It’s been so long since I posted any article, partially because I was tired and taking a pleasant summer break. I was reading this particular article How I could have booked movie tickets through other user accounts by Bharathvaj Ganesan After reading this I realised that I have had always tried different ways to try and bypass the login credentials but never those which had OTP verification process. So this article gave a me this feel that online profiles which have inbuilt OTP verification process is not super secure as well and from there onward I tried to carry out some attack on a website that uses OTP verification process. Let’s dig in! I started my attack on this website let’s say example.com, here I carried out my attack in two phase. Can I create a profile using a mobile no. that I don’t own? ( Identity theft ) Can I get access to the account of a person, if all I know is their username or mobile number? ( How I bypassed the OTP verification process? Part — 2 ) The first hac...
Time and technology have changed so much. I remember my fist laptop..... an etch - a - sketech........