This article discusses how to use OSINT tools like Google Hacking to detect OpenVPN vulnerabilities and find security flaws that allow unauthorized use of paid VPNs due to ovpn file leakages. 

OVPN File Required for OpenVPN

OVPN file is a required configuration file that uses OpenVPN protocol to connect to VPN. The file contains a VPN server address and encryption key, making it a very important file to start VPN. 

Because of this, the exposure of OVPN file to outsiders is an OpenVPN vulnerability that allows not only assigned users but everyone else to use VPN without any authorization. 

Detect Paid OpenVPN Vulnerabilities With Google Hacking (OSINT) 

You can find OpenVPN vulnerabilities by using Google Hacking. If you search the keyword below on Google search engine, you will see the same results as shown in the image below

Index of /servers/openvpn

Google Hacking Search Results for OpenVPN Vulnerability using "Index of /servers/openvpn" on Google Search Engine
Google Hacking Search Results for OpenVPN Vulnerability using “Index of /servers/openvpn” on Google Search Engine

After looking at the exposed webserver’s URL that has the same title and description of ‘Index of /server/openvpn”, it can be narrowed down to particular VPN company’s webserver. 

If you access the following website, you will be able to see a folder list with all OVPN files displayed. 

OVPN file leaked webpages detected by Google Hacking
OVPN file leaked webpages detected by Google Hacking

As explained earlier, if the OVPN files are exposed to outsiders, anyone can have access to the VPN , making it a very serious security flaw. Even after checking the results with the VPN company and service, it was found that paid VPN was being provided. 

License Purchase Page of a OpenVPN Vulnerability VPN company founded through Google Hacking
License Purchase Page of a OpenVPN Vulnerability VPN company founded through Google Hacking

Users usually have to complete their purchases in order to download OVPN files and use VPN. However, this paid VPN’s OVPN file can be downloaded without any payments or subscriptions by searching for it on Google Hacking (OSINT). 

This problem is presumed to be because of the fact that permissions aren’t properly set on the server. 

Exposed Paid Open VPN Server Address Information 

We used another OSINT tool, Criminal IP, to search for VPN server address information in OVPN files exposed as Open VPN vulnerabilities.

Out of the listed OVPN files, results from searching the exposed IP address 46.23.72.15 for IP intelligence showed that it is a IP address being used as VPN, as shown in the image below. 

Search Results for Exposed OVPN file's VPN Server Address Using IP Intelligence OSINT Tool. Confirmed as VPN IP
Search Results for Exposed OVPN file’s VPN Server Address Using IP Intelligence OSINT Tool. Confirmed as VPN IP
Search Results for Exposed OVPN file's VPN Server Address Using IP Intelligence OSINT Tool. Confirmed as VPN IP
Search Results for Exposed OVPN file’s VPN Server Address Using IP Intelligence OSINT Tool. Confirmed as VPN IP

Vulnerabilities in Webserver Exposure, Need Inspection Before Exploitation 

In addition to VPN services, there are many sites that allow users to download files after payment. Services like P2P file sharing and video streaming should be reguarly inspected to ensure that internal servers don’t get exposed because of poor management. 

The VPN company’s server in question does appear to be a self-built server but problems can occur when using AWS S3 buckets and other cloud servers so always be careful. 

You can always refer to our article on how to find exposed security vulnerabilities using OSINT tools like Google Hacking and Criminal IP.


Source : Criminal IP (https://www.criminalip/io) , Google (https://www.google.com) 

Related Articles :