This is the story of how I hacked a private company and got their internal networks, user accounts, details. I was surfing around on the internet based on my daily routine. It was a cloudy day and I was really happy. This is my second article about my bug chopping experience. I decided to hunt some private servers. It was a domain registration company. I scraped complete website but didn’t found any vulnerability except XSS (cross-site scripting). But that wasn’t enough. I searched again and again. At last, I found domain IP whois form based on POST REQUEST. First, I thought it would be waste of time surfing around there, but at the time I got an idea.
When Evil thoughts Kicked my mind:
Maybe developer has done some mistakes and used system() function to fetch whois request. I tried some Linux commands in the search box but all I got is invalid URL. After this, I tried Burpsuit and catch a request by sending a valid request to the server, after this edited the request to 127.0.0.1; ls but I found a blank page. Again I tried the same and changed the request to 127.0.0.1 && ls. I was shocked when Isaw the result. I found RCE on that website. Simply I uploaded my backdoor using wget command and got accessed to the server. So it’s easy for an attacker to get access to the database when attacker access to the server. Simply I logged in to the database and downloaded all user accounts. Well, I decided to check the server.
And I was shocked when I opened user dir there were some files named as personal.txt, server.exe, ip.txt. I downloaded server.exe and run it in Virtualbox. When I opened server.exe it was coded for access to the internal servers of their company network. When I opened it, it asked for IP and password. I was already got the list of IP addresses. So I entered first IP address and put the password of “Admin”, but it was the wrong password then I tried another IP with the same password but again failed. I tried many IP addresses but failed continuously.
When Irritation was on its peek:
Now I was tired and getting bored by putting IP addresses with admin passwords. But I don’t know I was going to left that but my heart whispered try again, so I tried again and this time I entered to the server. There were the different types of panels having documents, user data, Domain data and much more about the company include Computer access which connected through the network. At this time I got the feeling of “HACKERMAN”, at that time I thought I’m born to be a hacker.
After this, I reported the company and I got a special thanks. So here is a small noobish experience of that hack. Hope you enjoyed, if you enjoyed and learned something new, don’t be greedy and forward this information to your friends. So they will learn something new too.
We will bring more interesting experiences in future for you. Keep supporting us.