kms.nhp.gov.in rooted via syncthing
In May last year (2022) I found and disclosed a vulnerability on a subdomain of nhp.gov.in. Using an exposed syncthing admin interface, I was able to gain root SSH access to the server by syncing the /root/.ssh
directory.
Here is the report I sent to CERT India (forgive the format, it was written in a rush).
Posted 2023-02-09 20:29:10 +0100 +0100