Home of WhiteHat CyberArmy
 
HomeFAQSearchMemberlistUsergroupsRegisterLog in

Share | 
 

 000webhost DNS Hijacking Vulnerablity - Thousands of Websites including .gov domains Can be Hacked

Go down 
AuthorMessage
W-P
Admin
avatar

Posts : 80
Join date : 2013-11-12
Age : 32
Location : Cyber World

PostSubject: 000webhost DNS Hijacking Vulnerablity - Thousands of Websites including .gov domains Can be Hacked   Tue Nov 12, 2013 12:19 pm

Let see the DNS Hijacking Vulnerability making Thousands of Websites hosted on 000webhost and other free hosting web hosting Providers.

Step 1 : signup for a account on 000webhost.com
it will give you a address like abcd.something.com
for example mine was : [You must be registered and logged in to see this link.]
[You must be registered and logged in to see this image.]

Now Go to cPanel
and Look for IP Address, you'll get something like "31.170.163.140"

Now Go to [You must be registered and logged in to see this link.] and type dork ip:31.170.163.140
if you want .gov .edu or any other particular domain then dork will " ip:31.170.163.140 .gov "
or " ip:31.170.163.140 .edu "

all server ips
Server 1 with 253 ips
31.170.161.1 - 31.170.161.253

Server 2 with with 253 ips
31.170.162.1 - 31.170.162.253

Server 3 with 242 ips
31.170.163.1 - 31.170.163.241
Now come to Search Results
i got The Target csirt.gov.bd
i just open this url :
abcd.csirt.gov.bd
and here a error page of 000webhost.
[You must be registered and logged in to see this image.]

which shows that the dns is configured so that the site is forwarded to Nameserver of 000webhost
now what i did is enter in my cpanel which i created at 000webhost and park a subdomain :
[You must be registered and logged in to see this image.]

[You must be registered and logged in to see this image.]

Some of the sites for example which are vulnreable for this attack
Code:
    http://test.fraymamertoesquiu.gov.ar
    http://test.concejodeitagui.gov.co
    http://dns.hviota.gov.co
    http://test.digitizeyou.in
    http://men.csirt.gov.bd
    http://bd.csirt.gov.bd
Back to top Go down
View user profile http://whitehatcyberarmy.forumotion.com
 
000webhost DNS Hijacking Vulnerablity - Thousands of Websites including .gov domains Can be Hacked
Back to top 
Page 1 of 1
 Similar topics
-
» Fantage VS. WitchMe
» CUTEST WEBSITE EVER!
» Live Book: thousands of novelties
» bearville shutting down?! &please answer this!
» One of our favourite Adventure games websites is 'awake again'! :o)

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical WhiteHat CyberArmy :: WhiteHat CyberArmy Community :: Hacking & Security Tutorials-
Jump to: