About 3 days ago, I was recursively bruteforcing subdomains for a domain and I stumbled upon a domain that hosted an admin panel. I guess it was my lucky day because it didn’t require any authentication. It a web interface to monitor and control some sort of industrial machines. They might have thought that it’s well hidden and it needs to be accessed a million times a day by every other employee so they kept it open to keep off the hassle.
I thought I hit the jackpot but then I realised I could just monitor the systems, I needed credentials to make the machines do anything.Read more