Simple PoC script that allows you to exploit telegram's "send with timer" feature by saving any media sent with this functionality.

Related tags

Third-party APIs Wrappers image telegram exploit telegram-bot timer messaging secret media send poc with e2ee poc-script
Overview

breaking-telegram

Simple PoC script that allows you to exploit telegram's "send with timer" feature by saving any media sent with this functionality.

Status

Working

PoC

poc

How to

Step 0

git clone https://github.com/matteounitn/breaking-telegram.git

Step 1

  • Go to https://my.telegram.org/auth?to=apps;
  • Create an app(doesn't matter how do you call it);
  • Get API ID and API KEYS;
  • Replace them in config.ini.example and save it as config.ini

Step 2

  1. cd breaking-telegram
  2. python3 -m venv venv && source venv/bin/activate
  3. pip3 install -r requirements.txt
  4. python3 broke.py

Now insert your number and your code.

Eventually you will be asked for a password, if you have one set in your account.

Step 3

Receive an image with timer (could also be a video or gif). Check your saved messages.

Take Home

Use secret chats. They're not bulletproof, but they're definitely safer.

You might also like...
A simple Discord Bot created for basic functionality and fun chat commands for use in a private server.

LoveAndChaos-Bot v0.1.0 LoveAndChaos-Bot is a Discord Bot specifically designed for a private server; this bot is merely a test and a method to expose

Morgan Rose 1 Dec 12, 2021
A custom Discord Rich Presence to display when you're studying so you're stupid friends won't disturb you when you're studying.

Studying RPC Description A custom Discord Rich Presence to display when you're studying so you're stupid friends won't disturb you when you're studyin

John Edmerson Pizarra 4 Nov 19, 2022
ShadowClone allows you to distribute your long running tasks dynamically across thousands of serverless functions and gives you the results within seconds where it would have taken hours to complete

ShadowClone allows you to distribute your long running tasks dynamically across thousands of serverless functions and gives you the results within seconds where it would have taken hours to complete

null 240 Jan 6, 2023
aws-lambda-scheduler lets you call any existing AWS Lambda Function you have in a future time.

aws-lambda-scheduler aws-lambda-scheduler lets you call any existing AWS Lambda Function you have in the future. This functionality is achieved by dyn

Oğuzhan Yılmaz 57 Dec 17, 2022
Script for polybar to display and control media(not only Spotify) using DBus.
Script for polybar to display and control media(not only Spotify) using DBus.

polybar-now-playing Script for polybar to display and control media(not only Spotify) using DBus Python script to display and control current playing

Dope Wizard 48 Dec 31, 2022
A script to forward mass number of media to another group/channel. Heroku deploy

Telegram Forward Script 😇 This is a Script to Forward Large Number of Files to Another Telegram Channel. Star එකක් දාල fork එකක් ගහපියව් 🥴 If You Tr

Anjana Madu 17 Oct 21, 2022
Discord bot script for sending multiple media files to a discord channel according to discord limitations.

Discord Bulk Image Sending Bot Send bulk images to Discord channel. This is a bot script that will allow you to send multiple images to Discord channe

Nikola Arbov 1 Jan 13, 2022
Aggrokatz is an aggressor plugin extension for Cobalt Strike which enables pypykatz to interface with the beacons remotely and allows it to parse LSASS dump files and registry hive files to extract credentials and other secrets stored without downloading the file and without uploading any suspicious code to the beacon.
Aggrokatz is an aggressor plugin extension for Cobalt Strike which enables pypykatz to interface with the beacons remotely and allows it to parse LSASS dump files and registry hive files to extract credentials and other secrets stored without downloading the file and without uploading any suspicious code to the beacon.

aggrokatz What is this aggrokatz is an Aggressor plugin extension for CobaltStrike which enables pypykatz to interface with the beacons remotely. The

SEC Consult Vulnerability Lab 148 Dec 9, 2022
VaccineAlarm is a simple python script that allows user to get notified when their desired vaccine doses are available at vaccine centers near them.

Introduction VaccineAlarm is a simple python script that allows user to get notified when their desired vaccine doses are available at vaccine centers

Ankit Tripathi 5 Nov 26, 2021
Owner
Matteo
FBK - Security and Trust Unit
Matteo
GitHub
A simple telegram bot that takes a list of files sent by the user and returns them 7zipped

A simple telegram bot that takes a list of files sent by the user and returns them 7zipped

null 1 Oct 28, 2022
Zipper-s-Father - A simple telegram bot that takes a list of files sent by the user and returns them zipped

ZIP files telegram bot A simple telegram bot that takes a list of files sent by

Dr.Caduceus 1 Jan 29, 2022
🤖 Chegg answers requested and sent by the Discord BOT to the targeted user.

Chegg BOT Description "I believe that open-source resources are a must for everyone around. Especially in the field of education. As Chegg c

Vusal Ismayilov 33 Aug 20, 2021
A Telegram Bot That Provides Permanent Download Links For Sent Files.

FileStreamBot A Telegram bot to all media and documents files to web link . Report a Bug | Request Feature Demo Bot: ?? About This Bot : This bot will

Flux Inc. 1 Nov 2, 2021
A simple Telegram bot that can add caption to any media on your channel

Channel Auto Caption This bot can add a caption for any media/document sent to a channel. Just deploy bot and add bot as admin to a channel. Deploy to

null 22 Nov 14, 2022
Frwdit-V1 - A Simple Bot can copy any media to a private channel provided

?? Auto Forward V2 A Simple Bot can copy any media to a private channel provided

FUCK OFF ANE 3 Dec 3, 2022
SmsSender v3.0.0 - the script is designed to send free SMS to any number and with any text.

SmsSender v3.0.0 - скрипт предназначен для бесплатной отправки SMS на любой номер и с любым текстом. Возможны небольшие баги, в скором времени исправл

Андрей Сергеев 20 Dec 3, 2021
A simple script that loads and hot-reloads cogs when you save any changes

DiscordBot-HotReload A simple script that loads and hot-reloads cogs when you save any changes Usage @bot.event async def on_ready(): from HotRelo

null 2 Jan 14, 2022
Telegram Bot for saving and sharing personal and group notes

EZ Notes Bot (ezNotesBot) Telegram Bot for saving and sharing personal and group notes. Usage Personal notes: reply to any message in PM to save it as

Dash Eclipse 8 Nov 7, 2022
An inline real-time media searching robot without any database.

MediaBuddy A Telegram Inline media searching robot without any database. About mediaBuddy is an inline media searching robot. If you have so many movi

Renjith Mangal 28 Oct 21, 2022