From Github Recon To Account Takeover

From Github Recon To Account Takeover

Dipak kumar Das's photo
Dipak kumar Das
·Aug 24, 2019·

Subscribe to my newsletter and never miss my upcoming articles

Play this article

Hi everyone , after a long time I am doing a write-up on GitHub recon which leads to full account takeover . Few days ago I got a private invite where the in-scope target is only the mobile app.

As its a private program we will take it as Example App . So I gone through all endpoint and functionality of the application , i didn't find anything critical. So I thought to give a try to their GitHub.

If you want to learn how to do GitHub recon there is a detailed tutorial by Th3G3nt3lman

So i started my search with the keyword passwd , i got 3-5 result

after going through all file i got a valid password in file called config.properties

So that app using OTP based authentication and i got the credential for the third party service , which they are using for the SMS.

Using those credential I logged into the SMS provider portal , there is a section call SMS delivery where all SMS delivery report are stored along with the Phone number and the text sent to that number.

So now i have all registered users mobile number and OTP delivery report along with OTP

So i just request for OTP and from the delivery report got the valid OTP and loggedin to any user's account 😎

Hope you guys like it , share your feedback in commen.

Did you find this article valuable?

Support Dipak kumar Das by becoming a sponsor. Any amount is appreciated!

Learn more about Hashnode Sponsors
 
Share this