MaDLeeTs • Cyber Security & Professional Webmasters Forum

Full Version: DNS Hijacking Vulnerablity.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
DNS Hijacking Vulnerablity. TUTORIOL

DNS Hijacking Vulnerablity.
So let see the DNS Hijacking Vulnerablity making Thousends of Websites hosted on 000webhost and other free hosting webhosting Proivders.

Step 1 : signup for a account on 000webhost.com
it will give you a address like abcd.something.com
for example mine was : http://testingfu.comule.com.


Now Goto cPanel
and Look for IP Adress, you'll get something like "31.170.163.140"

Now Goto Bing .com and type dork ip:31.170.163.140
if you want .gov .edu or any other particular domain then dork will " ip:31.170.163.140 .gov "
or " ip:31.170.163.140 .edu "
all server ips
Server 1 with 253 ips
31.170.161.1 - 31.170.161.253

Server 2 with with 253 ips
31.170.162.1 - 31.170.162.253

Server 3 with 242 ips
31.170.163.1 - 31.170.163.241
Now come to Search Results
i got The Target csirt.gov.bd
i just open this url :
abcd.csirt.gov.bd
and here a error page of 000webhost.


which shows that the dns is configured so that the site is forwarded to Nameserver of 000webhost
now what i did is enter in my cpanel which i created at 000webhost and park a subdomain

men.csirt.gov.bd
bd.csirt.gov.bd
and done added a deface page to my public_html
and the website defaced .

Some of the sites for example which are vulnreable for this attack
Code:
http://test.fraymamertoesquiu.gov.ar
http://test.concejodeitagui.gov.co
http://dns.hviota.gov.co
http://test.digitizeyou.in
http://men.csirt.gov.bd
http://bd.csirt.gov.bd



[attachment=245]

IF YOU DON,T UNDERSTAND DOWNLOAD TUTOROIL+IMAGES IN ATTACHMENT
Good Tutorial ! Biggrinsmiley
thx Biggrinsmiley
Nice share man Smiley1
good job Biggrinsmiley
just awsome wink a new method i don't new before Smiley1
Nice tutorial