2

Probably !dev

How should I inform a government website that one of their user password combinations is in a short metasploit password list. The list name is tomcat_mgr_default_userpass

The top exploit db vulnerabilities for tomcat verison did not work so kudos to them on that. I am just a script kiddie

Edit :- Forgot to mention I am an Indian citiizen

Comments
  • 0
    Just don’t, and watch it burn when someone decides to actually exploit them.
  • 0
    @100110111 Why. It is government website so legal risk is low and I havent used any reverse shells(though I probably can) so I am pretty safe
  • 0
    @Sony-wf-1000xm3 why wouldn’t you?
  • 0
    @100110111 Watching a government site burn sounds unfun
  • 2
    @Sony-wf-1000xm3 watching governments burn sounds fun to me
  • 0
    Look for a security contact on their website, or ask for a security contact at their main contact. I doubt they implemented security.txt
  • 4
    Just don't. Government is usually incompetent, and if you notify them, they still won't act on it. Now when they get hacked, then guess where they will send the police to do a raid at 4AM in the morning. Guess also whose complete electronics will be confiscated and who will never see them again.
  • 2
    Don't do it mate! If they get exploited and they notice, chances are high, that you are the first one they will go after.
  • 1
    @Fast-Nop Thanks for that info. I will not report it then
Add Comment