Well, not much. I were stalking ghost's paperdolls (paperdoll of session). Thank to multiclient i was able to verify one important thing. Each client use repeatable sequence of 2 or 3 session ID's in one case!
This is huge. What I have to do to get such results is keep connection on and reconnect as fast as possible after random time range. Each client has it's own 'ID range' that changes, of course, but not so often (15? 20 minutes?)
This is huge and partly deny Jimmyee's idea of only 'session ID's pool'. It exists, though, but there is sth more than that! It's hard to say what i found. Maybe there is 'individual session ID's pool'? Maybe.
Still thinking about it. It probably won't bring anything exciting like expolit etc. More interesting could be watching what exactly ghost's paperdolls contains, some 5 bytes combinations are noticeable. We would be all suprise if passwords leak would be possible. Nevertheless, it only 'might' happen. Oh well, it would be a lot of fun LOL.
1 komentarz:
Trafiłem na tę stronę przez Google, nie powiem ciekawa :)
Prześlij komentarz