How I Hacked Dutch Government in 5 Minutes? Twitter Account Takeover

numaN

Growth Hacker
Staff member
Administrator
Joined
Sep 11, 2019
Messages
12
Points
3
Greets to researchers!
After a while, I have decided to publish a writeup about how I 'ethically' hacked Dutch government. A month ago, I have reported 2 valid security vulnerabilities to NCSC and vulnerabilities has been resolved. And thanks NCSC for awesome swag, I was waiting this for a long time. Let me tell you details:

1) Twitter Account Takeover of Ambassadors & Embassies
I was just looking for subdomains of ncsc.nl and in one of this subdomain, there was a linked website. This linked website was about all social media accounts of Dutch government. I have just checked all accounts and I saw that some accounts are not exist in Twitter. Bum! :) I have registered Twitter and got those usernames.

dutch1.png

I have sent email to [email protected]

After 5 hours of reporting, NCSC confirmed my vulnerability:

dutch2.PNG


And today, I got my swag:

swag.jpg


This security issue has been fixed.
2) Reflected XSS Vulnerability
I have reported reflected xss vulnerability, it is confirmed but not fixed yet, so I am not writing about it.


Dutch government and people really care about cyber security. At this point, I acknowledge them and I believe that cybersecurity center of world will be Netherlands, I believe. Nowadays, the wars are on cyber world, some states has recognized this and taking actions. Hope to see this determination in all states.

Thanks for reading,
Join us for private bug bounty tricks and methods and take your place between kings.
Hackking - Hack the King!
 
Top