Welcome again, my heroes!
The barbaric assault towards Ukraine by Russian forces continues. Ukraine has formally requested that hackers from world wide help their combat towards this aggression. Stopping Russia now at Ukraine could also be important to saving Europe sooner or later. An efficient cyber struggle towards Russia might make them suppose twice about their assault on Ukraine.
These of you keen to combat this aggression, I’m right here to assist.
One of many methods we will discover websites susceptible to assault is to make use of a service I launched you to earlier, netlas.io. For some background on netlas.io, click on right here.
Step#1: Navigate to netlas.io and open an account
With the positioning open, you may seek for Russian websites with a CVE better than 8.
cve.base_score:>8 and geo.nation:(“RU”)
This search brings up over 60,000 websites in Russia. We are able to slim our search to the biggest supplier of digital providers in Russia, Rostelecom, by appending our search with asn.group similar to;
cve.base_score:>8 and geo.nation:(“RU”) and asn.group:(“Rostelecon”)
This narrows our search to only over 2000 websites. We are able to above that the primary website listed is a Home windows Server with Apache 2.2.22 (the present model of Apache is 2.4).
Once we click on on the CVE tab, it opens an inventory of vulnerabilities that this server together with;
-
CVE-2821-39275
-
CVE-2821-44790
-
CVE-2018-1312
Every of those vulnerabilities is rated at 9.8 or very excessive!
Use your creativeness to seek out extra vulnerabilities in these Russian websites!
Abstract
That is fast and soiled method to discovering susceptible websites in Russia.
I am going to add extra methods an information as time permits.
You’re heroes!