I was eagerly waiting for BSNL to patch their system so that I could publish this post which shows the hack in action. I could not record the video of the hack since the screen recorder, Istanbul became unresponsive on my Ubuntu OS.
While preparing for a seminar, I came across this website and out of curiosity Nmapped to find the OS running on the server. The OS detected was Sun Solaris 10. Then, I tried to check if it is vulnerable to Sun Solaris 10 telnet daemon authentication bypass vulnerability. and found it vulnerable.
Exploiting a vulnerability in Sun Solaris version 10/11
This is what happened at console. The exploit worked !!Now, playing a safe game and also being ethical I mailed the description of the vulnerability to the Deputy Director General who also happened to be the webmaster at bsnl.co.in
The email itself contains the information about the vulnerability which saves me the pain of describing it again.
I had to wait for 19 days to publish this post since the upgradation at bsnl.in took the same time.BSNL though late, showed the reaction 🙂 Now, Nmapping bsnl.in does not show port 23 open.
Note : I am using Nmap version 5 on Ubuntu jaunty, compiled it from source !!!!