Members Login
Username 
 
Password 
    Remember Me  
home page -> 💀 𝒸ʸ𝐛ᵉℝ-匚𝑜𝐝€R C๏𝕞𝕞𝓤nᎥᵗY💀 -> Website and Forum Hacking -> خطف dns
Post Info TOPIC: خطف dns
cYber-coder


Senior Member

Status: Offline
Posts: 318
Date:
خطف dns
Permalink Closed

  
[Image: w5sL2ZT.png]
[Image: dns.png]


If you remember, a few months back I posted a tutorial on the 000webhost DNS Hijacking Vulnerability?

░▒▓[000webhost DNS Hijacking Vulnerability]►_1,000+ Websites can be Hacked _[/TUT]▓▒░
http://www.hackforums.net/showthread.php?tid=3137904

Well I've compromised several domains using this method but never seen a decent (hands on) tutorial posted on HF about DNS Hijacking until now. Devlish

What is DNS hijacking?
Quote:DNS hijacking or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer's TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards.

These modifications may be made for malicious purposes or for self-serving purposes by Internet service providers (ISPs) to direct users' web traffic to the ISP's own web servers where advertisements can be served, statistics collected, or other purposes of the ISP; and by DNS service providers to block access to selected domains as a form of censorship.




[Image: ju5lWma.png]
A computer running Linux/Ubuntu.
Basic understanding of how the Domain Name System (DNS) works.



Video Tutorial:-By H4x4rwOw




Here's a neat little working DNS Hijacking trick I seen posted @Devil's Cafe making thousands of Websites hosted on 000webhost vulnerable, including .gov .edu domains. Hehe

Tutorial:

Step 1 :
Login with a free account on 000webhost.com
it will give you a address like abcd.something.com
mine was --> http://testingfu.comule.com

[Image: VkRQi.jpg]

Now Goto cPanel
and Look for IP Address, you'll get something like"31.170.163.140"

Now Goto Bing .com and type dork ip:31.170.163.140
if you want .gov .edu or any other particular domain then dork will be " ip:31.170.163.140 .gov "
or " ip:31.170.163.140 .edu "

all server ips,

Server 1 with 253 ips
31.170.161.1 - 31.170.161.253

Server 2 with with 253 ips
31.170.162.1 - 31.170.162.253

Server 3 with 242 ips
31.170.163.1 - 31.170.163.241

Now come to Search Results, I got The Target csirt.gov.bd
I just open this url :abcd.csirt.gov.bd
and here a error page of 000webhost.
[Image: 7Kn1K.jpg]

which shows that the dns is configured so that the site is forwarded to Nameserver of 000webhost
Now what I did is enter in my cpanel which I created at 000webhost and park a subdomain :
[Image: HOigV.jpg]
[Image: Pd3iv.jpg]

Here are some of the sites for example which are vulnreable for this attack:
PHP Code:
http://test.fraymamertoesquiu.gov.ar
http://test.concejodeitagui.gov.co
http://dns.hviota.gov.co
http://test.digitizeyou.in
http://men.csirt.gov.bd
http://bd.csirt.gov.bd 

Founded by Aar**** Mital This tutorial is for educational purposes only, I’m not responsible for how you use this information.
Thanks for viewing my thread.



__________________
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.
home page -> 💀 𝒸ʸ𝐛ᵉℝ-匚𝑜𝐝€R C๏𝕞𝕞𝓤nᎥᵗY💀 -> Website and Forum Hacking -> خطف dns
Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse 		Powered by ActiveBoard