This article discusses how to use OSINT tools like Google Hacking to detect OpenVPN vulnerabilities and find security flaws that allow unauthorized use of paid VPNs due to ovpn file leakages.
OVPN Files Required for OpenVPN
An OVPN file is a required configuration file that uses OpenVPN protocol to connect to VPN. The file contains a VPN server address and encryption key, making it a very important file to start VPN.
Because of this, the exposure of the OVPN file to outsiders is an OpenVPN vulnerability that allows not only assigned users but everyone else to use VPN without any authorization.
Detect Paid OpenVPN Vulnerabilities With Google Hacking (OSINT)
You can find OpenVPN vulnerabilities by using Google Hacking. If you search for the following keywords in the Google search engine, the web page, as the image below, will be exposed at the top.
The exposed webserver’s URL, with the same title and description as ‘Index of /server/openvpn”, can be narrowed down to a particular VPN company’s webserver.
If you access the following website, you will be able to see a folder list with all OVPN files displayed.
As explained earlier, if the OVPN files are exposed to outsiders, anyone can access the VPN, making it a severe security flaw. Even after checking the results with the VPN company and service, it was found that paid VPN was being provided.
Users usually have to complete their purchases in order to download OVPN files and use VPN. However, this paid VPN’s OVPN file can be downloaded without any payments or subscriptions by searching for it on Google Hacking (OSINT).
This problem is presumed to be because of the fact that permissions aren’t properly set on the server.
Exposed Paid Open VPN Server Address Information
We used another OSINT tool, Criminal IP, to search for VPN server address information in exposed OVPN files.
As a result of searching Criminal IP with the IP address ‘220.127.116.11’ exposed in the listed OVPN file name, it was confirmed that the IP address used for VPN, as shown in the image below.
Vulnerabilities in Webserver Exposure, Need Inspection Before Exploitation
In addition to VPN services, there are many sites that allow users to download files after payment. Services such as P2P file sharing and video streaming also should be regularly inspected to ensure that internal servers are not exposed due to poor management.
The VPN company’s server in question appears to be self-built, but the same problems can occur when using AWS S3 buckets and other cloud servers, so always be careful.
Please refer to our article on how to find exposed security vulnerabilities using OSINT tools like Google Hacking and Criminal IP.
Related Articles :