December 9

Free Hosting Sites Vulnerable to DNS Hijacking Millions of Websites Can be Hacked

 

Hey guys, was working on DNS Hijacking these days and find a big loophole in Free Webhosting Companies like 000webhost.com and was amazed by my research results I contacted the Company after a week of no reply finally leaking out the issue.

So let me Introduce the DNS Hijacking trick making millions of Websites hosted on 000webhost and other free hosting web hosting companies vulnerable.

Step 1 : Login with a free account on 000webhost.com?

it will give you an address like abcd.something.com

mine was –>?http://testingfu.comule.com

Now go to Cpanel?
Now open bing.com and search for like
” IP:31.170.163.140 .gov “
All server IPs
Server 1 with 253 IPs
31.170.161.1 – 31.170.161.253
Server 2 wwith 253 IPs?
31.170.162.1 – 31.170.162.253
Server 3 with 242 ips
31.170.163.1 – 31.170.163.241
Now the target I got is?csirt.gov.bd
I just open this URL : abcd.csirt.gov.bd
An error page of 000webhost strikes
Which shows that the DNS is configured so that the site is forwarded to Nameserver of 000webhost?
now what i did is enter in my Cpanel which I created at 000webhost and park a subdomain :
men.csirt.gov.bd
bd.csirt.gov.bd
And done added an index page to my public_html
And the website defaced .
Some of the sites which also bypassed by me?
http://test.fraymamertoesquiu.gov.ar?
http://test.concejodeitagui.gov.co?
http://dns.hviota.gov.co?
http://test.digitizeyou.in?
http://men.csirt.gov.bd?
http://bd.csirt.gov.bd
Thank you
Regards Aarshit Mittal(@arsmittal)

If you are a mirror freak then can create thousands of subdomains of these gov sites or other gov aites hosted on 000webhost and mirror it on hack-mirror.com and hack-db.com they take such mirrors don’t have any idea for zone-h because they didn’t archived the mirror submitted by me so may be they don’t takje the created subdomains.

Category: Security | Comments Off on Free Hosting Sites Vulnerable to DNS Hijacking Millions of Websites Can be Hacked
December 9

Archaeological Survey Of India Website Defaced

Archaeological Survey of India Website Defaced by Bangladeshi geeks claiming to be from a team namely Bangladesh Cyber Army

The site remained offline for the whole day and the reason they posted for which they hacked this Gov. site is :

The Border killing and they ask Indian soldiers to stop Innocent Border killings

but guys is it true ???

Answer is NO, no such border killing is reported by any media it’s just so anti-peace elements which posted some fake claims over social networking sites in front of these geeks and they started attacking Indian sites

Some months back when these geeks started such hacks against Indian web servers, many news portals posted a news :

“20,000 Indian sites hacked by Bangladeshi hackers”

as soon as this news was posted i personally approaches some news portals to show a single proof of the websites hacked but the webmasters either ignores or replied a lame thing that they have shared the news posted on other sites.

The reality of that news was around 2,000 Indian sites was hacked in which only 489 sites was mirrored(proof),

In the month of April when Indian BD hackers were fighting a Team of Hackers posted some Confidential Data of President Bangladesh after which apology letter was posted by Bangla hackers for hacking innocent indian sites and a peace was signed in between the Hackers of the two countries .

Further authorities from Bangladesh ask Indian Hackers to stop Cyber attack on them they requested :

“we are very poor country, please stop Cyber attacks on our Country”

But still Bangladesh Hackers are not yet stopped cyber attacks over Indian Cyber space.
Website:asipatnacircle.gov.in
Mirror:http://zone-h.com/mirror/id/18334150

Category: Security | Comments Off on Archaeological Survey Of India Website Defaced
December 9

Asian/Pacific/American Institute at New York University Hacked

Asian/Pacific/American Institute at New York University Hacked and Defaced by Iran Hackers?

26:09:2013 , A Breaking News coming out from the Center of New York University , where an Iran Hacker hacked an Official server of NYU and deface the Website of?Asian/Pacific/American Institute , This Website was hosted on the official Server of NYU (ns1.nyu.edu) and the specific target of the hacker was NSU.edu , but because of the server security hacker was unable to breach into the main website and he defaced the Subdomain from where he get into.

In the mean time when adding this news , the University Quickly patch up the website by removing the deface .

While going through the source code of the deface page at the hacked website it was found that the website is linking to an external unofficial website?http://www.nyu-apastudies.org/2012/ which attains the deface page,

So , it may also hint that the deface was added in the linked Iframe website?http://www.nyu-apastudies.org/2012/?which is originally hosted on a shared server (easy to hack) and it may have leads to the deface, but in both conditions the NYU was Defaced and taken down by the hackers.

Hacker mention his Contact detail in the deface page :?le4derofh4ck@gmail.com

Defaced Website :

http://www.apa.nyu.edu/

Category: Security | Comments Off on Asian/Pacific/American Institute at New York University Hacked