PPPPPPPPPPPPPPPPP AAA KKKKKKKKK KKKKKKKb::::::b
P::::::::::::::::P A:::A K:::::::K K:::::Kb::::::b
P::::::PPPPPP:::::P A:::::A K:::::::K K:::::Kb::::::b
PP:::::P P:::::P A:::::::A K:::::::K K::::::K b:::::b
P::::P P:::::P A:::::::::A KK::::::K K:::::KKK b:::::bbbbbbbbb uuuuuu uuuuuu ggggggggg ggggg ssssssssss
P::::P P:::::P A:::::A:::::A K:::::K K:::::K b::::::::::::::bb u::::u u::::u g:::::::::ggg::::g ss::::::::::s
P::::PPPPPP:::::P A:::::A A:::::A K::::::K:::::K b::::::::::::::::b u::::u u::::u g:::::::::::::::::gss:::::::::::::s
P:::::::::::::PP A:::::A A:::::A K:::::::::::K b:::::bbbbb:::::::bu::::u u::::u g::::::ggggg::::::ggs::::::ssss:::::s
P::::PPPPPPPPP A:::::A A:::::A K:::::::::::K b:::::b b::::::bu::::u u::::u g:::::g g:::::g s:::::s ssssss
P::::P A:::::AAAAAAAAA:::::A K::::::K:::::K b:::::b b:::::bu::::u u::::u g:::::g g:::::g s::::::s
P::::P A:::::::::::::::::::::A K:::::K K:::::K b:::::b b:::::bu::::u u::::u g:::::g g:::::g s::::::s
P::::P A:::::AAAAAAAAAAAAA:::::A KK::::::K K:::::KKK b:::::b b:::::bu:::::uuuu:::::u g::::::g g:::::g ssssss s:::::s
PP::::::PP A:::::A A:::::A K:::::::K K::::::K b:::::bbbbbb::::::bu:::::::::::::::uug:::::::ggggg:::::g s:::::ssss::::::s
P::::::::P A:::::A A:::::A K:::::::K K:::::K b::::::::::::::::b u:::::::::::::::u g::::::::::::::::g s::::::::::::::s
P::::::::P A:::::A A:::::A K:::::::K K:::::K b:::::::::::::::b uu::::::::uu:::u gg::::::::::::::g s:::::::::::ss
PPPPPPPPPP AAAAAAA AAAAAAAKKKKKKKKK KKKKKKK bbbbbbbbbbbbbbbb uuuuuuuu uuuu gggggggg::::::g sssssssssss
g:::::g
gggggg g:::::g
g:::::gg gg:::::g
g::::::ggg:::::::g
gg:::::::::::::g
ggg::::::ggg
gggggg
Presents
-[0x00]- Intro
-[0x01]- Reason
-[0x02]- Defacing-co.il
-[0x03]- Vulnerability
-[0x04]- Comments
-[0x00]- Intro
[#] PAKbugs is a hacking community with professional black hat hackers from around the world but mostly from Pakistan & Saudi Arabia. PAKbugs was established in late 2007.
The founder of PAKbugs was Zombie_KsA. Zombie_KsA is well known in internet world by his defacement and hacking skills. The major defacement made by Zombie_KsA was Google Morocco.
-[0x01]- Reason
[#] The reason i'm making this zine is because some skids known as Pakistani L33t aka Khanstastic is using my name since year or more,
a skid known as Khantastic registered an account on hotmail "zombie_ksa@hotmail.com" so that doesn't make him Zombie_ksa
but in other words he feels good inside that he is real zombie_ksa lmfao, so i came to know that too, he scammed few people using
zombie_ksa handle and promised them to hack some websites which they gave to "Khantastic" but that never happened and he ran away
after payment was made,
-[0x02]- Defacing-co.il
[#]
pent3st:
pent3st: BUZZ!!!
pent3st: did you deface ?
pent3st: http://msn.org.il
pent3st: Zombie_Ksa@hotmail.com: http://msn.co.il
Zombie_Ksa@hotmail.com: http://msn.org.il
Zombie_Ksa@hotmail.com: http://mastercard.co.il
Zombie_Ksa@hotmail.com: http://skype.co.il
Zombie_Ksa@hotmail.com: http://microsoftstore.co.il
Zombie_Ksa@hotmail.com: http://livemail.co.il
Zombie_Ksa@hotmail.com: http://live.org.il
zombie_ksa: who gave you this? zombie_ksa@hotmail.com
pent3st: yeah
pent3st: thats not you right?
zombie_ksa:
zombie_ksa: why the fuck that guy using my name
zombie_ksa: wait, i will write something nice about him on pakbugs.com
zombie_ksa: so world will know he is just an lammer
pent3st: you should
pent3st: cause he is known lamer
pent3st: Khanastic
pent3st: he was a friend
pent3st: but not for long i found out that he is a lamer
pent3st: Zombie_Ksa@hotmail.com: i am 1337
Zombie_Ksa@hotmail.com: i m Zombie
Zombie_Ksa@hotmail.com: i m Big sm0ke
Zombie_Ksa@hotmail.com:
Zombie_Ksa@hotmail.com: i am big fucker
Zombie_Ksa@hotmail.com is typing...
Zombie_Ksa@hotmail.com:
☠pent3st â˜: then fuck yourself
-[0x03]- Vulnerability
[#] so how did they manage to deface these co.il domains? guess (DNS poisoning? nah i don't think so these skids ain't that good)
well when i first saw these defaced co.il domains i knew it was SQLi so i began to search (=
[#] First i went and check Whois of msn.org.il http://whois.domaintools.com/msn.co.il
Registration
Created:
2010-02-15
Expires:
2013-02-15 Backorder Now or Hire a domain broker
Whois Server: whois.isoc.org.il
General TLDs:
MSN.commsn.com whois (registered and active website)
MSN.netmsn.net whois (registered and active website)
MSN.orgmsn.org whois (registered and active website)
MSN.infomsn.info whois (registered and no website)
MSN.bizmsn.biz whois (registered and active website)
MSN.usmsn.us whois (registered and active website)
ok now we know that whois server is : whois.isoc.org.il so i went there and lookup for msn.org.il,
so we looked up msn.org.il here http://www.isoc.org.il/domains/whois.html
Query: msn.org.il
Registered Name: msn
Domain Name: msn.org.il
Assigned: 22-09-2005
Last Update: 19-11-2012
Validity Date: 22-09-2013
Status: Transfer Locked
Registered Holder:
Name: Microsoft Canada Corporation
Address: 1950 Meadowvale Blvd
Mississauga L5N8L9
Canada
Phone: +1 905 5680434
Fax: +1 425 9367330
Email: admin AT internationaladmin.com
Administrative Contact:
Handle: GC-CK5534-IL
Name: Cynthia Kern
Organization: Microsoft Canada Corporation
Address: 1950 Meadowvale Blvd
Mississauga L5N8L9
Canada
Phone: +1 9 055680434
Fax: +1 4 259367330
Email: admin AT internationaladmin.com
Last Update: 08-11-2007
Technical Contact:
Handle: GC-AT6230-IL
Name: Administrator Technical
Organization: CSC Corporate Domains
Address: PO Box 597
Yarmouth B5A 4B4
Canada
Phone: +1 9 027465201
Fax: +1 9 027465252
Email: admin AT internationaladmin.com
Last Update: 18-12-2008
Zone Contact:
Handle: GC-CB9873-IL
Name: CcTLD Billing
Organization: Corporation Service Company
Address: PO Box 597
Yarmouth B5A4B4
Canada
Phone: +1 9 027465201
Fax: +1 9 027465252
Email: cctld-billing AT cscinfo.com
Last Update: 23-09-2008
DNS Servers:
ns4.msft.net
ns3.msft.net
ns1.msft.net
Registrar Name: Communigal Communication Ltd
Registrar info: http://www.galcomm.co.il/
[#] Ok, great now we know that Microsoft registered these domains on http://www.galcomm.co.il/ so there must be a hole in this website otherwise its not possible (= "these skids can't hack Microsoft servers"
[#] lets check www.galcomm.co.il, after 5 minutes we found exact vulnerable link where we can easily Inject on this website Through MsSQL Injection, and very easy to extract LoginID and Passwords, for any account registered on galcomm.co.il
for security reasons we are not disclosing exact injectable links,and we have informed right authorities about vulnerability, but we can show some example, website is poorly coded in .NET
http://www.galcomm.com/Info.aspx?PageId=52%27
Server Error in '/' Application.
Input string was not in a correct format.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.FormatException: Input string was not in a correct format.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[FormatException: Input string was not in a correct format.]
System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) +12636309
System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) +224
Info.Page_Load(Object sender, EventArgs e) +236
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
System.Web.UI.Control.LoadRecursive() +11424383
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3064
And many more Injectable Links, so these skids must have used some GUI SQLi for example: Havij and many other, and simply logged in account change DNS to their server! and uploaded defacement index
-[0x04]- Comments
[#] well, i guess here it ends, so you see how simple it was huh? so Khantastic Script kiddie, stop using my name stop scamming other ppl using my handle, make your own,
And ah! i almost forgot these skids copied my Index as well which i used in 2010 when i defaced NR3C, here's link: http://www.zone-h.org/mirror/id/10093092
how skids they are they even copied my index! c'mon who does that? huh? you guys can't even make an index? and oh i wanna tell one more thing that Zombie_KsA ( Me )
I DON'T DEFACE ANYMORE! I keep access on servers only! i dont deface anymore
#EOF
This was the article posted on
http://pakbugs.com/index
====================================================================
This Article was Written by Ajay Devgan
Ajay Devgan Founder and Editor-in-Chief of 'www.techyfreaks.com'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker.
Follow 'Ajay Devgan' on Google+, Twitter or Facebook or Contact via Email.
====================================================================
====================================================================
Ajay Devgan Founder and Editor-in-Chief of 'www.techyfreaks.com'. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker.
Follow 'Ajay Devgan' on Google+, Twitter or Facebook or Contact via Email.
====================================================================
0 comments:
Post a Comment