Client ==> Firewall Access

Recently I ordered two juicer machines from Daraz. I got delivery within 12 days, when I opened my package there were two juicer machines, the juicer jugs of both were cracked and one was broken totally. I searched on YouTube about Daraz there is a list of unhappy customers complaining about their experience with Daraz.

Later sometime I visited Daraz and wrote a complaint feedback about my experience and within 2 days I got a call from customer care telling me about their 7 days refund policy which they didn’t mention clearly on their web app. Well, I was browsing YouTube and saw an e-commerce platform goto.com.pk Ad, mistakenly I typed goto.pk instead of goto.com.pk and I saw a URL shortener service.

I thought something evil, I fired up my Terminal, switched to beef, configured my no-IP, forward my port and shorten my hooked URL with goto.pk, and I got something like “http://goto.pk/5wcdw”. So, Continue to Daraz I saw a live chat agent, well I thought it an awesome opportunity to test, I start a live chat session with one of their agents.

I asked him about some products if they are available on Daraz, the agent told me to send the link to that product, finally he clicked on that link and I got his browser there was nothing interesting but one thing which was not good for them as I got access to their network firewall ( pfsense => firewall/router ) .

The methodology was, I scanned that public IP and noticed that port 80 is open which was pointing me to the pfsense admin interface as a n00b I tried admin/admin, admin/password and all common usernames and passwords, nothing happened but then google helped me with the default credentials for pfsense admin/pfsense and believe me I got access to their firewall.