If you enjoy reading about real hacker mindset — the wins, the embarrassing failures, the overconfidence, the late-night decisions — you can read my earlier cake story here: 👉 Cake attack
And if you want all my stories — including the psychology, the mistakes, and the lessons I learned the hard way — they're in my book here: 👉 Book link (Inside hackers mind)
Now let me tell you about one of my finest failures.
It was 2:30 AM.
The dangerous hour.
The hour where developers deploy to production. Where traders double their positions. Where hackers believe they are invincible.
I was browsing cake delivery websites near my area.
If you've been in web security long enough, you develop something dangerous — confidence.
You look at a website and think:
"This looks vulnerable."
No testing. No evidence. Just vibes.
And my ego agreed.
The Ritual
Whenever I approach an application, my brain follows the same flow:
- Registration
- OTP logic
- Rate limits
- Authentication
- Access control
- Payment logic
It's muscle memory at this point.
So I started.
Registration — solid. OTP protections — proper rate limiting. Bruteforce attempts — blocked.
Okay.
Respect.
I logged in.
Normally, I would carefully inspect profile requests, look for logic gaps, test edge cases.
But this was 2:30 AM.
Patience was offline.
Confidence was online.
The Payment Fantasy
Years ago, I had found a weakness in a payment workflow on another platform. That memory was still feeding my ego.
So naturally, I skipped the warm-up and went straight to checkout.
Added a ₹2500 cake to cart.
3KG.
Why 3KG?
Because apparently if you're going to be delusional, you go big.
I moved through checkout thinking about logic flaws, price manipulation, request tampering.
Click.
Next.
Next.
Next.
Then suddenly:
"Your order is confirmed."
I froze.
I hadn't even tested anything yet.
For three seconds, I thought:
"Did I just unlock some advanced hacker aura?"
No.
I unlocked something else.
The default payment mode was Cash on Delivery.
And I had just blindly confirmed a 3KG cake like a normal human ordering dessert.
No exploit. No vulnerability. No genius moment.
Just autopilot.
Worse?
There was no cancel option.
The Longest Sleep of My Life
I closed the laptop and went to bed, telling myself:
"They'll probably call before preparing it."
Optimism is also a vulnerability.
8:12 AM — The Message
I woke up to a WhatsApp notification:
"Sir, your cake is ready."
Ready??
It hasn't even been 8 hours.
I stared at the message like it was a ransom note.
The hunter had become the hunted.
The 3KG cake was now real.
And coming.
Damage Control
I called them immediately.
What followed was one of the most creative improvisations of my life.
"Yes, actually I was ordering for my wife… but I realized the design is not what I wanted… and actually it was a misunderstanding…"
They listened.
Then they told me something.
Something I cannot repeat here.
Let's just say…
It was accurate.
Thankfully, the cake was not delivered.
My dignity, however, suffered minor casualties.
The Real Vulnerability
We spend so much time looking for weaknesses in systems.
Rate limits. Logic flaws. Access control gaps.
But no one talks about this vulnerability:
Overconfidence at 2:30 AM.
That website was secure.
The only unstable component in that entire architecture was me.
Not Every Bug Hunt Ends in Glory
Online, you'll see stories like:
- "How I made $10,000 from one bug"
- "How I found critical RCE"
- "How I outsmarted X company"
You rarely see:
"I tried. Nothing was broken. I accidentally ordered cake."
But this is part of the process.
Most attempts don't end in bounty.
Some end in humility.
Some end in WhatsApp messages that ruin your morning.
And some almost end in 3KG of cake.
If you enjoy honest stories about mindset — the wins, the ego, the failures, the reality — you can read more here: 👉 Inside hackers mind
Not every hunt ends with a trophy.
Sometimes it ends with cake.
And regret.