Hi everyone! New video will be releasing soon in the next week! Stay Tuned

Hi everyone! Here's a small task for all of you

Can you find the subdomain on which this webpage is hosted?😉

Another task!

Can you find the subdomain on which this webpage is hosted?

Difficulty Level: High~Medium

Once you have solved this challenge, please write a small writeup and send it to business@bepractical.tech

The people who will be able to solve both of these challenge will receive a shoutout in the upcoming video!

Challenge ends in 10 hrs

Hi everyone, The solution for task two is not on main.bepractical.tech
Actually that subdomain was used as a subdomain takeover lab and some participant have exploited it & uploaded the same webpage given as the challenge. We have removed every lab's dns record for now. The time duration for this challenge is now also increased to 24 hrs. ( It will expire on 1st July 2024 at 7pm IST)

Currently no one is able to find the solution for task 2!

Hint: It is a reconnaissance challenge so please don't focus on finding or exploiting any vulnerabilities!

Hint 2: It is not related to content discovery 😉

So far, no one is able to solve the second challenge! The challenge will end at 7:00pm IST

Congratulations Mehraj for solving both of the challenges🥳🥳🥳

The challenge has been ended now! (Only three people were able to solve both of the challenges)
Congrats to Mehraj, Abhisekh and Akshit for successfully solving the challegnge!🥳🥳🥳

Here is the solution for both of the challenges!

We will be conducting a web recon workshop again for beginner-intermediate bug bounty hunters where you will learn how to dive deep into the target in this month! Stay Tuned

In a recent penetration testing engagement, I was able to find an api endpoint which was disclosing every user's information present on the web page without any authentication!!

Here's what i did:
1. Used ffuf with valid cookies and headers to enumerate the content.
2. After the discovery of this endpoint, I simply remove the required cookies & headers.
3. I was still able to fetch the data!

As always, a proper reconnaissance is necessary to uncover interesting vulnerabilities!

Finally we have completed our first workshop i.e Web Reconnaissance! I really hope that all our participants have learned something new & interesting that will help you all to upskill your recon game! Keep Hacking Everyone🤖

New Batch for this same workshop will be releasing soon this month! Stay Tuned❤️

New video will be releasing within an hr!

Hi everyone, the new video is out! learn how you can use sqlmap effectively to hunt for sql injection vulnerabilities!
Check it out:
https://youtu.be/ciHcdiQ_GJ8

Today i spent most of my time in crafting a payload that can bypass cloudflare and finally got one! I immediately tested the payload on few websites that were protected by cloudflare and successfully got the xss triggered!!!!

Reported this issue to the bug bounty program! Hoping for the best❤

I will release a video on it very soon!

Here's the xss payload: <button%20popovertarget=x>Click%20me</button><img%20onbeforetoggle=alert(1)%20popover%20id=x>XSS

For those who were asking me how i created this, I actually used the same method discussed in this video: https://www.youtube.com/watch?v=4_VbPem6gxI