Follow

Follow
From Github Recon To Account Takeover

From Github Recon To Account Takeover

Dipak kumar Das's photo
Dipak kumar Das
·Aug 24, 2019
Play this article

Hi everyone , after a long time I am doing a write-up on GitHub recon which leads to full account takeover . Few days ago I got a private invite where the in-scope target is only the mobile app.

As its a private program we will take it as Example App . So I gone through all endpoint and functionality of the application , i didn't find anything critical. So I thought to give a try to their GitHub.

If you want to learn how to do GitHub recon there is a detailed tutorial by Th3G3nt3lman

So i started my search with the keyword passwd , i got 3-5 result

after going through all file i got a valid password in file called config.properties

So that app using OTP based authentication and i got the credential for the third party service , which they are using for the SMS.

Using those credential I logged into the SMS provider portal , there is a section call SMS delivery where all SMS delivery report are stored along with the Phone number and the text sent to that number.

So now i have all registered users mobile number and OTP delivery report along with OTP

So i just request for OTP and from the delivery report got the valid OTP and loggedin to any user's account 😎

Hope you guys like it , share your feedback in commen.

Did you find this article valuable?

Support Dipak kumar Das by becoming a sponsor. Any amount is appreciated!

Learn more about Hashnode Sponsors
 
Share this