Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 1103

Help finding images on website

by Jtapp1992 - 09 January, 2021 - 11:04 AM
This post is by a banned member (Jtapp1992) - Unhide
Jtapp1992  
Registered
23
Posts
1
Threads
4 Years of service
#1
(This post was last modified: 09 January, 2021 - 11:04 AM by Jtapp1992.)
So I found an e-girl that I subscribed to, and one thing she does is send out PPV messages to members. I have found by checking the source code to the web site that the images themselves are not secure, but they have incredibly long names.  However, I noticed theres a pattern between the "blurred" image and the actual image that shows up when you pay. So essentially I know that a certain image thats "blurred" only has a 7 character variation from the unblurred one. From what I can tell theres  only 15 characters used in those 7 variations.

For example:

Blurred image is blahblat.wahtever/blurChatImages/b9982db0-39a4-11eb-86fc-a33f81d51fa7.png
Unblurred image is blahblat.whatever/chatImages/acb0cda0-39a4-11eb-86fc-a33f81d51fa7.png  So the only differences is those first 7 characters,  all the images only seem to use the letters abcdef and 0-1, never any capitals.  

I've checked with a couple different images and they all follow this pattern. 

What I would like to do is try and brute force to fine the link to the actual images, assuming I have the link to the blurred image.  


Is this something that can be done, and how would I go about doing it?
This post is by a banned member (GravityData) - Unhide
This post is by a banned member (TheDebianGuy) - Unhide
61
Posts
8
Threads
4 Years of service
#3
You could craft the possible url and check if you got 200 response code, but obviously the variation is long so it would take very long time to get the right url unless you are lucky, the devs are not stupid to make it that simple to bruteforce. You can calculate all combinations with simple maths findable on google.
Main website: https://thedebianguy.keybase.pub
[Image: ezgif.com-crop091ec57da105d927.gif]
Ehtical hacker and app developer...
   
This post is by a banned member (Jtapp1992) - Unhide
Jtapp1992  
Registered
23
Posts
1
Threads
4 Years of service
#4
(10 January, 2021 - 02:44 PM)TheDebianGuy Wrote: Show More
You could craft the possible url and check if you got 200 response code, but obviously the variation is long so it would take very long time to get the right url unless you are lucky, the devs are not stupid to make it that simple to bruteforce. You can calculate all combinations with simple maths findable on google.

As far as I can tell, theres its a string of 7 characters that I need to search, and there are only 15 options, so Aprx 170 million options.

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)