Hey guys ,
Today i’m gonna share my experience on hacking Dutch government website.
Myself V1draX , a passionate cyber security enthusiast and a keen learner. I try to document and write about new new technologies and tools i learn/use. Feel free to connect with me.
Everything started when i saw a guy posted on twitter that he hacked dutch government . He also posted the T-shirt he got . Just look at the Quote line. The word “government” was the killer one. So now what, I need this swag badly.
I researched online for the scope and resources for this and ended up in a GitHub repo where there is 1500+ scopes and active hosts of Dutch Gov websites. Repository here.
The scope was large , but finding the correct one for testing was a hard part. But wait , At this time i was ready to give anything for that swag.
My Approach
- To be honest , i was so confused about these 1500 hosts. so what is did is randomly selected 10 websites and start working on it. I got nothing in first 5 websites. but i was not going to give up.
Actual game
- After a while i got an interesting website . that was a normal responsive website. what caught me at first glance is, it look like kinda old.
There was a sign up option in their page. hmm that’s quite interesting as i’m familiar with such situations in Ctf’s.
I sign it up using my email and password. Now i try to login once more with email and pass I’ve just sign up.
- I’m in there CMS and i have full admin access control over the web page. Then i quickly made a POC and reported to dutch gov And After 10 days they confirmed and fixed this bug . They also offered a T-shirt for me.
Anyways, that was an awesome experience for me.
This is just a beginning of my journey.
Stay tuned !