![]() ![]() Once you have Go installed and a GOPATH configured, you can use the following command to install the dependencies: ![]() The exploit itself was rather complicated due to the fact that nicknames are limited to 15 characters.įirst, you must have the Go programming language installed on your machine. This exploited a bug with the pre-game player list, which did not sanitize HTML tags. This used to run arbitrary JavaScript code on the host's computer. kahoot-xss - since I discovered this security hole, I contacted Kahoot and they fixed it.This no longer prevents the game from functioning, so it is a rather pointless "hack" kahoot-crash - trigger an exception on the host's computer.See the screenshot in the example section. This messes with the lobby of a kahoot game. It used to allow you to join a game of kahoot a bunch of times with HTML-rich nicknames. kahoot-html - I have notified Kahoot and they have fixed this issue.kahoot-play - play kahoot regularly-as if you were using the online client.kahoot-profane - circumvent Kahoot's profanity detector, allowing you to join with any nickname (but with extra length restrictions it has to be short).If you connect with enough names, one of them is bound to win. kahoot-rand - connect to a game an arbitrary number of times (e.g.For instance, you can register the nicknames "alex1", "alex2". kahoot-flood - using an old school denial of service technique, this program automatically joins a game of kahoot an arbitrary number of times.Included toolsĬurrently, I have implemented the following tools: This repository contains the results of my labor. I have reverse engineered parts of the protocol used by. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |