Context, Part 1:
https://medium.com/@JakeCooper/how-i-hacked-the-oneplus-reservation-system-120ea1a7ad82
Steps to use :
- Fill in
RESERVATIONID
andAPITOKEN
at line 8-9 - Download and install Requests (http://docs.python-requests.org/en/latest/)
- Run! (
python MailinatorExploit.py
)
1)Fill in RESERVATIONID
at line 7
2)Fill in ```APITOKEN```` at line 8
3)Run the app using the command
node mailinator.js
Context, Part 2:
- Fill in
gmailAddress
andinviteToken
at line 9-10 - Run! (
python GmailExploit.py
) - Click links in your gmail inbox (or add a python script to automate this)
- Download and install Requests (http://docs.python-requests.org/en/latest/)
- Run GmailExploit2.py
- Enter your email WITH @gmail.com when prompted.
- Enter your referral code (5-6 digits found on the end of your referral link)
- Run EmailParser.py
- Enter your email WITH @gmail.com.
- Enter your password
Note: EmailParser.py won't work if you have 2-step authentication ON. For the time being, disable it and then run it
Note: You will need to enable GMAIL API:
- follow the instruction from https://developers.google.com/gmail/api/quickstart/python
- just save the client_secret.json on the same directory you are going to run the script
-
Run! (
python GmailExploit3.py send_invites {your gmail address} {invite token} {cache_buster} [--dryrun]
)* [--dryrun] allow you to see the list of emails the invite will send to
-
Wait until you received the email invites. Run! (
python GmailExploit3.py process_invites
)
Steps to use:
- Fill in
INVITE_TOKEN
at line 9 - (Optional) Change how long do you want to wait for the email to arrive
EMAIL_CHECK_TIMEOUT
at line 10 - Download and install Requests (http://docs.python-requests.org/en/latest/)
- Run! (
python GuerrillaMailExploit.py
)
##Additional Components
Click on the confirmation link in a gmail message
Steps to use :
- Insert your email adress and your password (line 38)
- Install pip if it is not all done
- Install request package -> pip install requests
- run it
Parses emails and curls the confirmation link automatically.
- Run EmailParser.py
- Enter your email
- Enter your password.
tries to bruteforce the Oneplus invite system.
Steps to use:
- replace
email1
with your email andpassword
with your password. this is used to claim the invite. - replace
email2
with another (or the same) email. this is the email where the invites will be sent. - run invite_bruteforce.py