Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label DNS Hijacking vulnerability. Show all posts
Metasploit
Defaced Website DNS Hijacking vulnerability hacker news KDMS Team Metasploit

Metasploit and Rapid7 DNS hijacked and Defaced by Kdms Team


The domains of Metasploit.com and its parent company rapid7.com had been hijacked and defaced by the Kdms Team.  They had previously also had taken down down several high profile computer security related targets.


Mr. HD Moore (Chief Research Officer of Rapid7 and Chief Architect of Metasploit) told EHN how the domain was hijacked.





And when asked if the Domains were back in their control he said "yes" and explained why some people are still seeing the deface page.



Please note that a DNS attacks DOES NOT affect the server of the hacked site in anyway. Anybody could fall victim to it . The blame belongs to the Registrar not Rapid7.


This shows how even if you have the strictest security mechanisms there is always a "weak spot" that could be exploited and more often than not it is the "Human" element that is weakest. 
Read more »
Web Application Vulnerability
DNS Hijacking vulnerability Featured Vulnerability Web Application Vulnerability

DNS Hijacking vulnerability found in 000webhost and other free hosting sites

Last month, we learned that hackers hacked the Pakistani google and other sites by hijacking DNS records.  Hackers modified the DNS records such that it points to freehostia site where attacker host the deface page.

Now, An Indian Security researcher Aarshit Mittal come with an interesting find , he has discovered critical DNS hijacking vulnerability in popular free web-hosting providers. The vulnerability allows attackers to take control of the websites hosted.

Aarshit has demonstrate how to exploit the vulnerability in his blog.  Attacker need to create an account in the target web hosting provider. He has explained the vulnerability with 000webhost.com.

Once you created the account, you should login into the CPanel where you can see the Shared IP address. Searching for that IP address with some keywords in Bing returns the sites hosted in that specific IP. 


Interestingly, Aarshit managed to find some government sites(csirt.gov.bd) that has been hosted in the 000webhost.  

After discovering the list of sites hosted , attacker can add those domain names to 'parked domains' in the CPanel. The CPanel successfully allowed him to add the domain name.

Now hacker just need to upload defacement page to his hosting account. Boom.! Now you can see the defacement page in the victim site. Also you can create lot of sub domains in the hijacked domains.

By exploiting this security flaw, researcher successfully hijacked the following domain:

  • test.fraymamertoesquiu.gov.ar
  • test.concejodeitagui.gov.co
  • dns.hviota.gov.co
  • test.digitizeyou.in
  • men.csirt.gov.bd
  • bd.csirt.gov.bd
A malicious hacker can hijack millions of sites hosted in free webhosting sites.  Aarshit try to contact affected companies, but they failed to respond for him.

List of affected sites:

  • www.freehostia.com/
  • www.freewebhostingarea.com/
  • x10hosting.com/
  • www.110mb.com/

Not only these sites are affected, there are plenty of free hosting server affected by this vulnerability.
Read more »
Subscribe to: Posts (Atom)