Pratik Shares His Hacking Story and how to become Bug Bounty Hunter

Here at MyHackerTech, we're always interested in hackers and their stories. White hat hacking is such a varied field that attracts hackers from all corners of the globe and all walks of life. Hacking enthusiasts take the leap to become professional hackers for different reasons, and we want to showcase these reasons through the personal journeys of real hackers.

 

Today we're looking at Pratik's story. Pratik Dabhi  is from India and studying a Master's degree in Security. He also runs PraTech Tutorials where you can find videos on Gadgets Reviews, Android tutorials, Linux tutorials,Windows tutorials, Cyber Security & Ethical Hacking. 

 

How Did You Decide on a Career in Hacking? What Is It That Attracted You to the Field?

 

Ever since childhood, I loved computers. I have fond memories of fixing our home computer with my dad and over time, learning how they work. As I got older, I started exploring different content on YouTube and came across some hacking videos. I was hooked!

 

It was then that I made up my mind - I wanted to be a hacker. Initially, I thought that hackers were all criminals who operated in the shadows of society doing something impressive, but none-the-less unsavory. As time went on and I learned more, I realized that hackers are just people with extraordinary skills. These skills can be extremely useful in combating crime and increasing cybersecurity.

 

What Are Your Plans for After You Finish Your Master's?

First and foremost, I am a student. I am passionate about learning so I don't ever plan to stop. I always try to learn as much as possible so I plan to start working in cybersecurity so I can gain hands-on experience.

 

What Advice Would You Give to Young People Who Are Considering Learning Hacking but Have a Lack of Programming Experience?

 

I consider programming to be fundamental to becoming a hacker. After all, if you don't know how to build something, then you don't know how to break it either. This is the principle I have worked off. On my journey to being a hacker, I experimented with different programming languages and different computer skills. My advice to an aspiring hacker would be to focus your attention on backend programming. Python, PHP, Ruby, and JavaScript programming languages are a great place to start.

 

Can You Tell Us One Thing That Made You Decide to Start Learning and Experimenting?

I was driven by my desire to understand what makes things work, all the way down to the most basic building blocks. I like to understand everything as deeply and thoroughly as possible, and it's this drive that motivated me to learn hacking. As I learned more, I became fascinated by the loopholes that exist in systems and software and how to break these systems.

 

 Pratik shares with us a guide on how to get into bug bounty

 

Q: What is bug bounty?

A:  A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.  All depends on interest and hard-work, not on degree, age, branch, college, etc.

 

1. What to study?

 

• 1. Internet, HTTP, TCP/IP
• 2. Networking
• 3. Command line
• 4. Linux
• 5. Web technologies, java script, php, java
• 6. At least 1 prog language (Python/C/JAVA/Ruby..)

 

2. Choose your path (imp)

 

• 1. Web pen testing
• 2. Mobile pen testing
• 3. Desktop apps

 

3. Resources

Books

For web

• 1. Web app hackers handbook
• 2. Web hacking 101
• 3. Mastering modern web pen testing
• 4. OWASP Testing guide

For mobile

• Mobile application hacker's handbook

 

Youtube channels

 

Hacking

• Live Overflow - https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
• Hackersploit -https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q/videos
• Bugcrowd - https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww
• Open SecurityTraining - https://www.youtube.com/user/OpenSecurityTraining
• Hackerone -https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw

 

Programming

• freeCodeCamp.org - https://www.youtube.com/channel/UC8butISFwT-Wl7EV0hUK0BQ
• ProgrammingKnowledge - https://www.youtube.com/user/ProgrammingKnowledge/videos

 

Writeups, Articles, blogs

 

• Medium (infosec writeups)
• Hackerone public reports
• owasp.org
• Portswigger

 

4. Practice (imp)

 

Tools

• Burpsuite
• nmap
• dirbuster
• sublist3r
• Netcat
• Wireshark
• Metasploit
• Wp-Scan
• Google Dorks

 

Testing labs

 

• DVWA
• bWAPP
• Vulnhub
• Mutillidae
• Owasp BWA
• CTF365
• Hack the box
• Webgoat
• Rootme

 

5. Start!

 

Select a platform

• Bugcrowd - https://www.bugcrowd.com/
• Hackerone - https://www.hackerone.com/
• Synack -https://www.synack.com/
• Japan Bug bounty Program -https://bugbounty.jp/
• Cobalt -https://cobalt.io/
• Zerocopter -https://zerocopter.com/
• Hackenproof - https://hackenproof.com/
• BountyFactory -https://bountyfactory.io
• Bug Bounty Programs List -https://www.bugcrowd.com/bug-bounty-list/
• AntiHack - https://www.antihack.me/

 

Choose wisely (first not for bounty)

Select a bug for hunt

Exhaustive search

Not straightforward always

 

REPORT:

 

• Vulnerability Name
• Vulnerability Description
• Vulnerable url
• Payload
• Steps of Reproduce
• Impact
• Mitigation

 

6. Words of wisdom

 

• PATIENCE IS THE KEY, takes years to master, don't fall for overnight success
• Do not expect someone will spoon feed you everything.
• Confidence
• Not always for bounty 

 

How to start in Bug Bounty 

 

https://twitter.com/pratikdabhi6

Linkedin

https://www.linkedin.com/in/pratikmdabhi/