My experience on Hacking Dutch Government
Hey guys ,
Today i’m gonna share my experience on hacking dutch government website.
Everything started when i saw a guy posted on twitter that he hacked dutch government . He also posted the T-shirt he got . Just look at the Quote line. The word “government” was the killer one. So now what, I need this swag badly.
I researched online for the scope and resources for this and ended up in a github repo where there is 1500+ scopes and active hosts of Dutch Gov websites. repo here.
The scope was large , but finding the correct one for testing was a hard part. But wait , At this time i was ready to give anything for that swag.
My Approach
To be honest , i was so confused about these 1500 hosts. so what is did is randomly selected 10 websites and start working on it. I got nothing in first 5 websites. but i was not going to giveup.
Actual game
After a while i got an intresting website . that was a normal responsive website. what caught me at first glance is, it look like kinda old .
So i started testing on it’s features.
It was kind of blog website. then i searched for hidden directories and found an ‘Admin panel.
It says to login with Netlify. Finally found a login page
The login page was actually more intresting than any others
There was a sign up option in their page. hmm thats quite intresting as i’m familier with such situations in ctf’s.
I sign it up using my email and password. Now i try to login once more with email and pass i’ve just sign up.
and Voilaa !! i’m in
I’m in there cms and i have full admin acess control over the webpage.Then i quickly made a pov and reported to dutch gov And After 10 days they confirmed and fixed this bug . They also offer a T-shirt for me
Any way that was an awsome experience for me.
This was just a beginning of my journey
Stay tuned !’
-n0rmh3ll