I just earned 500€ by sending 8 emails and scanning a wordpress site
I talked this company to want basic security training
What i did was scrape their site for email addresses of important people, send all of them a phishing email (Thanks for not configuring SPF)
I got login details of 5 out of 8 high ranking employees

When explaining that you gave your password to me, one dude just said :”so what, i have nothing in there”
Yeah, nothing but a remote access to all workstations, access to company’s shared folders, all customer details and billing system

Needless to say, they got a pretty stern lecture

And the site: 2 known exploits found, unauthorized passworf reset and remote code execution for logged in users

Add Comment