Hacking NASA : The Journey to My First Hall of Fame
1 min read
Summary
A hacker discovered the first vulnerability on a subdomain belonging to NASA and used the mail server to test for misconfigurations, as these are common in these kinds of systems.
They used theHXTP scanner to locate living subdomains and Nuclei to detect potential security issues.
Upon investigation of the discovered subdomain, the hacker discovered a undetected misconfiguration of the mail server, which should never have been accessible from outside of NASA’s internal network, and was able to exploit it.
The hacker used the SMTP protocol to send an email to an admin account they created on the same subdomain, demonstrating the ability to send emails from outside NASA’s network, thereby confirming the vulnerability.
Vulnerabilities like these, if discovered by malicious actors, could result in serious security breaches, hence it is crucial to keep searching for these kinds of systems and apply patches as soon as they are discovered.