Hacked into bsnl.in

I was eagerly waiting for BSNL to patch their system so that I could publish this post which shows the hack in action. I could not record the video of the hack since the screen recorder, Istanbul became unresponsive on my Ubuntu OS.

While preparing for a seminar, I came across this website and out of curiosity  Nmapped to find the OS running on the server.  The OS detected was Sun Solaris 10. Then, I tried to check if it is vulnerable to Sun Solaris 10 telnet daemon authentication bypass vulnerability. and found it vulnerable.

Exploiting a vulnerability in Sun Solaris  version 10/11

This is what happened at console.  The exploit worked !!Now, playing a safe game and also being ethical I mailed the description of the vulnerability to the Deputy Director General who also happened to be the webmaster at bsnl.co.in

The email itself contains the information about the vulnerability which saves me the pain of describing it again.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I had to wait for 19 days to publish this post since the upgradation at bsnl.in took the same time.BSNL though late,  showed the reaction 🙂 Now,   Nmapping bsnl.in  does not show port 23 open.

Note :   I am using Nmap version  5 on Ubuntu jaunty,    compiled it from source !!!!

Advertisements

3 thoughts on “Hacked into bsnl.in

  1. purely Ethical
    but dude
    they don’t care…
    you should have defaced the WEbsite..

    “Jo log oocha sunte hai..unhe dhamakey ki jaroorat hoti hai”
    i do keep doing these things..then mail@webmaser

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s