Once you have solved this challenge, please write a small writeup and send it to business@bepractical.tech

The people who will be able to solve both of these challenge will receive a shoutout in the upcoming video!

Challenge ends in 10 hrs

Hi everyone, The solution for task two is not on main.bepractical.tech
Actually that subdomain was used as a subdomain takeover lab and some participant have exploited it & uploaded the same webpage given as the challenge. We have removed every lab's dns record for now. The time duration for this challenge is now also increased to 24 hrs. ( It will expire on 1st July 2024 at 7pm IST)

Currently no one is able to find the solution for task 2!

Hint: It is a reconnaissance challenge so please don't focus on finding or exploiting any vulnerabilities!

Hint 2: It is not related to content discovery 😉

So far, no one is able to solve the second challenge! The challenge will end at 7:00pm IST

Congratulations Mehraj for solving both of the challenges🥳🥳🥳

The challenge has been ended now! (Only three people were able to solve both of the challenges)
Congrats to Mehraj, Abhisekh and Akshit for successfully solving the challegnge!🥳🥳🥳

Here is the solution for both of the challenges!

We will be conducting a web recon workshop again for beginner-intermediate bug bounty hunters where you will learn how to dive deep into the target in this month! Stay Tuned

In a recent penetration testing engagement, I was able to find an api endpoint which was disclosing every user's information present on the web page without any authentication!!

Here's what i did:
1. Used ffuf with valid cookies and headers to enumerate the content.
2. After the discovery of this endpoint, I simply remove the required cookies & headers.
3. I was still able to fetch the data!

As always, a proper reconnaissance is necessary to uncover interesting vulnerabilities!

Finally we have completed our first workshop i.e Web Reconnaissance! I really hope that all our participants have learned something new & interesting that will help you all to upskill your recon game! Keep Hacking Everyone🤖

New Batch for this same workshop will be releasing soon this month! Stay Tuned❤️

New video will be releasing within an hr!

Hi everyone, the new video is out! learn how you can use sqlmap effectively to hunt for sql injection vulnerabilities!
Check it out:
https://youtu.be/ciHcdiQ_GJ8

Today i spent most of my time in crafting a payload that can bypass cloudflare and finally got one! I immediately tested the payload on few websites that were protected by cloudflare and successfully got the xss triggered!!!!

Reported this issue to the bug bounty program! Hoping for the best❤

I will release a video on it very soon!

Here's the xss payload: <button%20popovertarget=x>Click%20me</button><img%20onbeforetoggle=alert(1)%20popover%20id=x>XSS

For those who were asking me how i created this, I actually used the same method discussed in this video: https://www.youtube.com/watch?v=4_VbPem6gxI

Hi everyone, We are excited to announce the second batch for web reconnaissance workshop!


If you are a beginner or someone who wants to upskill your recon game then this workshop is for you! Throughout these 7 days, we will explore various methods & techniques that will not only help you to get the basics but also it will help you in creating your own methodology!

You can use the link below to register into this workshop
-------------------------
For People Living In India:
Link: https://pages.razorpay.com/bepracticalWorkshop
--------------------------
For People Outside India:
Link:

https://pages.razorpay.com/bepracticalInternational

[Please make sure to Pay Using PayPal Only]
--------------------------

Last Date Of Registration: 15th July 2024

Looking forward to see you all in this workshop!!!

5 days left for registration!

This was the feedback of previous workshop on reconnaissance. We are really grateful that those who enrolled into the session got to learn something new/interesting and were able to improve their recon game!🎉

Hey everyone,

I'm thrilled and deeply grateful for the incredible response to our first web reconnaissance workshop! Your enthusiasm and feedback were amazing, and it's clear that many of you are eager to enhance your bug bounty hunting and penetration testing skills.

Due to high demand and many not being able to join the first batch, I'm excited to announce another round of the workshop! This is your chance to dive deep into web reconnaissance, learn practical techniques, and connect with a passionate community.

Why Join This Workshop?

-> Full Practical Session
-> Live Q&A session
-> Demo On Real Target

I genuinely appreciate your support and interest. Let’s continue this journey together and take our skills to the next level!

Reserve Your Spot Now:

India: https://rzp.io/l/bepracticalWorkshop
Other Countries: https://rzp.io/l/bepracticalInternational
Thank you once again for your love and support. Let’s make this second batch even more amazing!

Stay curious and keep hacking,