Hi everyone , after a long time I am doing a write-up on GitHub recon which leads to full account takeover . Few days ago I got a private invite where the in-scope target is only the mobile app. 
As its a private program we will take it as Example App . So I gone through all endpoint and functionality of the application , i didn't find anything critical. So I thought to give a try to their GitHub. 
If you want to learn how to do GitHub recon there is a detailed <a target="_blank" href="https://www.youtube.com/watch?v=l0YsEk_59fQ">tutorial</a> by <a target="_blank" href="https://twitter.com/Th3G3nt3lman">Th3G3nt3lman</a> 
So i started my search with the keyword passwd , i got 3-5 result 
after going through all file i got a valid password in file called <a href="http://config.properties" class="autolinkedURL autolinkedURL-url" target="_blank">config.properties</a> 
<a target="_blank" href="https://1.bp.blogspot.com/-CPiNyWG-v0g/XWGBNdmMLII/AAAAAAAARTQ/EGn9v9_8BZYUjKdOdwS0yLyy7YBdWRyaACLcBGAs/s1600/Screenshot_145.png"><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1656363298632/UGSDWqd-9.png" alt /></a>
 So that app using OTP based authentication and i got the credential for the third party service , which they are using for the SMS. 
Using those credential I logged into the SMS provider portal , there is a section call SMS delivery where all SMS delivery report are stored along with the Phone number and the text sent to that number. 
<a target="_blank" href="https://1.bp.blogspot.com/-XJKnOhR9pOQ/XWLI-9i78pI/AAAAAAAARVI/SuCJZwnEAw0qmGpB9GyB5JaeJ4EljgPewCLcBGAs/s1600/6wPYotSY.png%2Blarge.png"><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1656363300094/UQGAAq8Yv.png" alt /></a>
So now i have all registered users mobile number and OTP delivery report along with OTP 
So i just request for OTP and from the delivery report got the valid OTP and loggedin to any user's account 😎 
<a target="_blank" href="https://media.giphy.com/media/iNqNlmBrb7iQ4gsmVo/giphy.gif"><img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1656363302247/e4bYd1vJ7.gif" alt /></a>
 Hope you guys like it , share your feedback in commen.

Hi everyone , after a long time I am doing a write-up on GitHub recon which leads to full account takeover . Few days ago I got a private invite where the in-scope target is only the mobile app.  
  
As its a private program we will take it as Example App . So I gone through all endpoint and functionality of the  application , i didn't find anything critical. So I thought to give a try to their GitHub.  
  
If you want to learn how to do GitHub recon there is a detailed [tutorial](https://www.youtube.com/watch?v=l0YsEk_59fQ) by [Th3G3nt3lman](https://twitter.com/Th3G3nt3lman)  
  
  
So i started my search with the keyword **passwd** , i got 3-5 result   
  
after going through all file i got a valid password in file called config.properties  
  

[![](https://cdn.hashnode.com/res/hashnode/image/upload/v1656363298632/UGSDWqd-9.png)](https://1.bp.blogspot.com/-CPiNyWG-v0g/XWGBNdmMLII/AAAAAAAARTQ/EGn9v9_8BZYUjKdOdwS0yLyy7YBdWRyaACLcBGAs/s1600/Screenshot_145.png)

  
 So that app using OTP based authentication and i got the credential for the third party service , which they are using for the SMS.  
  
Using those credential I logged into the SMS provider portal , there is a section call SMS delivery where all SMS delivery report are  stored along with the Phone number and the text sent to that number.  
  
  

[![](https://cdn.hashnode.com/res/hashnode/image/upload/v1656363300094/UQGAAq8Yv.png)](https://1.bp.blogspot.com/-XJKnOhR9pOQ/XWLI-9i78pI/AAAAAAAARVI/SuCJZwnEAw0qmGpB9GyB5JaeJ4EljgPewCLcBGAs/s1600/6wPYotSY.png%2Blarge.png)

  
So now i have all registered users mobile number and OTP delivery report along with OTP  
  
  
So i just request for OTP and from the delivery report got the valid OTP and loggedin to any user's account 😎  
  

[![](https://cdn.hashnode.com/res/hashnode/image/upload/v1656363302247/e4bYd1vJ7.gif)](https://media.giphy.com/media/iNqNlmBrb7iQ4gsmVo/giphy.gif)

  
 Hope you guys like it , share your feedback in commen.

From Github Recon To Account Takeover

Did you find this article valuable?