Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Telsa uses auth.tesla.com as an SSO provider for external customers. For internal employees, they uses sso.telsa.com as an iDP.

Using auth.tesla.com, they user realized it is possible to create emails for both @tesla.com and @teslamotors.com. Trying to create already created emails, like ones from internal employees, was not allowed. So, what can we do with this?

So, what about accounts that have been removed? Could we recreate these? So, the author looked on LinkedIn for employees at Tesla that may have had permissions in the past on various websites. Interesting idea!

The author had used The Tesla Retail Tool for IT and business data for the dealerships. So, they tried this. After many tries, they found accounts with permissions on this site!

The website did not care which iDP was being used; the external vs the internal one. Using this issue, they were able to login as the other employee. If there was a JWT, then the iss field is what was important here. A super interesting bug!