Subscribe For Free Updates!

We'll not spam mate! We promise.

Saturday, August 24, 2019

From Github Recon To Account Takeover

Hi everyone , after a long time I am doing a write-up on GitHub recon which leads to full account takeover . Few days ago I got a private invite where the in-scope target is only the mobile app.

As its a private program we will take it as Example App . So I gone through all endpoint and functionality of the  application , i didn't find anything critical. So I thought to give a try to their GitHub.

If you want to learn how to do GitHub recon there is a detailed tutorial by Th3G3nt3lman


So i started my search with the keyword passwd , i got 3-5 result 

after going through all file i got a valid password in file called config.properties


 So that app using OTP based authentication and i got the credential for the third party service , which they are using for the SMS.

Using those credential I logged into the SMS provider portal , there is a section call SMS delivery where all SMS delivery report are  stored along with the Phone number and the text sent to that number.



So now i have all registered users mobile number and OTP delivery report along with OTP


So i just request for OTP and from the delivery report got the valid OTP and loggedin to any user's account 😎


 Hope you guys like it , share your feedback in commen. 




 

1 comments:

Sonali said...

How you found that password🤔..
Don't know the tricks,but its intresting...