How Hackers get free subscription of any Website

How Hackers get free subscription of any Website

Getting a Full-time Subscription or Membership is Very costly and unfavorable in these days. These subscriptions can be from Media watching sites, Shopping sites or any other real-world Dealership sites.

Today I am going to tell you how hackers get the free membership of any sites by their skills of hacking. For Today's Experiment, We will use Juice Website named OWASP JUICE SHOP

how-to-identify-phishing-emails-hero1563574792094743.jpg

Let's create an account on OWASP with my normal credentials

  • Go to OWASP

  • Click on Account-> Login -> Not yet a member

  • Enter your Credentials and these credentials can be fake.

  • After Login, it should look like the image given below

Screenshot from 2022-03-18 11-41-40.png

Do I have Deluxe Membership? Let's Check

  • Go to the menu located at the top right corner.

  • Menu -> Delux Membership

As you can see, I do not have any Subscription to this Account.

mem.png

Let's Get the Deluxe Membership without Paying Anything

  • On the Delux Membership option, click on the "Become a member" button

uw.png

  • For the Next Step, We need a Storage inspector

  • For Google Chrome User/ Firefox Users -> Ctrl+shift+i

  • Click on the Storage Inspector given after inspector and console

Screenshot from 2022-03-18 11-54-20.png

  • You will See your Token in the Filter list

  • Copy the Token Value and Visit this Json Web Toekn

  • Paste your Token Value in Encoded Section

Screenshot from 2022-03-18 11-57-54.png

From the Image Given Above, one can see that Our login status is "Success" and our role is "Customer" which means we are not a Delux Member. if we were a Delux Member then it should show Delux there instead of Customer.

  • First thing First, We need a Security Testing Software. In my case, I will use Burpsuite and you can download it from the official Site for your respective OS.

  • Install the .sh Script using Below Commands

chmod +x /path/to/yourscript.sh

./yourscript.sh

  • Install the Extension Named FoxyProxy from the Web store

    • Open Burpsuite and click on the temporary project and then next button -> start Burp

Screenshot from 2022-03-18 12-16-29.png

  • Click on the Proxy->Turn on the inspector and connect it to your browser
  • Open OWASP Site where we left Earlier on registration

  • Register your Account with fake credentials and you will get the following information

Screenshot from 2022-03-18 12-29-29.png

  • Right-click on the screen of your data and click on Senf to receiver

  • Now go to the Reciever option which is given after proxy on burp suite

  • Now write the role after the security question

"role": "deluxe"

  • Click on the Send button

  • You will get a prompt of status "success"

  • Let's Login with my Credential and check, do i have now a Delux membership or not?

Screenshot from 2022-03-18 12-58-50.png

I do have Membership

Great, Now I have become a Delux Member of OWASP Juice.

This blog was for educational purposes. Don't try to do anything illegal or unethical

That's All for today, See you in the next one. Bye, bye

Did you find this article valuable?

Support piyushyadav0191 by becoming a sponsor. Any amount is appreciated!