Home Unlabelled Hunting Websockets For Fun And Profit

Hunting Websockets For Fun And Profit

By
04:35
Read
Add Comment


 It's been a while since we have came up with any blogpost. 
So this post will be about how i grabbed every information that was being updated over my organization even after i was removed from the organization.

First let's start with what is WebSockets?
A good explanation can be found here https://pusher.com/websockets

Lets start, As the program is private i cannot share it so i'll be naming it as victim.com and subdomain of the organization as abc.victim.com.

So while doing my normal testing i noticed that while changing any info on abc.victim.com a request is made to WebSockets with the details of the like for example in my case:

https://api.victim.com/ws?account_id=660681&access_token=1055279.rJBikWGAfRCTgrK8xhXeoF7hR5j-kB4SriC3jZOqZH_JapsE2vZ206qKVsS5qPqNntpsBh-nBCDmzQuuepCxKw

 Response for the above WebSocket connection was:

{"action":"update","acting_user_id":null,"object":{"user_connection":{"id":63184,"person_id":175308,"last_active_at":"2016-08-22T06:06:02.651Z"}}}

Apparently after watching the response i though what would happen if the user is removed from the organization would he still able to fetch the data from the organization.

Now the question was what and what not can be extracted from the WebSockets?

The first thing i noticed that the user after getting kicked from the organization is still able to extract/grab every details of changes happening in the organization by connecting to the WebSocket request which we captured earlier.

Example of the response after the user was removed from the organization. 

RECEIVED TEXT: {"action":"update","acting_user_id":null,"object":{"user_connection":{"id":74022,"person_id":205693,"last_active_at":"2016-10-27T17:18:07.603Z"}}}

RECEIVED TEXT: {"logged_in_user_ids":["202510","205693"]}

RECEIVED TEXT: {"action":"destroy","acting_user_id":202510,"object":{"person":{"id":205693,"first_name":"owner","last_name":"owner","email":"myemailhere@gmail.com","login":"enabled","admin":true,"archived":false,"subscribed":true,"avatar_url":"https://secure.gravatar.com/avatar/95a2d6ba3ebdf6f5b5bb56c2306927a8.jpg?s=200\u0026d=https://victim.s3.amazonaws.com/default-avatars/OO.png","teams":[],"updated_at":"2016-10-27T17:17:20.656Z","updated_by_id":null,"site_user_id":null,"max_allocation_per_day":null,"assignment_ids":[]}}}

RECEIVED TEXT: {"action":"destroy","acting_user_id":202510,"object":{"user_connection":{"id":74022,"person_id":205693,"last_active_at":"2016-10-27T17:18:07.000Z"}}}

RECEIVED TEXT: {"action":"update","acting_user_id":202510,"object":{"subscription":{"next_billing_date":"2016-11-16","amount":500,"amount_per_person":500,"receipt_recipient":null,"status":"trial","purchased_people":1,"interval":"monthly","card":null,"address":null,"discount":null}}}

RECEIVED TEXT: {"action":"create","acting_user_id":202510,"object":{"person":{"id":205694,"first_name":"add","last_name":"hacker","email":null,"login":"disabled","admin":true,"archived":false,"subscribed":false,"avatar_url":"https://victim-files.s3.amazonaws.com/default-avatars/AH.png","teams":[],"updated_at":"2016-10-27T17:18:35.489Z","updated_by_id":202510,"site_user_id":null,"max_allocation_per_day":null,"assignment_ids":[]}}}

RECEIVED TEXT: {"action":"update","acting_user_id":202510,"object":{"subscription":{"next_billing_date":"2016-11-16","amount":1000,"amount_per_person":500,"receipt_recipient":null,"status":"trial","purchased_people":2,"interval":"monthly","card":null,"address":null,"discount":null}}}

RECEIVED TEXT: {"action":"update","acting_user_id":202510,"object":{"person":{"id":205694,"first_name":"add","last_name":"hacker1","email":null,"login":"disabled","admin":true,"archived":false,"subscribed":false,"avatar_url":"https://victim-files.s3.amazonaws.com/default-avatars/AH.png","teams":[],"updated_at":"2016-10-27T17:18:59.499Z","updated_by_id":202510,"site_user_id":null,"max_allocation_per_day":null,"assignment_ids":[]}}}

RECEIVED TEXT: {"action":"create","acting_user_id":202510,"object":{"project":{"id":799337,"name":"dada","color":"orange","code":null,"notes":null,"start_date":null,"end_date":null,"site_id":null,"archived":false,"updated_at":"2016-10-27T17:20:11.285Z","updated_by_id":202510,"client_id":398744,"tags":[],"assignment_ids":[],"milestone_ids":[]}}}

RECEIVED TEXT: {"action":"update","acting_user_id":202510,"object":{"project":{"id":799337,"name":"dada","color":"orange","code":null,"notes":null,"start_date":null,"end_date":null,"site_id":null,"archived":false,"updated_at":"2016-10-27T17:20:22.290Z","updated_by_id":202510,"client_id":398744,"tags":[],"assignment_ids":[],"milestone_ids":[]}}}

RECEIVED TEXT: {"action":"update","acting_user_id":202510,"object":{"project":{"id":799337,"name":"dada","color":"orange","code":null,"notes":null,"start_date":null,"end_date":null,"site_id":null,"archived":false,"updated_at":"2016-10-27T17:20:22.290Z","updated_by_id":202510,"client_id":398744,"tags":[],"assignment_ids":[],"milestone_ids":[]}}}

RECEIVED TEXT: {"action":"destroy","acting_user_id":202510,"object":{"person":{"id":205694,"first_name":"add","last_name":"hacker1","email":null,"login":"disabled","admin":true,"archived":false,"subscribed":false,"avatar_url":"https://victim-files.s3.amazonaws.com/default-avatars/AH.png","teams":[],"updated_at":"2016-10-27T17:18:59.499Z","updated_by_id":202510,"site_user_id":null,"max_allocation_per_day":null,"assignment_ids":[]}}}

RECEIVED TEXT: {"action":"update","acting_user_id":202510,"object":{"subscription":{"next_billing_date":"2016-11-16","amount":500,"amount_per_person":500,"receipt_recipient":null,"status":"trial","purchased_people":1,"interval":"monthly","card":null,"address":null,"discount":null}}}

RECEIVED TEXT: {"action":"create","acting_user_id":202510,"object":{"person":{"id":205695,"first_name":"aman","last_name":"dhaker","email":"testmymailforxss@gmail.com","login":"disabled","admin":false,"archived":false,"subscribed":false,"avatar_url":"https://secure.gravatar.com/avatar/95a2d6ba3ebdf6f5b5bb56c2306927a8.jpg?s=200\u0026d=https://victim-files.s3.amazonaws.com/default-avatars/AD.png","teams":[],"updated_at":"2016-10-27T17:20:54.998Z","updated_by_id":202510,"site_user_id":null,"max_allocation_per_day":null,"assignment_ids":[]}}}

RECEIVED TEXT: {"logged_in_user_ids":["202510","205693"]}

RECEIVED TEXT: {"action":"update","acting_user_id":null,"object":{"person":{"id":205695,"first_name":"owner","last_name":"owner","email":"testmymailforxss@gmail.com","login":"enabled","admin":false,"archived":false,"subscribed":false,"avatar_url":"https://secure.gravatar.com/avatar/95a2d6ba3ebdf6f5b5bb56c2306927a8.jpg?s=200\u0026d=https://victim-files.s3.amazonaws.com/default-avatars/OO.png","teams":[],"updated_at":"2016-10-27T17:21:26.586Z","updated_by_id":null,"site_user_id":null,"max_allocation_per_day":null,"assignment_ids":[]}}}

RECEIVED TEXT: {"logged_in_user_ids":["202510","205693","205695"]}

RECEIVED TEXT: {"action":"create","acting_user_id":null,"object":{"user_connection":{"id":74023,"person_id":205695,"last_active_at":"2016-10-27T17:21:36.192Z"}}}

RECEIVED TEXT: {"logged_in_user_ids":["202510","205693","205695"]}

RECEIVED TEXT: {"action":"update","acting_user_id":null,"object":{"user_connection":{"id":74023,"person_id":205695,"last_active_at":"2016-10-27T17:21:57.285Z"}}}

RECEIVED TEXT: {"action":"create","acting_user_id":202510,"object":{"person":{"id":205696,"first_name":"aman","last_name":"dhaker","email":"","login":"disabled","admin":true,"archived":false,"subscribed":false,"avatar_url":"https://victim-files.s3.amazonaws.com/default-avatars/AD.png","teams":[],"updated_at":"2016-10-27T17:22:06.751Z","updated_by_id":202510,"site_user_id":null,"max_allocation_per_day":null,"assignment_ids":[]}}}

RECEIVED TEXT: {"action":"update","acting_user_id":202510,"object":{"subscription":{"next_billing_date":"2016-11-16","amount":1500,"amount_per_person":500,"receipt_recipient":null,"status":"trial","purchased_people":3,"interval":"monthly","card":null,"address":null,"discount":null}}}

I was able to extract details the user email, project details , customer details and contacts 
The good thing i noticed was that i was able to extract those details even when i was on view only permission.

Thanks For Reading.
Cheers
Bugdiscloseguys
Tags :

9 comments:

  1. for this you got $1000 wow congrts leet

    ReplyDelete

  3. Hack and take money directly from any ATM Machine Vault with the use of ATM Programmed Card which runs in automatic mode. email (hydracards63@gmail.com) for how to get it and it cost,and how to also hack credit cards and send the money to your self,we are located around the world, these cards works on any ATM machine and it works according to it's activation.

    ………. EXPLANATION OF HOW THESE CARD WORKS……….

    You just slot in these card into any ATM Machine and it will automatically bring up a MENU of 1st VAULT #1,000, 2nd VAULT #5,000, RE-PROGRAMMED, EXIT, CANCEL. Just click on either of the VAULTS, and it will take you to another SUB-MENU of ALL, OTHERS, EXIT, CANCEL. Just click on others and type in the amount you wish to withdraw from the ATM and you have it cashed instantly… Done.

    ***NOTE: DON’T EVER MAKE THE MISTAKE OF CLICKING THE “ALL” OPTION. BECAUSE IT WILL TAKE OUT ALL THE AMOUNT OF THE SELECTED VAULT. To get the card email (hydracards63@gmail.com)

    ReplyDelete

  5. There is a chance you're eligible to receive a $1,000 Amazon Gift Card.

    ReplyDelete

  6. I DONT KNOW WHAT YOU HAVE BEEN THROUGH OR HOW LONG YOU HAVE BEEN LOOKING BUT THIS IS THE LAST STOP AS THERE IS A HACKER WHO CAN HELP YOU WITH SPY WARE ON YOUR CHEATING PARTNER OR UPGRADE YOUR SCHOOL SCORES OR HELP WITH RESULT AND CLEAR ANY CRIMINAL RECORD..

    HACKING OF FACEBOOK , EMAIL , AND BANK ACCOUNTS ARE HIS SPECIALTY.. EMAIL : GREENFR1007@GMAIL.COM OR SKYPE:SATISH.ANCHAN4

    BEST EVER

    ReplyDelete





  7. شركة نقل عفش من الرياض الى الامارات
    من اهم الشركات التى تقوم باعمال النقل على اعلى مستوى من خلال توفير عدد من الخدمات الاساسية المميزه التى تساعد فى الوصول الى افضل النتائج فى الحفاظ على الاثاث ضد اى تغيرات يتعرض اليها الاثاث فاذا اراد ان تقوم باعمال شركة شحن عفش من الرياض الى الاردن الى اى مكان
    شركة نقل عفش بالرياض عمالة فلبينية

    ReplyDelete

Subscribe to: Post Comments ( Atom )
Powered by Blogger.

Created By Themexpose · Powered by Blogger
All rights reserved