Insecure UUID

Version 1

12345678 - abcd - 1a56 - a539 - 103755193864

xxxxxxxx - xxxx - Mxxx - Nxxx - xxxxxxxxxxxx

The position of the M Indicates the UUID version. In the example above, it’s UUID v1.
The position of the N Indicates the UUID variant.

Attacking predictable GUIDs when hacking APIsDana Epp's Blog

$ python3 guid_reaper.py -d da***4ad-9**7-1**f-8**6-02*******016
GUID version: 1
Time: 2024-*1-0* 05:36:06.444766
Timestamp: 13<-SNIP->661
Node: 248<-SNIP->374
MAC address: 02:42:<-SNIP->:16
Clock sequence: 2**2

$ python3 guid_reaper.py -t '2024-1*-0* 0*:0*:2*' da***4ad-9**7-1**f-8**6-02*******016 > guid.txt

Bruteforce

UUID Insecurities | HackTricks

Sandwich Attack

GitHub - Lupin-Holmes/sandwichGitHub

PreviousJWT Token NextIDOR

Last updated 3 months ago

Was this helpful?