HACK THIS WAY

Your Guide to successful Hacking

  • Meta

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

  • Archives

«
»

Indian Govt. Websites are damn hackable

Posted by hackthisway on November 20, 2009

At this time, when India is  reaching the heights in  Sensex and GDP and aspiring to be in the developed nations’ list, one thing that really pisses me off is India’s unawareness and disinterest in the Information Security dept., atleast the poorly configured govt. websites reflect this. When I encountered the vulnerability in the server at hosting.bsnl.in ( subdomain of bsnl.in, pointing at another server), I out of curiosity, did vulnerability assessment of some of the Indian govt. websites.

The web applications, OS at servers even  the SQL servers are untouched since their first installation. Most of the servers run Windows 2003 ( unpatched or sp1) and flaunt their vulnerability like anything.( No surprise why they get hacked !)     Most of the time I could carry the port scan without using   -PN parameter ( on nmap).

When I first tried to inform the officials at BSNL regarding the vulnerability, I was set aback by their response. They did not even understand what I was talking about ! It took me sometime to make them understand what I meant.

Some of the  govt.  websites  that gave me admin privileges are :

subdomain at          easternrailway.gov.in , rajasthan.gov.in and ofcourse,       hosting.bsnl.in ( not accessible now though the server exists)

My conversation (on phone) with an officer at eastern railways :

———————————————————————————————————————————————————————————————————————————————————-

Me :   Hello Sir, is this  the DG ?

OfficerWho is this ?

Me: Sir, I want to report a vulnerability in your website.

Officer:   what vulnerability, what website ? (he mispronounced “vulnerability“)

Me: Can I talk to the DG ?

Officer: Sir is out for some official work.

Meokay, please inform him and ask him to check his email.

( I could listen his chatting with his colleagues in bengali I think, he was saying ” Someone is talking about the website“)

Me: Ok thanks…

————————————————————————————————————————————————————————————————————————————————————————

Anyway, I have informed the  web-masters of the respective websites about the vulnerability and as a proof attached the videos of the successful loginsI have preserved the videos demonstrating the hacks and wish to publish them here provided the servers get patched.

It is  really annoying when some terrorist organizations hack the websites and leak the confidential data…..

Admins, Wake up Now or get shamelessly hacked every now and then !


This entry was posted on November 20, 2009 at 12:28 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»