How I Hacked NASA And Received an Appreciation Letter
1 min read
Summary
A self-described amateur cybersecurity researcher has detailed how they managed to find a vulnerability in NASA’s systems and earn a place in the space agency’s Hall of Fame.
The bug bounty hunter said they were motivated to take on the target after seeing others on LinkedIn and Twitter receive recognition from NASA for finding bugs.
After setting themselves a month-long goal, they spent their time understanding NASA’s rules, extensively probing the target and using a variety of tools including Burp Suite Pro, Splunk and Alienvault for vulnerability scanning.
The security researcher used a known vulnerability in Apache Struts ( CVE-2017-5638) to achieve remote code execution on one of the systems, and after reporting it via the dedicated NASA channel, was awarded a letter of appreciation.
The amateur researcher said their methods can be replicated by other amateurs, and urged those looking for bugs to take a organised approach and not to ignore the importance of geopolitical factors when deciding what organisations to target.