Upcoming topics for the video
Anonymous Poll
39%
IDOR
32%
SQL Injection
23%
CSRF Automation
6%
Other
👍1
This media is not supported in your browser
VIEW IN TELEGRAM
18K subs completed!!!
Thank you all for all the support & love you guys have given me❤️
Keep showing your support and we will reach up to 20k soon!!
Thank you all for all the support & love you guys have given me❤️
Keep showing your support and we will reach up to 20k soon!!
👏11❤7🔥2🥰1
What is your level in ethical hacking or bug bounty?
Anonymous Poll
56%
Beginner
36%
Intermediate
8%
Advanced
❤8👍2
Hi everyone! New video will be releasing soon in the next week! Stay Tuned
❤13👍1
👍1
Once you have solved this challenge, please write a small writeup and send it to business@bepractical.tech
The people who will be able to solve both of these challenge will receive a shoutout in the upcoming video!
Challenge ends in 10 hrs
The people who will be able to solve both of these challenge will receive a shoutout in the upcoming video!
Challenge ends in 10 hrs
👍6❤2😁1
Hi everyone, The solution for task two is not on main.bepractical.tech
Actually that subdomain was used as a subdomain takeover lab and some participant have exploited it & uploaded the same webpage given as the challenge. We have removed every lab's dns record for now. The time duration for this challenge is now also increased to 24 hrs. ( It will expire on 1st July 2024 at 7pm IST)
Currently no one is able to find the solution for task 2!
Actually that subdomain was used as a subdomain takeover lab and some participant have exploited it & uploaded the same webpage given as the challenge. We have removed every lab's dns record for now. The time duration for this challenge is now also increased to 24 hrs. ( It will expire on 1st July 2024 at 7pm IST)
Currently no one is able to find the solution for task 2!
❤2
Hint: It is a reconnaissance challenge so please don't focus on finding or exploiting any vulnerabilities!
😁3
So far, no one is able to solve the second challenge! The challenge will end at 7:00pm IST
👍4😁1
The challenge has been ended now! (Only three people were able to solve both of the challenges)
Congrats to Mehraj, Abhisekh and Akshit for successfully solving the challegnge!🥳🥳🥳
Congrats to Mehraj, Abhisekh and Akshit for successfully solving the challegnge!🥳🥳🥳
Media is too big
VIEW IN TELEGRAM
Here is the solution for both of the challenges!
We will be conducting a web recon workshop again for beginner-intermediate bug bounty hunters where you will learn how to dive deep into the target in this month! Stay Tuned
We will be conducting a web recon workshop again for beginner-intermediate bug bounty hunters where you will learn how to dive deep into the target in this month! Stay Tuned
❤11👍2
In a recent penetration testing engagement, I was able to find an api endpoint which was disclosing every user's information present on the web page without any authentication!!
Here's what i did:
1. Used ffuf with valid cookies and headers to enumerate the content.
2. After the discovery of this endpoint, I simply remove the required cookies & headers.
3. I was still able to fetch the data!
As always, a proper reconnaissance is necessary to uncover interesting vulnerabilities!
Here's what i did:
1. Used ffuf with valid cookies and headers to enumerate the content.
2. After the discovery of this endpoint, I simply remove the required cookies & headers.
3. I was still able to fetch the data!
As always, a proper reconnaissance is necessary to uncover interesting vulnerabilities!
❤22🔥6👍2
New Batch for this same workshop will be releasing soon this month! Stay Tuned❤️
❤7👍1