Share this page!

Corben Leo Profile picture
Twitter logo
Dec 31, 2022 12 tweets 3 min read
My favorite hacking stories of 2022:
1/ Hacking a Trans-Atlantic cable.

2/ Hacking a gaming company:

3/ Breaking down Uber's hack:

4/ Hacking a phone company to view the call logs of 50M users:

5/ Gaining access to information on 25k employees:

6/ A ridiculous authorization bypass:

7/ Hacking a phone system:

8/ Gaining access to employee data of a telecom company:

9/ Hacking my way into an Air Force database:

10/ Gaining access to 300+ military file servers:

I'll be back to share more stories in 2023!

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Corben Leo

Corben Leo Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @hacker_

Corben Leo Profile picture
Nov 25, 2022
I hacked a phone company earlier last year.

I found a stupidly simple way to view the call logs of 50M customers.

Here's how I did it:
1/ I've been in this bug bounty program for quite some time.

I previously bought a phone plan so I could login and test functionality as an authenticated user.

In the dashboard, there was a tab to view your call logs.
2/ The URL contained a parameter called "subscriberId".

It contained a numerical ID, so obviously I tried to change it to another users.

Unfortunately, it didn't work.
Read 8 tweets
Corben Leo Profile picture
Sep 29, 2022
I hacked a gaming company this year.

Here's how I did it:
1/ The scope of this program was *.███.com

With a wildcard, basic recon is:

Subdomain Enumeration + HTTP server probing:

$ subfinder -d example[dot]com | httpx -o example.httpx
2/ HTTPX gave me 300 web-servers to target.

One stuck out to me:

hxxps://rendering-prd.redacted[.]com

"rendering" stuck out to me. Why?

Render means to "process information". Often to another format.

With web apps, it's typically HTML to another format.
Read 16 tweets
Corben Leo Profile picture
Sep 16, 2022
Uber was hacked.

The hacker social engineered an employee -> logged into the VPN and scanned their intranet. 👇
Apparently there was an internal network share that contained powershell scripts...

"One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite"
*allegedly hacked
Read 7 tweets
Corben Leo Profile picture
May 23, 2022
Information is key.

What sort of information could be in an Airforce Database?

Who would get hurt by that data?

Who would it benefit?

5 years ago, 17-year-old me easily gained access to an Air Force database.

Legally, through hackerone.com/deptofdefense

Here's how I did it:
1/ Back then, I practiced in the DoD's Vulnerability Disclosure Program (VDP).

This time, I was looking at the Airforce subdomains.

I decided to look for sites running PHP.

To do this, I used Google.

So, if you use Google, you should know about
2/ Google Dorks

If you don't, learn about them!

Look up "google dork cheatsheet"

Anyways,

I looked up:

site:*.af.mil + ext:php

and

site:.af.mil + filetype:php

and
Read 10 tweets
Corben Leo Profile picture
May 3, 2022
How you can learn to hack web3 (and protect millions of dollars):
1/
 Become a dev (to break you must understand):

• Read "Mastering Ethereum" (It's on GitHub)
• Learn Solidity:
• CryptoZombies
• solidity-by-example[.]org
• Solidity Docs
• Learn how to use HardHat
• Familiarize yourself with widely used contracts (EIP 20)
2/
 • Do these challenges:
• Ethernaut
• Capture the Ether
• Damn Vulnerable DeFi
• Read writeups & postmortems
• Do some CTF's (ex: @paradigm's)
Read 4 tweets
Corben Leo Profile picture
Apr 29, 2022
It's easy to find attack surfaces that others haven't.

You just need to think creatively.

"But Corben, I don't know how!"

That's what I'm here for.

I'll share some simple methodology that works.

(so you can find vulnerabilities...and make money)

A story:
1/ I went to Shodan.

Searched for my target with the SSL certificate name filter:

> ssl.cert.subject\.cn:*.example[.]com

I came across a server that had a certificate for:

"*.apps.███\.com"

Interesting.

When I see wildcards, I immediately think that the server
2/ Is an ingress endpoint.

Think load balancer: routing hostnames (via the Host header) to their respective microservice.

Still confused?

Here.

Think of it as a magic door at a hotel:

• The door (load-balancer) has a list of names
• You tell the door your name and
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(