9+

M Khizer Javed

WHO AM I? And My Experiments with Hacking?

14 AUGUST · PUBLIC

Hey Everyone i hope you all are doing great. Nowadays, every other college or school
student wants to be a hacker. Due to media hype, the term hacker is considered both cool
and criminal at the same time. Now, since This Note is basically about my journey into
hacking, I receive many emails on how to become a hacker. "I'm a beginner in hacking,
how should I start?" or "I want to be able to hack my friend's Facebook account" are some
of the more frequent queries. In this article I will attempt to answer these and more. I will
give detailed technical instructions on how to get started as a beginner and how to evolve
as you gain more knowledge and expertise in the domain. Hacking is a skill. And you must
remember that if you want to learn hacking solely for the fun of hacking into your friend's
Facebook account or email, things will not work out for you. You should decide to learn
hacking because of your fascination for technology and your desire to be an expert in
computer systems.

Introduction!
My Name is Muhammad Khizer Javed And I’m 19 Years Old, Currently Studying in 2nd
Year ICS & Living in Islamabad, Pakistan.

Where It All Began!?

I came to Know about the word Hacking about 3 Years a Go when a Friend of mine learned
How to perform Phishing Attack and Successfully Takeover My Facebook account & I was
like WoW How he did that :P so After Getting my account back I started to search Google
about Hacking..... But At that Time all i need to learn is “HOW TO HACK A FACEBOOK
ACCOUNT” So the only thing i was searching on Google was About FB Hacking ( Nothing
else ) Then after successfully wastig about a week I learned that trick and Started to HACK
Facebook accounts by posting scam links in forums, Emails, Messages, Groups, Anonymous
chats etc ( ALL SORT OF SHIT ), Then one day i was searching on Facebook about Hacking
when I found a Guy named Mr.Anon (And Now He is One of My best friends) I posted a
Comment on his post Highlighting an Issue about something (Please Don’t Disclosed That :P
If You still remember that) he took a screenshot of that and Posted on his profile & I saw
many people laughing at me :P and I was like WTF I can do that stuff Myself so I created a
New Facebook account with anonymous Name & Started sending request to the friends of
Mr.Anon And after 3-4 Days I got 5000 People in My Friend List And I know Nothing about
Them.... Then some of them started Tagging me in their Facebook Posts Like ( Hacked By
Team Indi shell, team PCA & Team bla bla bla....) I stared Talking to them about how
they do that and Why? etc And In no time I learned 2 Ninja Tricks for Hacking &
Defacing Websites...

1. Using site:.in index.php?id=1 ‘ :P

2. Going to a Mirror Website Like Zone-h and take a Website from their and Scanning
it finding the existing shell or Finding the Vulnerability in it and Exploit it
:P After some days, I Successfully hacked 20-30 website and Defaced them :p But I was not
having Fun in it so I again started googling and After some time I learned to find vulnerable
sites from some advanced Google Dorks & Then Exploiting them By Tools like Sqlmap, & I
also learned a Little about Manual SQL inj, Shelling Compromising Cpanels etc :/ And After
that i get to know about symlink, server jumping, a little about rooting etc... I don’t wanna
Mention Many things...... But I have to say It was Fun.............. ;)

I’ve had my good share of Hats. Black, white or sometimes a blackish shade of
grey. The darker it gets, the more fun you have. -MakMan

Changing The Color of my HAT!

If you’re not familiar with the concept of Hats in hacking, you’re probably at the
wrong place! -_-

One day i saw that some former Black Hat Hacker Mainly Shawar Khan, Ahsan Tahir
were Getting Swag Packs & $$ From Companies & Earning some Good Reputation and All i
was doing is Defacing Websites & Posting About them on My Facebook :p, So I Contacted
Both of them they Helped me through Guiding me What actually they were Doing and
What are the benefits :) They also Reffer me Some Links to Read about White Hat Hacking...
I first followed the basic guideline and Reported 2-3 Bugs In Website ( even when I don’t
Know what The Bug can do and what problem is causing the issue ) First i got rewarded a
T-Shirt and Then some Amazon Gift Cards 20$, 40$ etc The More I try the More I learned
and Started to understand the Problems........

In August 2016 I Created an Account on Bugcrowd.com Under Username

#MuhammadKhizerJaved and Submitted My First Bug report on 2016-08-03 ( That Report
is Still Open :P & I’m sure its Dup )

Well After Getting No reply I started to search More About Bugs that were New Back Then &
I Reported 4 More Issues all of Them Went Duplicate as those were Easy to Look for On
August 17 I got an Email from Bugcrowd about New private Program Invite

I was Like WTF! is this :P I opened The E-mail accepted the Invite and When I saw the
Scope I was like Naaaa... That’s something I can’t test, But i saw some POC’s About
Subdomain Takeover So I scanned all the subdomains of that Program and Found Manye
Of the subdomains were Vulnerable to Subdomain Takeover
So I made a POC and Send them Without taking over The Subdoamin as I was unaware of
the process :P and in no time i Got the response!

and the Reward was!

So! Basically Without Knowing what actually happening at the end, i GOT My First Reward
that was way more than expected :P After That I become addicted To BugBounty Hunting &
I started to Hunt More and More for Bugs, The first bug i understand was Cross Site
Scripting(XSS) ( I will follow up The Learning process under this Note ) and After reading
Some More Articales & Books, I learned Quiet Few Bugs Like ( XSS,
CSRF,SQLi,LFI,RCE,SSRF,Open redirect, DLL hijacking, Clickjacking etc etc .... )

after learning Process.... I started to Look for XSS issue and Found One in #Bugcrowd itself
:) Check Out The POC :)

Stored XSS in Tracker.bugcrowd.com

From Time to Time I was receiving Bounties and I was happy with It. and I made an
Account on Hackerone.com on and started to hunt Their as well and got some Good
Bounties From Their To....
 Legal Robot

Unikrn

My Most Recent Bounty On HackerOne was......

Profiles Preview!

Bugcrowd Profile
 HackerOne Profile

Well I think its Enough of The Introduction and Story Line Now Lets get straight to The
point “How To Become a BugBounty Hunter/Pentester/WhiteHat.......”

"Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The
effort takes motivation."

I receive Many Messages Daily about teaching me, Hack this for me, How to earn etc....... So
Basically i’m Writing this for All of You Guys Who Wanna Learn BugBounty hunting... i’ll
Attach couple of books, References, Blogs, YouTube Channels & Other Material Hope That
will Help all Of You who wanna Learn :)

First of all I want you guys to Read The article by Eric Raymond
http://www.catb.org/esr/faqs/hacker-howto.html It has become the de-facto standard
guideline for aspiring hackers.......... As Mentioned In This Article

One of The Most Important Thing You Need to Have If You want Become a Hacker is
Attitude!
To be a hacker, you have to develop some of these attitudes. But copping an attitude alone
won't make you a hacker, any more than it will make you a champion athlete or a rock star.
Becoming a hacker will take intelligence, practice, dedication, and hard work.

Therefore, you have to learn to distrust attitude and respect competence of every kind.
Hackers won't let posers waste their time, but they worship competence — especially
competence at hacking, but competence at anything is valued. Competence at demanding
skills that few can master is especially good, and competence at demanding skills that
involve mental acuteness, craft, and concentration is best.

If you revere competence, you'll enjoy developing it in yourself — the hard work and
dedication will become a kind of intense play rather than drudgery. That attitude is vital to
becoming a hacker.

Resources!

Basically I What I’m sharing here is a Collection of Different Books About Penetration
testing & Reverse Engineering That I have Picked from Google and Now Wanna Share With
you all.., Along with Some Blogs Links, & YouTube Channels :)

BOOKS:

I prefer Reading books Like Mastering Modern Web Penetration Testing, The Hacker's
Underground Handbook, web hacking 101 etc
Mastering Modern Web Penetration Testing

The Hacker’s Underground Handbook

Web Hacking 101
iOS Hacker’s Handbook

iOS Hacking: Advanced Pentest & Forensic Techniques !

Android Hacker’s Handbook
Kali Linux REVEALED 2017

Nmap Cheat Sheet

Metasploit Cheat Sheet

These are the Important Books to Read Otherwise Here are Some More Books That May
Help you :) Google Drive Link
Also :) For Those Who Want something Related to Reverse Engineering Follow this Google
Drive

So These were Some Important Books Which I shared With you Guys :) Lets Get Towards
Blogs!

Their are Plenty of Blogs Shared By Hackers on Daily Basics That You can read to learn
More and More..........

https://blog.it-securityguard.com/

https://blog.innerht.ml/

http://brutelogic.com.br/blog/

https://klikki.fi/

http://philippeharewood.com/

https://seanmelia.wordpress.com/

https://respectxss.blogspot.com/

https://www.gracefulsecurity.com/

https://whitton.io/

https://tisiphone.net/

http://archive.nahamsec.com/

http://danlec.com/blog

https://wehackpeople.tumblr.com/

https://bitquark.co.uk/blog/

https://www.arneswinnen.net/

http://bugbountypoc.com/

https://medium.com/@arbazhussain/

https://shahmeeramir.com/
http://www.shawarkhan.com/

https://blog.detectify.com/

http://www.rafayhackingarticles.net/...

https://forum.bugcrowd.com/

https://securitywall.co/

https://www.hackerone.com/blog

http://www.securitytube.net/

https://hackasia.org/

http://www.gangte.net/

https://mukarramkhalid.com/

https://securitytraning.com/

https://jubaeralnaziwhitehat.wordpress.com/...

http://hackaday.com/

http://www.securityfocus.com/

https://packetstormsecurity.com/

http://www.blackhat.com/

https://www.metasploit.com/

http://sectools.org/

https://labs.detectify.com/

https://blog.rubidus.com/

http://www.securityidiots.com/

https://hackernoon.com/

https://sqli-basic.blogspot.com/
 https://bugbaba.blogspot.in/

https://vulnerability-lab.com/

These are some Of the Websites That I like to Visit regularly to b updated and Read Their
Articles.......... Their are Plenty of Other Blogs, Websites That are Missing from This List so be
sure to add them In Comments :) sharing is caring.........

Now Lets get Towards YouTube Channel Links... These Channels are Shared By Hackers
where They Upload their Video POCs.. Watching them u can actually understand how to
demonstrate these type of attacks ...

https://www.youtube.com/channel/UCP...

https://www.youtube.com/channel/UCJ...

https://www.youtube.com/channel/UCR...

https://www.youtube.com/channel/UCY...

https://www.youtube.com/channel/UCw...

https://www.youtube.com/channel/UCa...

https://www.youtube.com/channel/UCt...

https://www.youtube.com/channel/UC5...

https://www.youtube.com/channel/UCM...

https://www.youtube.com/channel/UC_...

https://www.youtube.com/channel/UCq...

https://www.youtube.com/channel/UCV...

https://www.youtube.com/channel/UCs...

https://www.youtube.com/channel/UCa...
https://www.youtube.com/channel/UCP...

https://www.youtube.com/channel/UCX...

https://www.youtube.com/channel/UC4...

https://www.youtube.com/channel/UCs...

https://www.youtube.com/channel/UCo...

https://www.youtube.com/channel/UCy...

https://www.youtube.com/channel/UCS...

https://www.youtube.com/channel/UCO...

https://www.youtube.com/channel/UCh...

https://www.youtube.com/channel/UCo...

https://www.youtube.com/channel/UC9...

https://www.youtube.com/channel/UCe...

https://www.youtube.com/channel/UC2...

https://www.youtube.com/channel/UCP...

https://www.youtube.com/channel/UCz...

Any Channel Link Missing? Kindly add it in Comments :)

another advice...... Regularly follow http://h1.nobbd.de/ to b updated with hackerOne Public

Bug reports You can learn alot from them, Follow OWASP
https://www.owasp.org/index.php/Cat... Also alternatively You can Join Slack Community
fro Hackers https://bugbounty-world.slack.com/ :)
Also You should Consider practicing Your Skills on http://www.itsecgames.com/ ,
http://www.dvwa.co.uk/ And Other Applications Like this :)

Following form a recent Blog post from My Friend Arbaz Hussain I’m Sharing out “10
rules of Bug Bounty”

1. Targeting the Bug Bounty Program

2. How do you Approach the Target ?

3. Don’t Expect Anything !

4. Less Knowledge about Vulnerabilities and Testing Methodologies :

5. Surround yourself with Bug Bounty Community to keep yourself Updated.

6. AUTOMATION

7. GET BOUNTY or GET EXPERIENCE:

8. FIND THE “BUG” or FIND A “BUG’S CHAIN”:

9. FOLLOW MASTER’S PATH:

10. RELAX & ENJOY LIFE:

If You want to Learn about these Steps In Details Follow Up the link

https://medium.com/@arbazhussain/10-rules-of-bug-bounty-65082473ab8c

Being a security researcher, it is really tough to keep yourself up to date. I’d ask the
beginners to focus on self study and learn things by themselves as everything is possible all
you need is the passion of taking a step after that you can achieve anything. Nothing is
impossible to achieve. All i achieved was by doing self-study and self motivation and
without any certifications. You are never a perfect person, but you are still better then the
rest of the people. For being a security researcher, all it takes is the passion to achieve
something. I hope this article helped you motivate to take a positive step in life..

Well That’s All I can Share With you Guys :) At this Phase :) Will Keep this Note Updated If I
found anything :) That can b helpful for Others......... I still Have to Learn alot,,,,, At the end I
would Like To say thanks to all Of My friends Who Really helped me to achieve My goal :)
Shawar Khan Suleman Malik Arbaz Hussain Ali Hasan Taimoor Abid Hassan Khan
Yusufzai Hisham Mir Akita Zen Behroz Alam Babar Akhunzada Sharik Khan
Shahmeer Amir Waleed Abdullah Zahan Ahmad Zain Sabahat Mohammad Aman
Khan Syed Umar Arfeen Jahanzaib Khan Durrani Tayyab Qadir Hammad Qureshi
Daniel Bharatwasi Yogendra Jaiswal Saad Ahmed Prial Islam Khan Rahul Maini
Armaan Pathan Saad Fridi Matthew Temmy Muhammad Awais Noshahi Jubaer Al Nazi
Tarek Siddiki Osama Mahmood Mahmoud Osama Ons Ali Bikash Paudel Mansoor Gilal
Luka Sikic Faisal Ahmed Zen Javanicus Harsh Jaiswal Ali Tabish Muhammad Abdullah
Mahad Ahmed Aqeel Asif Arbin Godar Benjamin Kunz Mejri Mukarram Khalid
etc.............................................

Hacker Meme

͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵ ͵
͵ ͵ ͵ ͵ ͵
 Muhammad Khizer Javed

Like Comment Share

166

3 shares

 View previous comments…

Muhammad Awais Noshahi

Luv Thanks for adding my name ..
More precious than a luv letter
You're the best jani...
May Allah Almighty always give you respect, and always give you what you wants...
10 August · Like ·  1 · Reply · More

Danish Khan
wah keep it up broo ...
10 August · Like ·  1 · Reply · More

John Kozak
Great !
Add the Blog

blog.lolwaleet.com

Abk Khan
~ a LolwaLeet ^_^
blog.lolwaleet.com

10 August · Like ·  3 · Reply · More

M Khizer Javed replied · 2 replies

Moiz Khan Yousafzai

awesome, will help a lot for me as a beginner.
10 August · Like ·  1 · Reply · More

Sam Blank
nicely done bro, good luck with hunting in future
10 August · Like ·  1 · Reply · More

Hassan Khan Yusufzai

Awesome Bro M Khizer Javed Keep Hunting Nice Story
10 August · Like ·  1 · Reply · More

Umar Farooq
Thanks alot man. You really make a difference by not hiding things most of hackers do.
10 August · Edited · Like ·  2 · Reply · More

Tasdir Ahmmed
this note inspire me bro...thnks for all the tut..
10 August · Edited · Like ·  1 · Reply · More

Nguyen Tuan Anh

thanks for share
10 August · Like ·  1 · Reply · More

Mohammad Owais
Awesome bruh
11 August · Like ·  1 · Reply · More

Babar Akhunzada
M Khizer Javed Congratulations on these achievements. #KeepHittingHarder
11 August · Like ·  2 · Reply · More

M Khizer Javed replied · 1 reply

Hassaan Niazai
Congratulations! Keep it up!
11 August · Like ·  1 · Reply · More

Antonio Cannito
Gg bro
11 August · Like ·  1 · Reply · More

Yogendra Jaiswal
keep it up bro
11 August · Like ·  1 · Reply · More

Zaid Rehman
Good
Nice one keep writing this type of articles its good for new guys
11 August · Like ·  2 · Reply · More

Zeeshan Malick
Woah. Keep the good work up!
12 August · Like ·  1 · Reply · More

M Khizer Javed
Jahanzaib Khan Durrani Will love to hear Your feedback
13 August · Like · Reply · More

Syed Umar Arfeen replied · 1 reply

Hisham Mir
You are a chutiya and a certified one
13 August · Like ·  1 · Reply · More

Mahad Ahmed replied · 4 replies

Syed Umar Arfeen

Summary:

shuru wali 2 3 headings wikipedia say lin gain hain or end main sqli or zone-h k baray main bakchodi ki
gai hai

Nice Article sir

13 August · Like ·  1 · Reply · More

Syed Umar Arfeen replied · 11 replies

Usama Arshad
so when u r going to teach me "hackerman"
14 August · Like · Reply · More

Aly Shahh Mughal

keep it up bro #Motivational_Note
14 August · Like · Reply · More

Shivam Kamboj
Great bro
14 August · Like · Reply · More

Ahmad Iftikhar
Awesome !!
15 August · Like · Reply · More

Monalisha Ranjan
Zahan this is so good i guess
17 August · Like ·  2 · Reply · More

M Khizer Javed replied · 3 replies

Senthil Kumar M
thank you so much master
19 August · Like ·  1 · Reply · More

Varun Bhat
Thank you for your inspiring guide. Time to start
20 August · Like ·  1 · Reply · More

Imran Parray
where is the google driver link brp
27 September · Like · Reply · More

M Khizer Javed replied · 2 replies

Imran Parray
bro
27 September · Like · Reply · More

Shykh Bilal
how do you get the payment ?
1 October at 23:43 · Like · Reply · More

Ameer Hamza replied · 12 replies

Write a comment...
Post