metasploit.com fake hacked lol
I was just reading earlier that metasploit.com was hacked even though it was fake. I mean the attack was not even touching metasploit servers. Every user that went on the site was redirected to some Chinese site.
Now what good would the discussion be if there was no details on how this was accomplished... right?
Well this attack is very easily demonstrated in someone's own lan. Just get urself a linux distro. Throw ettercap on it and get a filter script. Start ettercap and turn on its built in mitn attack which can also be called arp poisoning. The attacker machines basically updates the other machines arp table and acts as the gateway. So all connections from the outside are routed through the attackers machine. Now with ettercaps filter plugin system one could easily write a script that takes all the packets that start or contain a certain signature and reconstruct them which is also called packet injection. Now a packet that comes floating that has the html data from the original page could be updated through packet injection. In lamens terms, lets say a packet holds ... (html)(head)(title)I am the target site(-title)(-head)(body)
this could now be changed to ...(html)(head)(title)this site got hacked by tr1px(-title)(-head)(body) ... Catch my drift. Now this of course opens up to redirecting using the keywords (meta) and so on. sorry for the html code but the original tags got left out.
This is a nice hack if you can find a vulnerable router or dns server or modem or whatever machines that lays before a target. Lets say yahoo had a faulty machine laying right before it's server port 80 imagine the possibilities with millions of daily visitors.
Well there you go... Metasploit.com never got touched but man in the middle attacks work.
Now what good would the discussion be if there was no details on how this was accomplished... right?
Well this attack is very easily demonstrated in someone's own lan. Just get urself a linux distro. Throw ettercap on it and get a filter script. Start ettercap and turn on its built in mitn attack which can also be called arp poisoning. The attacker machines basically updates the other machines arp table and acts as the gateway. So all connections from the outside are routed through the attackers machine. Now with ettercaps filter plugin system one could easily write a script that takes all the packets that start or contain a certain signature and reconstruct them which is also called packet injection. Now a packet that comes floating that has the html data from the original page could be updated through packet injection. In lamens terms, lets say a packet holds ... (html)(head)(title)I am the target site(-title)(-head)(body)
this could now be changed to ...(html)(head)(title)this site got hacked by tr1px(-title)(-head)(body) ... Catch my drift. Now this of course opens up to redirecting using the keywords (meta) and so on. sorry for the html code but the original tags got left out.
This is a nice hack if you can find a vulnerable router or dns server or modem or whatever machines that lays before a target. Lets say yahoo had a faulty machine laying right before it's server port 80 imagine the possibilities with millions of daily visitors.
Well there you go... Metasploit.com never got touched but man in the middle attacks work.
Replies to This Discussion
-
Permalink Reply by minoruhackerguy on -
Wow, I hadn't heard metasploit 'hacked.' Very interesting, and by something so simple too... I would have expected more from the people at metasploit. :p I mean, when you make something that aids hackers, you kind of paint a target on your head. =P
© 2009 Created by pdp on Ning. Create a Ning Network!
