You could also hide a bounty somewhere (e.g. in an email, in a private Github repo, etc.).
You don't even need to mention this is your account, e.g. "I want the email password of X for Y bitcoins".
Both solutions comes with its own issues, but I don't think there is a legal way to do a full pentest.
You could also hide a bounty somewhere (e.g. in an email, in a private Github repo, etc.).
You don't even need to mention this is your account, e.g. "I want the email password of X for Y bitcoins".
Both solutions comes with its own issues, but I don't think there is a legal way to do a full pentest.