I’m Vishnu prasad , a third year engineering student, a passionate developer and a noob in bug hunting ( Please forgive my mistakes in this writeup, if any ).
I recently found a bug in Google that enables anyone to access the internal admin panel of YouTube’s Broadcasting Satellite & YouTube TV. I reported it as part of the Google VRP which earned me $13337.
And this article explains my story to the Google hall of fame.
With that being said, let’s start ????
One day, while searching for new bugs in Google ???? , I got some of Google’s IP addresses from some disclosure of their internal issues. (I had no idea what to do with these IP addresses ???? )
I checked the IP addresses and could understand that the list contained some internal Google IP also. Recently, a similar bug was reported by my friend KL SREERAM regarding their internal IP and also another one by my good friend Vishnu who had found a subdomain with access to the admin panels. However, these issues had already been fixed. And Google had also blocked the public access to these entire IP ranges.
But now, I had some similar IP addresses with me and I somehow had to to find a way to bypass this restriction. ????
And as I kept thinking how to move forward I asked myself:
‘Why not ask Google about how to bypass Google’s restriction’.
And so I did. I Googled…
I started searching extensively in Google for a way to access the blocked IP addresses [of Google]. Every article/blog/forum/comments I read told me that we need their proxy to access the IP addresses (Google Access Proxy) ????.
I kept searching and searching new ways
And then all of a sudden it happened !
My power supply went off !
And I have no battery backup devices ???? (KSEB sucks! )
I was like …..
I had already decided that I would somehow find a way to bypass this and that I was not ready to quit ????
I just couldn’t stop and so, I took out my mobile phone and started searching in Google again. As I searched, just out of curiosity, I tried to open one of those IP addresses in my Google Chrome mobile browser (I love browsing in Chrome ???? )
WTF — A page with HTTP login appeared in front of me.
Whoa ! I never expected to see that !
So there was a login in front of me, possibly the door to the inside of one of the most powerful companies in the world. However, I needed a username and password to get into it.
So what do I do ?
I tried clicking the LOGIN button without entering any credentials at all.
To my surprise, a page with many buttons and options appeared in front of me. It took me a minute to realize that I am inside a Google product’s Admin Panel.
BINGO !! I am in ! ( Yeah baby, KSEB Rocks ! )
(I got the idea of using null credentials for Google login from SREERAM’s blog post while I read about his finding. Thanks for that Bro..! ????)
At that time, however, I really didn’t know how it happened. The only thing I knew was that I had got access to an admin panel of a Google product.
After a few minutes, the power was back and I tried to open the same IP in my computer. But it wouldn’t open. The login page never showed up ! How unfortunate!
Now, I got totally confused . ????
Why was it working in my mobile phone browser and not in my laptop browser? This question kept bothering me…
Anyway, in one hour, I made a POC in my phone and submitted the report to Google. ????
In about 5 hours I got their reply that they had triaged my report. I also got a “Nice Catch!” response for my report. I was jumping with joy. The mighty Google at Silicon Valley had responded to me at Trivandrum!
They asked me — “ Can you tell us which IP addresses did you use for this access?”. They basically wanted to know which proxy did I connect to. But I didn’t know that. So I decided to dig deep into it.
In about 2 hours I found the loop that helped me enter into their admin panels. ????.
The grand mystery had been decoded !
It was Google’s Data saver that helped me to access their internal IP’s. It was turned on in my Chrome mobile browser. I have included an image to help you understand its working.
This proxy acts as their access proxy and gave me access to their internal pages. So, after adding this proxy to my computer I was able to access the admin panel from my laptop browser as well.
There you go. Now with that, anyone can access the Google admin panels from anywhere in the world!
I replied to them with a very detailed write-up. And I got a reply within 30 minutes.
I have included some screenshots as well of the admin panel that I got access to.
Their Satellite receiver admin panel
In addition to this, I got access to their broadcasting panel, internal PCSC configuration, and many such locations using this particular technique ????.
Finally they rewarded me with $13337 ????
Google Hall Of Fame — https://bughunter.withgoogle.com/rank/hof/1
Profile Link — https://bughunter.withgoogle.com/profile/76289848-1b71-44c7-b11f-6475ffbc4d7f
Now , Also they selected me as one of their Top Bughunter in year 2k17 ????.
And featured in Times Of India(TOI) . ????
The reason behind my achievements and the one who inspired me to always dream and aim higher is my mentor Mr. Sreenath Sasikumar, Founder and CEO of MashupStack — a fullstack web development training company. They rightly say, well begun is half done :-)
For More details contact me — https://www.vishnuprasadpg.com
Originally posted: https://medium.com/bugbountywriteup/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky