Episode 161: Cross-Consumer Attacks & DTMF Tone Exfil

[00:00:00.96] - Justin Gardner
And we figured out that we could take the user's 2FA code, encode it into DTMF tones, and append it to a phone number and tell Gemini, call this phone number, which is one of the actions that didn't require user prompting.   So, hackers, we've got an exciting announcement. ThreatLocker Zero Trust World Conference is back in 2026. It's going to be March 4th to March 6th in Orlando, Florida. It's freaking gorgeous down there too during that time. And yours truly is going to be there. I'm going to be there on Wednesday, March 4th. I'm going to be leading a hands-on hacking workshop. I'll be one of many. So there's lots of fun hacking workshops you can get involved in and it's going to be a great time. There's tons of sessions, workshops, other people there to network with. It's going to be a great conference. So if you're local to Orlando or if you're up for the travel, this is a great way for you to use that employer training budget that you've got. Also, for Critical Thinking listeners, there's a discount of $200 off. You can use the code ZTW, right, for Zero Trust World. CTBB26. ZTW CTBB26 when you register. That'll be on the screen and in the description as well. It's going to be a great time. I hope to see you guys there. All right, let's go back to the show. All righty. Sup, hackers? It's been a while. It probably actually doesn't feel like a while to you guys because I pre-recorded some episodes, but I haven't been on the pod in 3 weeks and I am rolling and ready to get back to it. So, I mean, let's jump into this episode. I'm going to be solo today. No Rezo or Gretchen. Um, Rezo's got some, some stuff going on and Gretchen is going to be traveling for a live hacking event. So, um, just your boy RhinoRaider today. Um, all right. First, let's jump off into the This Week in Book Bounty segment. Um, you know, I have a couple things here for this one, but, uh, actually I'm going to turn one of them into just a longer segment because it's really good. Um, so first thing that you just need to be aware of rapid fire is. Integrity launched a new program called AS Watson. This is a big, like, massive scope family, you know, of, of companies sort of situation here. And the bounties are quite good. We're looking at $4K to $7K of criticals, highs in $1.2K to $4K, and a massive scope. So watch your tier levels for sure. I mean, obviously they go down to quite low for tier 5 or whatever. Um, but if you're hacking on the main scope, uh, this is a nice fresh new program you can take a look at for a, uh, a company that is very big in, in Asia, the AS Watson Group. So check that out. Um, so that's where I'm, I'm actually done with the TWIB. And now we're going to go into the actual main content for the episode. Got a lot of news, but I'm also going to throw in some, some fun tidbits for you guys. Uh, we're going to talk a little bit about, I guess sort of a realization that I had about CSRF, which I feel like I should have known but didn't really hit. And then at the end, we're going to talk a little bit about cross-consumer attacks, which is something that Franz and I have been working a little bit on in the Critical Thinkers Research Guild from a while back. So we're going to cover that as well. Okay. So first up though, before we jump into those things, is the Yes We Hack 2026 report. So I try to go through each one of these like bug bounty program or platform reports whenever they come out and grab useful tidbits for you guys. And not going to lie, YesWeHack is putting out some pretty sick content for all this. So actually, let me go ahead and expand my screen here. I'm going to give you guys a lot of the data out of this report, but I would also recommend you go check it out. We're going to, we're going to link it in the description. First, they're showing they're giving more data on how hunters are actively using AI. This is an N of 245. So this is 245 hackers surveyed for this. And most hackers are using AI for improved report clarity and structure, which I don't know if it's getting them more clarity or not, because I've seen some really crap AI-generated reports lately. I still don't use AI to generate my reports. I help it, I have it help sometimes when I'm doing something particularly complex, but I write all of my reports by hand typically, and that I find that that gets them accepted more, more quickly. 32% are using it to create, think creatively, and thanks to the AI automation, and 31% are using it to find more bugs, more complex and subtle bugs. I've had a lot of success in the past couple of weeks with using Opus 4.6 to find some very, very deep client-side bugs that I wouldn't have found. So I definitely recommend you guys use something like JX Scout to get the JavaScript files down and then throw it into Cloud Code and just have it go ham because it does a very good job of analyzing client-side routes, query parameter parsing, hash parsing, postMessage listeners, all sorts of things. So definitely recommend you, you take a look at that. And we see 69% are using AI for learning and documentation, 51% for drafting reports, 40% for payload generation, 38% for code review and vulnerability analysis. Payload generation, I think, is a big one for me. 26% for recon and 23% for escalating vulns. 9% are not using AI. So, I mean, we're seeing a lot of rapid adoption here. I would definitely recommend you join this 40% that's using it for payload generation and 38% for code review and vulnerability analysis. It is extremely, extremely good. And that's coming from like a pretty experienced client-side hacker. It is amazing. So definitely build out your own workflow for that. All right. Next one was on page 44 that I thought was interesting. Of the hunters surveyed, 44% have been hacking for 4 to or 3 to 4 years, or 3 to 5 years, which is not as long as expected, to be honest. So that's pretty encouraging. And 38% of hunters are full-time hunters on YesWeHack, which is kind of crazy. 62% are doing it in addition to some other role. So it's good to see the full-time hunters growing a little bit. I like that. And I was surprised to see that number be so high. We're also seeing the best ways to improve your hacking skills are YouTube videos. You know, hey, maybe you're watching this on YouTube. Yes, We Hack Dojo and, uh, uh, oh, okay. So actually it's like hands-on practice with bug bounty platforms first. Um, and then we're also seeing YouTube videos, Yes, We Hack Dojo, online educational platforms, and, uh, blog posts and write-ups, which I totally agree with. Um, we've also seen a 520% increase in collaboration reports on Yes, We Hack, which is sick. Um, so lots of collaboration going on and the top tools in the toolkit are Burb Suite, Fuff, and HPX, which makes sense. Unfortunately, we're only seeing Kaido down here at 18% adoption versus 91% on Burp Suite. So it seems like in the YesWeHack world, Kaido is, is only at 18%, but a lot of the top hunters I know are using Kaido. So surprising. But yeah, I guess, you know, old habits die hard. Yeah. Also, I wanted to call out this on page 55, their top performing hunters by CWE types. And I know, okay guys, we're getting into a a little little bit of meta here, okay? But like, there are some recon boys out there that will not talk about what they do at all. And this guy, this, this little graph here gives us a little bit of a peek into what exactly they might be doing. GoDiego has, you know, denied my request to come on the pod multiple times. And he is coming in as the top hacker for cache poisoning. So that could be a part of his, his secret methodology. And doxxing, of course, unsurprisingly, is coming in with subdomain takeovers. So cache poisoning and subdomain takeovers are probably what are making these guys top of the leaderboard right now, which is really cool to see. They also included a long section on various hackers' expertise. So, you know, Chakal's methodology for stored XSS, there's one for information disclosure, IDOR, etc. So if you're looking to know like what the methodology is for these top hackers, this is a good place to find it. Overall, I thought this report was really awesome. They talked about the live hacking events, they talked about the assessment of, you know, vulnerabilities that people are finding, they're sharing methodology, and they even also highlight some of the research. Let's see if I can find it. Yeah, some of my favorite research that came out this year, Exploiting Syntax Confusions in the Wild by Alex Brumans. So definitely worth a read. High-quality bug bounty platform report. Okay, so we went through that. Let's jump now over to what I was gonna talk about with regards to CSRFs, okay? So I was exploiting a bug the other day and I was like, okay, you know, I've got this CSRF. It does something to the victim's account that would be more helpful if I could do it multiple times. And I was like, ah man, I'm gonna have to like pop up a new tab and like distract the user while I'm like redirecting. And stuff like that. And then I realized, you know, hey, even though this has X-Frame-Options set to deny, it doesn't matter. And same-site cookies are none for this, which was what we wanted. So it's still you sending, know, the cookies into the iframe. Um, it's just not going to be able to show the result, but it doesn't matter for CSRF because it's a thing. So, state-changing you know, one of what I ended up doing was just creating a bunch of iframes with this state-changing You know, action and all of them, you know, failed to load because X-Frame-Options was deny, but it doesn't matter because the cookies are sent and the request is processed server-side. So I was just able to like, like send a bunch of, uh, you know, CSRFs at the same time. And I don't know why I hadn't really wrapped my head around it, but like X-Frame-Options doesn't get processed obviously until the response is processed. And by that point, the CSRF has already had its effect. So just like, make sure, I know it gets tricky nowadays with like iframes and like fetch requests and stuff like that. And what cookies are going to be sent with same site and and that sort of thing. But really the, for you CSurf, know, the thing you need to be checking is does it have the same-site cookies in place, right? You don't really have to think about, oh, is it iframeable or not iframeable? In this situation, I had to do it by an iframe versus fetch, but just keep that in mind you that, know, X-Frame-Options is not, doesn't prevent you from executing CSurfs inside of an iframe. Just a thought there. All right. Up next is a write-up by our own Monke, and this is a collab between Monke, Rezo, me, and Lupin at a live hacking event in Tokyo. And this was one, a very fun creative bug that we all did together. And it was released on StarStrike.ai's blog, which is BuzzFactor and Monke's new AI consulting firm. So this is such a fun bug. I wanted to tell you guys about it. He does a great introduction into like the anatomy of a data exfiltration vulnerability in modern AI environments. But the TL;DR of the situation is, you know, we've got some, some way to deliver the payload. You get the actual data that you need and then you exfil that, right? So there's kind of those three components that you need. So the delivery component for this exploit was an intent URI that you can utilize inside of the Gemini app, which would allow you to preload a query into the victim's Gemini. And because it loads so quickly, you can actually use tapjacking for this. So, you know, you create an app, they're tapping, you know, hey, tap this button 5 times, they tap it 1, 2, 3, right? And then on the 3rd, you trigger the intent swap and preload the prompt in. And then by the time they're done tapping, you know, their finger is right on the send button for Gemini and it triggers the exploit. So it's kind of like clickjacking. It's not the most optimal method. And we actually figured out a way to, you know, deliver this payload differently afterwards. But tapjacking is an interesting term that we don't talk about a ton. So just wanted to highlight that for y'all is that that is a way to get your payload in, in a worst case scenario. So anyway, we got the payload in. We said, hey, Gemini, you know, because it has access to the user's data, their messages and stuff like that on the Android device, we could say, hey, grab the 2FA code, from the user's message and now we got to get it out, right? So that's the exfiltration piece. And we actually did this via DTMF tones, which is some OG hacker shit right here, which that's those tones you hear when you call a number and it goes ding, ding, ding, you know, and it's like, you know, putting in these specific numbers via frequencies, right? So what we found is that if you put the You know, I believe it was a hashtag or maybe it was a semicolon. It's semicolon after the, um, after the number, you know, you can get it to automatically play these DTMF tones. And we figured out that we could take the user's 2FA code, encode it into DTMF tones and append it to a phone number and tell Gemini, call this phone number, which is one of the actions that didn't require user prompting. Right. So with that one tap on the TapJack, it would read the messages, grab the 2FA code, and then call us. And we had like the sick POC video where we had like another phone sitting right next to it. And you know, we'd pick up the phone and it would go, "Dun, dun, dun, dun, dun, dun," or whatever, you know, the DTMF tone. And then you would see the 2FA code pop up on the attacker's phone, 'cause it was, you know, processing the DTMF tones. So that is a good way to, let me see, That is a way to exfiltrate data in these sort of environments. And I was really proud of the team for coming up with that really creative solution. And yeah, Google liked it. So we got a bounty and we got 1 through 3, 7 bonus for the most creative vulnerability of that live hacking event. So that was a blast. All right, up next is some news that we kind of have to cover that's a little bit a little bit tricky, which is HackerOne recently, and I'll give a shout out to W2W here who tweeted this out. Both Spotify and the HackerOne program decreased their bounties pretty substantially lately. This is not something we like to see, especially from a platform. And I've reached out to HackerOne to get a comment on this. Unfortunately, this happened just super recently.. And we are kind of recording this episode last minute anyway. So I haven't had the opportunity to get HackerOne to give us a comment on that, but we're gonna cover that comment on the next episode. Because I think they will get back to us about it. But you know, here I am, I'm wearing a HackerOne shirt. If you can't see, I'm wearing a HackerOne t-shirt. This is not great to see, but you know, HackerOne is still paying good bounties here. You know, they're paying $1,500 for a medium, $7K for a high, $15K for a crit. Um, I am confused by their, their decision to decrease their bounties. So, uh, I guess we'll see how they respond to that next time. Um, but I think the general sentiment is that they are, um, doing that in alignment with other bug bounty programs and to which the hacker response is, well, you need to be setting the tone. But not following, right? So we'll see what HackerOne's response to that is. Also in the PR, in the PR hit that H1 has been taking right now, there's also some people that have been highlighting Section 3.1 of HackerOne's general terms and conditions, which says, and I quote, HackerOne may use confidential information to develop and/or improve its services, for example, identify trends and train AI models, provided such use does not result in disclosure of confidential information to unauthorized third parties. Now, a lot of people are interpreting this to mean, you know, hey, they're taking our data, they're training like, you know, the super hacker AI. I have spoken with some HackerOne representatives in the past that have claimed that that is not the case. And there's no project underway for that. But there is something in the terms and conditions here. My intuition is that this is being used, you you know, in context with Hai, which is HackerOne's AI system, which helps write reports and deal with that sort of thing. And this is sort of like a catch-all statement. But a lot of hackers are sort of dismayed by that and don't want their confidential information being used with AI models. So I also reached out to HackerOne to get a comment on that. And we'll see what they say. But these terms and conditions have been in effect since July 20th of '24. So it's been a while at this point, and I'm not sure why it's just coming back up into the public eye, but I did want to address it for you all in full transparency. And I will let you know when we hear back more from HackerOne about that. All right. Up next is— I just wanted to give a shout a little bit here. When you're done with today's episode of Critical Thinking, this is going to be a short episode. I got a lot going on right now, but when you're done with this episode, I recommend you go over to Turbo 7, you are B0 YouTube channel and watch Research Review Number -2, RCE in Google's AI Code Editor Antigravity by Sudeep. So this is one of the best hackers I know who is unfortunately also like from my little town that I live in. So I can't even claim to be the best hacker in my little town, you know? Is, uh, is this guy Turbo, and he's amazing. Um, and he's doing a review of some research and giving his comments, and this guy is just so full of passion for hacking. Like, you guys know me, I'm full of passion for hacking. He is full of passion for hacking, okay? Um, and he's going to be releasing some videos, it seems, uh, doing research reviews, uh, and just kind of giving his thoughts. And he actually does some research reviews for us at Critical Thinking as well, um, applications into the research lab. So Um, he does a great job with this and he, he's very, very smart. So if you want to go hear his, um, research reviews, you can find that on his YouTube channel. We'll link that in the description. So if you're looking for a little bit of extra content to fill in where CTBB is lacking this week, then Turbo's got you covered. All right. Um, last but not least, I did want to talk to you guys a little bit about some, um, research that I think we mentioned on the pod a while back that Franz and I were kind of cooking on, um, a while back. So let me take a drink of my water real quick. Okay, let's get to that. So this is something that we are sort of branding cross-consumer attacks. And I'm hoping that we'll get a write-up on the, on the Critical Thinking Research Lab soon on these types of attacks. We've poked them in several areas and we've also seen them, you know, out in the community pretty often. And what these are are essentially scenarios where a target company is utilizing a third party to do something like, um, load JavaScript files, documentation, you know, whatever it is, right? Um, support apps or whatever. And they've got part of their domain pointed at this third party and they've got, um, uh, or maybe like a path even on their main domain pointed at this third party, right? Um, and what you can do is you can sign up for that third party yourself and create your own tenant or whatever, and then host content on your tenant, right? Let's call it like an SVG file or an HTML file or whatever. Right. And then, um, take that URL that is used to access your own content and try to access it on the target. Right. So the scenario that we're talking about here is, you know, you've got some website and maybe like. It's like /docs/1356814/test.html or whatever. And you know, that ID just looks like an IDOR, right? And so, you know, if you can access your uploaded content to this third party on your target's domain, then you may be able to induce things like XSS. We've seen this many times. It's very hard to fix because for the third party, like, Uh, you know, these URLs are supposed to be public, but only under your domain. Right. So it's kind of tricky, you know, you get into those situations where it's like, okay, well, they're accessing, you know, public content or whatever. Um, so it's tricky, you know, a lot of, a lot of third-party providers are, are pretty vulnerable to this. Um, so just keep that in mind as an attack vector. I know that hacking third parties is a little bit, you know, weird sometimes or whatever. Um, but we've seen this accepted quite often and, you know, impact is king nowadays. So just make sure you're proving impact. So let me give you a couple of tips for that. Uh, obviously check out URLs in the path. Sometimes there's also slugs in the path, you know, instead of, you know, /google, you put in /rhinorator and now it's got, you know, , you know, uploaded content there. Um, look for file uploads, right? So we're looking for SVG files. We're looking for HTML files, even hosting JS files can, there can help you. You know, bypass CSP or something like that. So keep that in mind. You can also, you know, sometimes they have these hosts as like holes in their CSP in general, which can help for, you know, data exfiltration or XSS, of course. And then one other area that I've seen this work, or two other areas, is sometimes these like paths that you have sort of dedicated from the main domain, the main victim domain, to this third party, they will accept parameters that will allow you to override what host the content is related to. So just kind of run GOW, you know, do some Google dorking on that sort of path pattern and see if there's any parameters that pop up and read the documentation for the third party a lot to understand if there's any debug parameters that will allow you to say, hey, I know that this is on you know, Google's domain or whatever, but instead, uh, you know, let's, let's go ahead and point it to Rhino Raiders and then that will allow you to override. So that's an interesting technique. Um, and then last but not least, sometimes there are specific tokens for this. So rather than just an ID in the URL or whatever, they like sign a URL or they'll like generate a JWT token or something like that, which will allow you to access that restricted content. Check for the scenarios where the third party is downloading files, not like PDF files and stuff like that, not just like generating HTML pages or whatever. And sometimes those signed URLs or those specific patterns of accessing it via a token will allow you to access your data on a different customer site, which can induce XSS. So Keep a lookout for those sort of attacks. We're calling those cross-consumer attacks. I think it fits the concept pretty well and we've seen them quite often around. So keep, keep your eye out and yeah, drop something in the CTBB Discord if you guys find one. I would like to know how, how common they are around and hear about any success stories you guys might have with that. All right. That's about it. That's all I've got for you guys today. Go watch that content by Turbo., and, uh, I'll see you guys next week. Peace. And that's a wrap on this episode of Critical Thinking. Thanks so much for watching to the end, y'all. If you want more critical thinking content, uh, or if you wanna support the show, head over to ctbb.show/discord. You can hop in the community. There's lots of great high-level hacking discussion happening there on top of the masterclasses, hackalongs, exclusive content, and a full-time Hunter's Guild. If you're, uh, a full-time Hunter, it's a great time. Trust me. All right, I'll see you there.