LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Walk Through of Bepractical.tech lab #2

6 months ago 47
BOOK THIS SPACE FOR AD
ARTICLE AD

Walk-Through of Bepractical.tech lab #2

Today I am going to walk through bepractical.tech Lab #2. I have found this site to be especially helpful and enjoyable. I look forward to trying more of it’s content as/if it comes available. I am new to ethical hacking and would really like to help out others while learning. I am using Firefox and BurpSuite Pro in Kali Linux. This will not include any information on how to setup and use BurpSuite. I will show a littel bit about my errors and should let you know that the captcha can make this a bit tricky. There were a couple times that I had to refresh the lab.

https://temp-mail.org/en/

You are logged in.

Intercept Captured
This is our baseline of a correct request/response.

Notice “200 OK” and the content length(1)

This is the point where I tried to use techniques that worked in lab #1 without success. These are some examples of what I tried. I wanted to put this in incase anybody wanted to avoid mistakes. Move to step #7 to continue correctly

Here I just tried to change the email. No Luck though!! But atleast notice the difference in content length(0)

I try to change the email and forward the request just for the heck of it

Just trying.

Hoping I could change the response before passing it forward but no luck.

Oh Well

Back to the Beginning:

“200 OK” and matching content-length

Notice the Content Length is the same as when we signed in with our own account credentials and that there is a “200 OK” message

Admin Account……. HACKED!!!

Read Entire Article
  3. Walk Through of Bepractical.tech lab #2

Related

How to Find DNS Rebinding Vulnerabilities in Bug Bounty Hunting

How to Find DNS Rebinding Vulnerabilities in Bug Bounty Hunting

0-Click ATO: How I Can Take Over Every Account on the Website

0-Click ATO: How I Can Take Over Every Account on the Website

Race Condition Exploit Enables Free Plan Users to Access Premium Features

Race Condition Exploit Enables Free Plan Users to Access Premium Features

System Hacking Technique

System Hacking Technique

Install MassDNS in Linux

Install MassDNS in Linux

How I Turned NASA’s Search Bar into a Phishing Gateway

How I Turned NASA’s Search Bar into a Phishing Gateway

Trending

1. Adani news
2. Temba Bavuma
3. Honda Activa electric scooter
4. South Africa vs Sri Lanka
5. Phillip Hughes
6. Cyclone Fengal
7. Suresh raina
8. Barca
9. From
10. Arsenal

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved