BUG BOUNTY TUTORIAL: ACCOUNT TAKEOVER | JWT HACKING

Показать описание

Welcome to the Bug Bounty Tutorial Series! In this video, you will learn how to perform account takeover through jwt hacking. If you have any doubts or issues then please let me know in the comment section.

#cybersecurity #ethicalhacking #bugbounty #bugbountytips #bugbountyhunter #bugbountypoc

BePractical

Рекомендации по теме

Комментарии

first of all....nobody just nobody exposes their web config values like this in their small organizations they are defined within the environment variables..so even if you have intercepted the config file you will see key=${PRIVATE_KEY}...in case of large organizations these private keys are defined within a vault

chayanguhathakurata

Are the labs removed from your website ?

Nayanchoudhary-qenh

You should make playlists of your labs too. Loving them so far too!

Cossaw

What kf we didnt find the key from the directory
Any other method for key generation

ananthandaluri

kind of confused it this account takeover or privilege escalation? program doesn't pad this type of bug am I right?

gamerz

How is this hacking when you know exactly what the key for encryption is?

Hacker

So is there a way we can do fuzzing on jwt token ? Cause in your case you mentioned about dirbuster, so we are saying key is present in one of the file in some directory. Can we do something if we don't have the key, what other things can be applied ? Also great work ! looking forward to lab 2, 3 and 4. I am trying to see the documentation for other labs, do share if you have.

gaurav

Thanks for the video, i have one question in web.config file there is many keys so how we can identify which one is the secret key for decoding jwt token.

UCyohViaSVeHddrDZVKnoQ

this lab is different now, i tried to dir enum and cant find any file contain the secret key ?
do i have to bruteforce for that jwt lab1 ?

samfisher

Doesn't work in real scenarios anymore.

REDCULT-is-Live

I need to know do we need a professional version to do this practice because I have tried with the basic version it is not working? pls ans

keerthivasan

Bro wp-admin takeover video meke please

jay-india

imagine removing the labs and making everyone pay your gay lol

spoonstr

BUG BOUNTY TUTORIAL: ACCOUNT TAKEOVER | JWT HACKING

BUG BOUNTY TUTORIAL: ACCOUNT TAKEOVER | JWT HACKING

$360 bug bounty | account takeover through reset password | hackerone bug bounty poc | most easy one

How to do account takeover? Case study of 146 bug bounty reports

Full Account takeover by Blind XSS | Bug bounty poc

BUG BOUNTY TUTORIAL: ACCOUNT TAKEOVER | JWT HACKING #3

BUG BOUNTY: ACCOUNT TAKEOVER ON LIVE WEBSITE

AT&T account takeover via rest password | bug bounty by mouhssine kassih

Account Takeover: From zero to System Admin using basic skills #bugbounty #hacking #pentest

Full account takeover | Bug bounty POC

Account Takeover via Username / Password Enumeration

Bug - Uber Account takeover - Bounty

Admin Authentication Bypass Lead to Admin Account Takeover #bugbounty #bug #bugbountypoc

$800 Bounty for Full Account Takeover| Reverb | Bug Bounty 2020

JWT Manipulation Vulnerability Leading to Account Takeover PoC | Hackerone Bug Bounty 2024

$1000 || Complete Account takeover using forgot password link || Bug Bounty || motonline.com.br

Bug Bounty POC - Email OTP Bypass (Account takeover)

Full Account Takeover POC | $2500 Bounty | 2025 BugBounty

Practice: Account Takeover by Host Header Injection Tutorial POC | bug bounty

450$ Bounty account takeover thought reset password POC #hackerone

Twitter account takeover bug bounty (fixed)

2000$ 😮Account takeover via IDOR | Bug-Bounty POC | Easy |

$25,000 Facebook.com postMessage account takeover vulnerability

#3 Account Takeover | 2FA Bypass | Bug Bounty POC | CyberTron | #bugbounty #cybersecurity

$200 of bounty | Password hacking | Account takeover | clickjacking | bug bounty poc | #bugbounty