webmedium
Форум предсказателей (Prediction Forum)
hackerlab
Task: Flask forum with UUID v1-based password generation and public profile endpoint exposing user timestamps. Solution: Extracted admin creation timestamp from public profile, reconstructed password using the same UUID generation function with hardcoded clock_seq and node values, logged in as admin to get the flag.
$ ls tags/ techniques/
flaskauthentication_bypasssource_code_analysisinformation_disclosureadmin_takeoverpredictable_uuiduuid_v1password_predictiontimestamp_attackweak_password_generation
UUID v1 password prediction from timestampInformation disclosure via public profile endpointSource code analysis for cryptographic weaknessAdmin account takeover via password reconstruction
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Create a free account with GitHub, then upgrade to Pro.
$ssh [email protected]