Hey Everyone i hope you all are doing great. Nowadays, every other college or school student wants to be a hacker. Due to media hype, the term hacker is considered both cool and criminal at the same time. Now, since This Note is basically about my journey into hacking, I receive many emails on how to become a hacker. “I’m a beginner in hacking, how should I start?” or “I want to be able to hack my friend’s Facebook account” are some of the more frequent queries. In this article I will attempt to answer these and more. I will give detailed technical instructions on how to get started as a beginner and how to evolve as you gain more knowledge and expertise in the domain. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend’s Facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems.
Introduction!
My Name is Muhammad Khizer Javed And I’m 21 Years Old, Currently Living in Islamabad, Pakistan. I do Bug Bounty Hunting and Web app Penetration Testing.
Where It All Began!?
I came to Know about the word Hacking about 4 Years ago when a Friend of mine learned How to perform Phishing Attack and Successfully Takeover My Facebook account & I was like WoW How he did that and stuff i decided to learn, so After Getting my account back I started to search Google about Hacking. But At that Time all i need to learn is “HOW TO HACK A FACEBOOK ACCOUNT” So the only thing i was searching on Google was About FB Hacking ( Nothing else ) Then after successfully wasting about a month I learned that trick and Started to HACK Facebook accounts by posting those links in forums, Emails, Messages, Groups, Anonymous chats etc ( ALL SORT OF SHIT AND I’M REALLY SORRY ABOUT THAT IF ANYONE OF YOU GOT HURT lol).
Then one day I created a New Facebook account with anonymous Name & Started sending request to the People who used to do Defacing and after 3-4 Days I got over 3000 People in My Friend list And I know Nothing about Them…. Then some of them started Tagging me in their Facebook Posts Like ( Hacked By Team Indishell, team PCA & Team bla bla bla….) I started Talking to them about how they do that and Why? etc
And In no time I learned 2 Ninja Tricks for Hacking & Defacing Websites.
Using site:.in index.php?id=1 ‘
Going to a Mirror Website Like Zone-h and take a Website from their and Scanning it finding the existing shell or Finding the Vulnerability in it and Exploit it
After some days, I Successfully hacked 20-30 website and Defaced them But I was not having Fun in it so I again started google and After some time I learned to find vulnerable sites from some advanced Google Dorks & Then Exploiting them By Tools like Sqlmap, & I also learned a Little about Manual SQL inj, Shelling Compromising Cpanels etc And After that i get to know about symlink, server jumping, a little about rooting etc… and at first it was all fun & learning but not profitable so i changed my HAT.
Changing The Color of my HAT!
I’ve had my good share of Hats. Black, white or sometimes a blackish shade of grey. The darker it gets, the more fun you have. – MakMan
If you’re not familiar with the concept of Hats in hacking, you’re probably at the wrong place!
One day i saw that some White Hat Hackers Mainly Shawar Khan, Behroz etc were Getting Swag Packs & rewards From Companies & Earning some Good Reputation and All i was doing is Defacing Websites & Posting About them on My Facebook , So I Contacted Both of them they Helped me through Guiding me What actually they were Doing and What are the benefits
They also Refer me Some Links to Read about White Hat Hacking… I first followed the basic guideline and Reported 2-3 Bugs In Website ( even when I don’t Know what The Bug can do and what problem is causing the issue ) First i got rewarded a T-Shirt and Then some Amazon Gift Cards 20$, 40$ etc The More I try the More I learned and Started to understand the Problems……..
In August 2016 I Created an Account on Bugcrowd.com Under Username #MuhammadKhizerJaved and Submitted My First Bug report on 2016-08-03
Well After Getting No reply I started to search More About Bugs that were New Back Then & I Reported 4 More Issues all of Them Went Duplicate as those were Easy to Look for On August 17 I got an Email from Bugcrowd about New private Program Invite
I was Like WTH! is this I opened The Email accepted the Invite and When I saw the Scope I was like Naaaa… That’s something I can’t test, But i saw some POC’s About Subdomain Takeover So I scanned all the subdomains of that Program and Found Many Of the subdomains were Vulnerable to Subdomain Takeover
So I made a POC and Send them and in no time i Got the response!
and the Reward was!
So! Basically Without Knowing what actually happening at the end and just basic reading, i got My First Reward that was way more than expected.
After That I become addicted To Bug Bounty Hunting & I started to Hunt More and More for Bugs, The first bug i understand was Cross Site Scripting(XSS) and After reading Some More Articles & Books, I learned Quite Few Bugs Like ( XSS, CSRF,SQLi,LFI,RCE,SSRF,Open redirect, DLL hijacking, Clickjacking etc)
after learning Process…. I started to Look for XSS issue and Found One in #Bugcrowd itself
From Time to Time I was receiving Bounties and I was happy with It. and I made an Account on Hackerone.com on and started to hunt Their as well and got some Good Bounties From Their To….
Now after Almost 3 Years in Bug Bounty Hunting I have learned a few things and i’m still learning almost made over 1600 Points on Bugcrowd and ranked under Top 100 researchers and on HackerOne i made almost over 2000 Points.
And Now trying my best to learn more everyday and also share what i have learned so far with people who are interested in this field…
Resources to Learn
I Have written a basic Guide for People who are interested to learn you can follow up to that here.
Guide 00X |Getting Started in Bug Bounty Hunting..
No one will tell you anything or everything about this field, It’s a long strange path but you have to travel it alone with little help from others.
I am still learning more about Bug Bounty Hunting and writing about this as I am learning, is my way of retaining the knowledge. and sharing what i learned so far and from internet.
Bug Bounty Hunting is an exciting field to be in today, To define Bug Bounty in simple wording I’ll day “Bug Bounty is a reward paid to an Ethical Hacker for identifying and disclosing a potential security bug found in a participant’s Web, Mobile or System.”. But i hope as you’re here already you know enough about bug bounty hunting that i don’t need to define it to get into usual basics.
Now who am i? i already wrote a note like this in 2017 at WHO AM I? And My Experiments with Hacking? It contains some information about me and my experience and a basic guide but it’s all mixed up and not really in details so i decided to write a new one read it if you like to know a bit about me otherwise i’ll be moving the resources i shared there to this note with some details. I hope this blog will be helpful to you guys do let me know in comments if i missed something and you would like to add something or have any questions. This Blog contains Resources i have collected from all over the internet and adding them here to make a blog that contains 0-100 about getting started in Bug Bounty i’ll try my best to mention each place i managed to get the resources from if somethings missed you know how to write a comment under a blog post. peace.\!
First of all I want you guys to Read The article by Eric Raymond http://www.catb.org/esr/faqs/hacker-howto.html For Me It has become standard guideline for Starters. As Mentioned In This Article One of The Most Important Thing You Need to Have If You want Become a Hacker is Attitude!
To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won’t make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won’t let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.If you revere competence, you’ll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.
What You Should Know Before Starting to learn about Bug Bounty Hunting?
It’s Actually a Rough Road Ahead… ~Khizer
I’ll be writing this blog in 3 Major Phases were i’ll break down things to be as easy as possible, because the major audience in my mind right now is absolute beginners, or ones who have already tried learning or working but failed for some reason…
Phase #01
Phase 01 is Based on Basics of Networks communication stuff, Programming & Automation.
Well first of all to work on anything you need to know some very basic thing, that includes how a system works and how can you can make changes to it. Now let’s start from very basics…
Web, HTTP & Network Basics:
Web: Just for overview you should give a read to one of these
HTTP: Communication is the key to success thus in order to learn something works on in our case how an application works and what it’s flow is we need to learn how it communicates with you. and the Most basic thing i can think of is knowing about HTTP. Mentioning a few places you should definitely visit to get an idea about HTTP.
What You’ll basically learn from these is about HTTP Protocols, HTTP Requests, Response, Status Codes, Encoding/Decoding, and From the last URL you’ll get to learn it under security perspective so you’ll get to learn SOP, Cookie, MIEM & HTML Pharising. These will definitely help you later with Web app testing and stuff.
Networking: A basic understanding of networking is important for anyone who’s into computer. So a few resources to learn the basics of Networking.
What You’ll learn from these are basics of Networking, TCP/ID, DNS, Network terminologies & Linux commands etc. These will definitely help you later with Recon Process.
Learn to make it; then break it!
Programming/Coding:
To be a Good Hacker you don’t really need to be a Good Programmer but it’s always Good to cover this before going in Any form of Computer Hacking or Bug Bounty in general. Also Sometimes It increases your chances of successfully identifying and exploiting a vulnerability and also you may need code to escalate a bug with a low/medium severity to high/critical. I Personally suffered for two year in bug bounties because in many cases i couldn’t really understands what the particular code means, couldn’t exploit an issue properly or couldn’t even code in general, and I’m, still trying my best to catch up to speed so i’ll suggest you guys not to skip these parts and go directly towards Bug Bounties. Now I’ll suggest a few languages that one should properly have basic to medium level knowledge about and keep advancing it.
Well As you know sometimes you need to so your work faster and more efficiently so the best way i think for it is Automating your work not gonna get to much into depth of it as it’s something i myself is just getting familiar about.. so You can read more about Importance of Automation for a Bug Bounty Hunter at https://pentester.land/conference-notes/2018/07/25/bug-bounty-talks-2017-automation-for-bug-hunters.html I’ll just share here my notes for what languages i’m following and looking forward to be good at..
What You’ll learn from these is to code your own tools and understand many other common tools and modify them according to your needs. Ofc one can’t learn all these but should try to get grip on one he likes and get to understand others.
So Till Here I’ll say you already knew all the basics, was good around PHP, JS & HTML stuff & also was good around Scripting & SQL or maybe learned a bit or these and gave it a good time i’ll say a fews weeks maybe… Then Congrats you have already gone through Phase #01 This means that You have done 39% Of Learning Work towards being a good Bug Hunter/ Ethical Hacker.. Just keep a practicing i myself is still learning this phase because 4 years ago when i started i skipped this part for no reason and then had to see many things differently so i hope you guys won’t have an issue if you go through the First Phase easily.
Phase #02
Phase 02 is Based on Learning about Vulnerabilities, Resources to follow to learn them, Places to practice & Tools etc.
“Being a hacker is lots of fun, but it’s a kind of fun that takes lots of effort. The effort takes motivation.”
Now let’s start with basic learning about InfoSec the first and really most important step would be to choose a proper initial path that you are going to start learning. Choosing a right path to start in Bug Bounty is very important. It totally depends upon your interest, like some people choose Web Application path first coz it’s easy to learn and go through than mobile and others… (Some of the resources are moved here from my old blog that’s i’m going to remove but these are updated and properly arranged by my experience)
I’ll focus on Web, & Mobile Here coz this is what my interest is.
Before I add anything else i’ll suggest You to actually go through
Both of these contains Huge list of resources and lectures that can help you in even a better way than many of us can’t but as you guys are following this as well so i decided to add them here also.
Web App Security:
Before I Suggest you what to Learn first if you follow my suggested path l’ll like to tell you some ways you can practice your skills..
CTF(Capture The Flag): Now to practice for Bug Bounties you can participate in CTF challenges. Just like the name suggests “Capture The Flag” there are several challenges for you to solve which deals with real-world vulnerabilities. The more you practice on these challenges the more you will learn about the different technologies required to break into an application or a system.
For Web App I’ll suggest you guys to read the following books & guides first
By Reading these books you will get a good knowledge about Web App pentesting & Security testing in general and in depth.
In addition to these Books i’ll suggest you guys should really give good time reading and understanding OWASP Testing Guide & OWASP Top 10 Vulnerabilities from 2010-2017
Adding a Few basic Pdfs for you guys to go though and save locally to you can keep it revised and keep learning from them.. i’ll say they gonna help you almost a hundred percent of the time. So do give these a good time
Now by this point i’ll say You have done Good enough research and given good time to practice and learn that you can jump into a Bug Bounty Program to test in real life environment outside CTF, or test environments. So you can happily jump to the pages at
And Select a Program But I’ll suggest you to read till the end.
Following all of them books, testing guides you might have an idea of vulnerabilities so i’ll name a few common ones and try to give good reference to learn them easily.
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
SQL injection, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed.
In IDOR an application provides direct access to objects based on the user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access resources in the system directly.
Response To Request Injection (RTRI) by ?, be honest, thanks to this article, I have found quite a few bugs because of using his method, respect to the author!
XXE is an attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.
The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation.
So these were some common issues that one should get a grip on and learn more and more about Following is a list of some Attacks Topics that You Should do some research and read the Blogs/reports on them..
These are some Of the Websites That I like to Visit regularly to b updated and Read Their Articles………. There are Plenty of Other Blogs, Websites That are Missing from This List so be sure to add them In comments.
YouTube Channels! You should follow.
Now Lets get Towards YouTube Channel Links… These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these type of attacks …
This was as much as i can think about sharing with you guys related to Web app Security in tools and vulns i have added a few things about mobile apps but the following sections contains some references you should definitely go through if you gonna join the mobile app security gang as well..
Mobile App Security.
So hello to Mobile App Security section now let me clear this first i’m a complete noob at this section so it won’t be as detailed as the web app one.
Now The best and the very first thing i would suggest is to actually learn about Development phase of an app mainly my focus is Android APPs ( doesn’t necessarily means that you should go for learning to develop an android but at least get to know. For this You can go through the following Android App development tools. (My suggestion is you should actually give basic time to these)
Android SDK ~ The Android software development kit (SDK) includes a comprehensive set of development tools. These include a debugger, libraries, a handset emulator based on QEMU, documentation, sample code, and tutorials
ADT Bundle ~ The Android Developer Tools(ADT) bundle is a single download that contains everything for developers to start creating Android Application
Root Tools ~ RootTools provides rooted developers a standardized set of tools for use in the development of rooted applications.
Now if you have gone through them let’s get towards Mobile app security vulnerabilities For this i’ll suggest you to first go towards OWASP Mobile Top 10 Giving them a good overview will definitely worth it.
I’ll also Highly suggest these two Books specifically for Android & IOS app testing
For Mobile Applications i’ll share Two of the Best places i’m currently following to learn and i would highly recommend you guys to have a look at them and giving them a proper read will definitely help you
Application Security Wiki:
Application Security Wiki is an initiative to provide all Application security related resources to Security Researchers and developers at one place.
I saw a few friends of mine shared some really interesting and important tools, & resources so i decided to add them here as well because I’m giving some good time to them nowadays.
I hope the Path Guide i’m trying to share here clears doubts for many newcomers in Bug Bounty Hunting. Let’s move to Phase #03
Phase #03
Phase 03 is All about Selecting a target, getting started to test and after finishing testing writing a good report about the issue you have found.
Hey so Now the Final Phase i have in my mind is for People who have gone through all the good important stuff and now are testing.. so i’ll like to give my advice about a few things and then will sum up this blog.
Selecting and Approaching a Target?
One of the most import things in Bug bounty Hunting is to Select a target that you’re going to test. This basically depends on ones mood, experience and skills one can take a look at a target with a huge scope having 4-5 websites will all subdomains inscope and a few mobile apps and test start testing them or just one domain & one app with a good app having a lot of features to test.
Approaching a target to Hunt is an easy task you just need to be careful with what you’re doing it all depends on you.. for me i usually do recon at first by going through domain history, links, IPs, & WayBack Info of the site. Don’t forget to keep notes of everything you do, now basically after the basic recon process thats i used tools and stuff for or somethings have to done manual.. I start hunting, i take a particular functionality/workflow in the application and start digging deep into it. I do look for low hanging fruits or surface bugs. There is no point focussing your efforts on those but keeping track of them is really helpful. I Observe this workflow/requests via a proxy tool such as Burp or Zap. Burp is actually the only tool I use for we or android app pentesting I mainly .Create multiple accounts because I want to test the functions being sent from one user to another. If you haven’t been provided multiple accounts, ask for it. Till date, I have not been refused a second account whenever I have asked for it. or sometimes create them easily. Just work with the app flow and keep testing look for weird behaviours of the app try changing things in them but remember finding an app working weirdly isn’t necessarily means you have found a bug worth reporting but i would suggest you to keep digging and try to actually find a basic security impact of that… then i usually go for major listed security vulnerabilities i use the methods to achieve them nothing much special just all depends on an app you can’t find a PHP code injection in a static web lol so that’s why i usually give good time on learning the web flow. for this i go got reading API docs and stuff. After spending a few hours on this stuff, if i can’t get anything on a particular point of the app i usually stop and move on. Getting hung up on something is the biggest motivation killer but that doesn’t mean i gave up. I do get back to it later if something else comes up. That’s why i always make notes and save them for later use.
That’s basically all i do lol looks basic and easy but for me it’s hell time spent…
Reporting a Vulnerability?
So i’ll say after all this effort you have put into learning, practicing, & actually successfully finding an vulnerability, writing a report will be one of the most difficult tasks. Because one mistake can make the team reviewing them annoyed or maybe increase their workflow. for me Writing a simple but effective report with proper headings and giving as much details as possible with POC images or videos can actually make your work fun and the teams work easy. to Write a report i follow these guides.
Well i guess this is where i’ll end this Blog and i hope these resources i’m sharing here help answer the questions i basically get in my DMs about teaching them. I myself is a student right now and learning is a huge part of my life also, i consider myself a beginner and sharing this is basically a way for me to learn more.. As Mentioned before this Guide is basically for people who are absolutely new or are still looking for a proper way about what to learn first and from where.
Ending Note!
Being a security researcher, it is really tough to keep yourself up to date. I’d ask the beginners to focus on self study and learn things by themselves as everything is possible all you need is the passion of taking a step after that you can achieve anything. Nothing is impossible to achieve. All i achieved was by doing self-study and self motivation and without any certifications and i’m still learning and trying my best to share what i can so others can also learn something.
You are never a perfect person, but you are still better than the rest of the people.
For a security researcher, all it takes is the passion to achieve something. I hope this article helped you motivate to take a positive step in life.. Well Thanks for reading that’s All I can Share With you Guys For Now I’ll Make sure to Keep this Article Updated for More People to read.
And After that i get to know about symlink, server jumping, a little about rooting etc… and at first it was all fun & learning but not profitable so i changed my HAT.
