The other night i was auditing one of the customers here in Singapore. It was a huge organization with massive workforce and manpower. Normally huge organization tend to give people an impression that they must be secure because either they have enough internal people to do the patching or they must be doing some kind of upgrading work every now and then to have their servers or networks compliance with the government authority.
The results from my audit depicted that life isn't a bed of roses. Multiple servers suffers from DoS, buffer overflows and one of them even allows me to escalate to admin priveleges. Well, the results were really astonishing from such a reputable organization and everything was under my control. Of course, i managed to capture all screenshots of what i did and wrote a report to the management. I am wondering what they will do about it. They could either pray hard that no one attack them and start patching or expect for the worst where they could be brought down anytime anyday.
One of the coolest thing i did during the audit was defacement of their website. Personally, i had never deface a website before till that day. It was great seeing big organization websites having your own selected message or picture, definitely tarnishing their reputation and the feeling was just too estatic. Of course, i had to wrap it up fast by taking a screenshot of it and resume their site back to normal or i will be screwed. The one last thing i observed and found out was they were using a very old Operating System where most of their crucial data was residing. It was exhilarating as i was poking my way to grab all their private data. All in all, it was just bad, really bad. I am about to finish the report and i send it to the customer. I just want to see what is the response going to be.
The Hacka Man