanks a lot for the feedback ! And yes now I check the Version every time haha
Cool video man, found you on twitter, I just subscribed!
Fantastic!
Congratulations and thanks for sharing ;)
Thanks for watching ;)
Thanks for sharing the rb script.. nice one.. like to see similar vids more
Very helpful 😊
Incroyable
can u share how do u ffuf to brute force the UUID.. how do u setup the FUZZ word ??
more videos pls!!
the microphone in the beginning legitimately worried me
I love the jokes that my editor added in this video haha
Awsm such a great learn
Awesome find man
Thanks !
nice videos
Bravo c'est cool comme idée 😁🤌
How did you initially identify the timestamp was from Julien calendar?
My understanding is that UUIDv1 uses the Julien calendar. The version can be determined from the token string.
In the article of VerSprite they actually wrote about it. I just followed the documentation :)
Putain tu me donnes envie de me lancer sur YT en Anglais :).
2:35 ?
*promosm*