Hey Everyone i hope you all are doing great. Nowadays, every other college or school student wants to be a hacker. Due to media hype, the term hacker is considered both cool and criminal at the same time. Now, since This Note is basically about my journey into hacking, I receive many emails on how to become a hacker. “I’m a beginner in hacking, how should I start?” or “I want to be able to hack my friend’s Facebook account” are some of the more frequent queries. In this article I will attempt to answer these and more. I will give detailed technical instructions on how to get started as a beginner and how to evolve as you gain more knowledge and expertise in the domain. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend’s Facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems.
My Name is Muhammad Khizer Javed And I’m 21 Years Old, Currently Living in Islamabad, Pakistan. I do Bug Bounty Hunting and Web app Penetration Testing.
Where It All Began!?
I came to Know about the word Hacking about 4 Years ago when a Friend of mine learned How to perform Phishing Attack and Successfully Takeover My Facebook account & I was like WoW How he did that and stuff i decided to learn, so After Getting my account back I started to search Google about Hacking. But At that Time all i need to learn is “HOW TO HACK A FACEBOOK ACCOUNT” So the only thing i was searching on Google was About FB Hacking ( Nothing else ) Then after successfully wasting about a month I learned that trick and Started to HACK Facebook accounts by posting those links in forums, Emails, Messages, Groups, Anonymous chats etc ( ALL SORT OF SHIT AND I’M REALLY SORRY ABOUT THAT IF ANYONE OF YOU GOT HURT lol).
Then one day I created a New Facebook account with anonymous Name & Started sending request to the People who used to do Defacing and after 3-4 Days I got over 3000 People in My Friend list And I know Nothing about Them…. Then some of them started Tagging me in their Facebook Posts Like ( Hacked By Team Indishell, team PCA & Team bla bla bla….)
I started Talking to them about how they do that and Why? etc
And In no time I learned 2 Ninja Tricks for Hacking & Defacing Websites.
- Using site:.in index.php?id=1 ‘
- Going to a Mirror Website Like Zone-h and take a Website from their and Scanning it finding the existing shell or Finding the Vulnerability in it and Exploit it
After some days, I Successfully hacked 20-30 website and Defaced them
But I was not having Fun in it so I again started google and After some time I learned to find vulnerable sites from some advanced Google Dorks & Then Exploiting them By Tools like Sqlmap, & I also learned a Little about Manual SQL inj, Shelling Compromising Cpanels etc
And After that i get to know about symlink, server jumping, a little about rooting etc… and at first it was all fun & learning but not profitable so i changed my HAT.
Changing The Color of my HAT!
I’ve had my good share of Hats. Black, white or sometimes a blackish shade of grey. The darker it gets, the more fun you have. – MakMan
If you’re not familiar with the concept of Hats in hacking, you’re probably at the wrong place!
One day i saw that some White Hat Hackers Mainly Shawar Khan, Behroz etc were Getting Swag Packs & rewards From Companies & Earning some Good Reputation and All i was doing is Defacing Websites & Posting About them on My Facebook
, So I Contacted Both of them they Helped me through Guiding me What actually they were Doing and What are the benefits
They also Refer me Some Links to Read about White Hat Hacking… I first followed the basic guideline and Reported 2-3 Bugs In Website ( even when I don’t Know what The Bug can do and what problem is causing the issue ) First i got rewarded a T-Shirt and Then some Amazon Gift Cards 20$, 40$ etc The More I try the More I learned and Started to understand the Problems……..
Well After Getting No reply I started to search More About Bugs that were New Back Then & I Reported 4 More Issues all of Them Went Duplicate as those were Easy to Look for On August 17 I got an Email from Bugcrowd about New private Program Invite
I was Like WTH! is this I opened The Email accepted the Invite and When I saw the Scope I was like Naaaa… That’s something I can’t test, But i saw some POC’s About Subdomain Takeover
So I scanned all the subdomains of that Program and Found Many Of the subdomains were Vulnerable to Subdomain Takeover
So I made a POC and Send them and in no time i Got the response!
and the Reward was!
So! Basically Without Knowing what actually happening at the end and just basic reading, i got My First Reward that was way more than expected.
After That I become addicted To Bug Bounty Hunting & I started to Hunt More and More for Bugs, The first bug i understand was Cross Site Scripting(XSS) and After reading Some More Articles & Books, I learned Quite Few Bugs Like ( XSS, CSRF,SQLi,LFI,RCE,SSRF,Open redirect, DLL hijacking, Clickjacking etc)
after learning Process…. I started to Look for XSS issue and Found One in #Bugcrowd
From Time to Time I was receiving Bounties and I was happy with It. and I made an Account on Hackerone.com on and started to hunt Their as well and got some Good Bounties From Their To….
Now after Almost 3 Years in Bug Bounty Hunting I have learned a few things and i’m still learning almost made over 1600 Points on Bugcrowd and ranked under Top 100 researchers and on HackerOne i made almost over 2000 Points.
And Now trying my best to learn more everyday and also share what i have learned so far with people who are interested in this field…
Resources to Learn
I Have written a basic Guide for People who are interested to learn you can follow up to that here.
Guide 00X |Getting Started in Bug Bounty Hunting..
You can Contact me via Twitter DM, or my Email at firstname.lastname@example.org if you have any questions after reading the Article Above