hacker

turmio

description
Zoom plugin lisens on localhost which means it can be triggered open via specific URL to localhost. Same goes to URI format zoommtg:// . Since there was not much information I'll do some reversing and put notes here. Maybe it helps other hackers. If you find some interesting approaches and release something about it, please let me know.
started

2019-04-25

Reguests to localhost

GET /app_check?action=checkVersion&domain=zoom.us&usv=66916&uuid=-8592519063090374108&t=1556175347396 HTTP/1.1
Host: localhost:19421
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36
DNT: 1
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,fi;q=0.8

GET /launch?domain=zoom.us&usv=66916&action=join&confid=dGlkPWNkMWZhMDVlNWZkMDRiY2VhYjYyOGY2MTlmZjdlMTcz&confno=457840795&zc=64&pk=&mcv=0.92.11227.0929&browser=chrome&wc=https%3A%2F%2Fzoom.us%2Fwc%2Fjoin%2F457840795&uuid=-8592519063090374108&t=1556175348534 HTTP/1.1
Host: localhost:19421
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36
DNT: 1
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,fi;q=0.8

Attachments


CategoryProjekti