Hello hackers, I’m Mostafa Elguerdawi, in this Write-up I’ll explain how I was able to steal users’ cookies via XSS. I’ll mention my target as target.com The first thing I always do is browse the application and try to understand how it works, By create account and do some actions…

Hello hackers, I’m Mostafa Elguerdawi, This will be the second write-up about Penetration Testing processes. In this write-up we will talk about Port Scanning and Ping Sweep. What is Port Scan? Port scan is a technique that attacker perform to know open ports and running services in target server such as HTTP,FTP,SSH. After know…

Hello hackers I’m Mostafa Elguerdawi, I will talk about one of my recent findings. I will mention the vulnerable application as target.com So, as normal I created account and logged in normal way, I started look around the application to get more info about it, Then I started to hunt…

Hello hackers, I’m Mostafa Elguerdawi this will be first write-up about Penetration Testing series. In this Write-up we will talk about first phase in pentesting, Information gathering. Information Gathering Information gathering and Footprinting is a first step that an attacker collect information about his/her target. What Is Network Footprinting? It’s a process about identify and understanding…

Hello I’m Mostafa Elguerdawi in this write-up I’ll explain how could I bypass 2fa. Let’s call on my target target.com First, I created an account and logged in in a normal way. After some testing in some authenticated endpoints I decided to test on 2fa function. I enabled 2fa and…

Hello I’m Mostafa Elguerdawi, This Write-up about one of my recent reports I will explain how I find it from zero, So Let’s start. First let’s say my target was redacted.com Find sub-domain from Shodan I decided to get my target favicon hash in order to find more sub-domains through shodan First I…

Hello All I’m Mostafa Elguerdawi, In this writeup I will explain how I get RXSS using shodan What is shodan? Shodan is a search engine that allows users to search for internet-connected devices and systems. However, it’s not a typical search engine like Google, which indexes web pages. Instead, Shodan…

Hello All, I am Mostafa Elguerdawi and This is my first bug ever in Android Bug Hunting, So let’s start. What is WebView? In Android development, a WebView is a UI component that allows you to display web content within your Android app. It is essentially a widget that can render web pages…

Hello there , I’m Mostafa Elguerdawi, Today , I would like to share about one of my recent finding in HackerOne ‘s program Let’s say : https://reacted.com When I’m testing on this site, there is a login function, as normal I tried login bypass using Response Manipulation, Default Credentials, and…