# From Github Recon To Account Takeover

Hi everyone , after a long time I am doing a write-up on GitHub recon which leads to full account takeover . Few days ago I got a private invite where the in-scope target is only the mobile app.

As its a private program we will take it as Example App . So I gone through all endpoint and functionality of the  application , i didn't find anything critical. So I thought to give a try to their GitHub.

If you want to learn how to do GitHub recon there is a detailed [tutorial](https://www.youtube.com/watch?v=l0YsEk_59fQ) by [Th3G3nt3lman](https://twitter.com/Th3G3nt3lman)

So i started my search with the keyword **passwd** , i got 3-5 result

after going through all file i got a valid password in file called config.properties

[![](https://cdn.hashnode.com/res/hashnode/image/upload/v1656363298632/UGSDWqd-9.png align="left")](https://1.bp.blogspot.com/-CPiNyWG-v0g/XWGBNdmMLII/AAAAAAAARTQ/EGn9v9_8BZYUjKdOdwS0yLyy7YBdWRyaACLcBGAs/s1600/Screenshot_145.png)

So that app using OTP based authentication and i got the credential for the third party service , which they are using for the SMS.

Using those credential I logged into the SMS provider portal , there is a section call SMS delivery where all SMS delivery report are  stored along with the Phone number and the text sent to that number.

[![](https://cdn.hashnode.com/res/hashnode/image/upload/v1656363300094/UQGAAq8Yv.png align="left")](https://1.bp.blogspot.com/-XJKnOhR9pOQ/XWLI-9i78pI/AAAAAAAARVI/SuCJZwnEAw0qmGpB9GyB5JaeJ4EljgPewCLcBGAs/s1600/6wPYotSY.png%2Blarge.png)

So now i have all registered users mobile number and OTP delivery report along with OTP

So i just request for OTP and from the delivery report got the valid OTP and loggedin to any user's account 😎

[![](https://cdn.hashnode.com/res/hashnode/image/upload/v1656363302247/e4bYd1vJ7.gif align="left")](https://media.giphy.com/media/iNqNlmBrb7iQ4gsmVo/giphy.gif)

Hope you guys like it , share your feedback in comment.
