Want to learn Account Takeover? I got you😉

Introduction

Do you know that an account takeover bug can give you as much as $1000 to $100,000? But unfortunately, most of the beginner bug hunters don’t know how to look for these type of vulnerabilities. As a result, most of the beginner bug hunters don’t test for these vulnerabilities. If you are one of those, then let me tell you something: I’ve got your back.

What usually happens with beginners?

There’s a quote: “I fear not the man who has practiced 10,000 kicks once, but I fear the man who has practiced one kick 10,000 times.” Well, this applies in bug bounty as well.

One thing that i did in the beginning is that once i learn about any vulnerability (for example: XSS) then i start hunting that vulnerability on live websites without second thought. While this may work for some people, but most of the time they won’t get the desired result and that will get them demotivated. The path that you should follow is something like this:

1- Learn a bug(for example: XSS)

2- Practice on LAB.

3- Get hold of that bug.

4- Start testing on live website.

The main idea behind this path is to make your foundation strong so that you can master that particular category of vulnerability that will give you bounties..

The Problem

The main problem in the path described above is that there is a huge difference between the lab websites and the real world website. Most of the labs are connected to the vulnerability but not to the real world websites. This is the reason when someone learn a vulnerability on any lab, the usually fails to find the same scenario on the real website.

Solution

“So what will happen if we found a lab that can relatable to real life scenarios as well?” This is the question that’s been in my mind for so long but i was not able to find any labs that can solve this problem. So i thought, Why not create my own lab based on my learning so far?

Then me with my fellow friends started a website with only one intention- To make learning easy and give practical exposure for beginners and it will be absolutely free!(Since i like free content too!) Right now we have created two account takeover labs based on real life scenarios where i found account takeover bugs. This lab is intended to give you:

1- Real life scenario to find and exploit vulnerability.

2- Beginner Friendly labs.

3- Solutions if you stuck at some point.

and many others.

You can start hacking the labs below:

Account Takeover Lab 1

Account Takeover Lab 2

What we need to do in those labs?

You just need to hack the admin’s account: admin@bepractical.tech and comment down the secret key.(Each key will be unique to every hacker)

It will look something like this:

What if i need a hint or got stuck?

Don’t worry, you can just comment down your problem in the comment section below or you can directly message me on LinkedIn.

Final Words

I am very much happy that i am contributing to the same community where I once used to learn only. So, please let me know if you have any issues. You can also share the problem you are facing in your bug bounty journey or anything related to cybersecurity.

Join our telegram community over here

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Faiyaz Ahmad

Faiyaz Ahmad

Student | Cybersecurity L0V3R | BUG BOUNTY HUNTER | CTF PLAYER | INDIAN