HomeclosedFAQRegisterLog in

Share | 
 

 000webhost DNS Hijacking Vulnerablity - Thousands of Websites including .gov domains Can be Hacked

Go down 
AuthorMessage
V1P3R
WhiteHat Support
WhiteHat Support
avatar

Posts : 76
White Hat Points : 202
White Hat Reputation : 10
Join date : 2013-07-30

PostSubject: 000webhost DNS Hijacking Vulnerablity - Thousands of Websites including .gov domains Can be Hacked   Fri Aug 09, 2013 10:00 am

Let see the DNS Hijacking Vulnerability making Thousands of Websites hosted on 000webhost and other free hosting web hosting Providers.

Step 1 : signup for a account on 000webhost.com
it will give you a address like abcd.something.com
for example mine was : [You must be registered and logged in to see this link.]
[You must be registered and logged in to see this image.]

Now Go to cPanel
and Look for IP Address, you'll get something like "31.170.163.140"

Now Go to [You must be registered and logged in to see this link.] and type dork ip:31.170.163.140
if you want .gov .edu or any other particular domain then dork will " ip:31.170.163.140 .gov "
or " ip:31.170.163.140 .edu "

all server ips
Server 1 with 253 ips
31.170.161.1 - 31.170.161.253

Server 2 with with 253 ips
31.170.162.1 - 31.170.162.253

Server 3 with 242 ips
31.170.163.1 - 31.170.163.241
Now come to Search Results
i got The Target csirt.gov.bd
i just open this url :
abcd.csirt.gov.bd
and here a error page of 000webhost.
[You must be registered and logged in to see this image.]

which shows that the dns is configured so that the site is forwarded to Nameserver of 000webhost
now what i did is enter in my cpanel which i created at 000webhost and park a subdomain :
[You must be registered and logged in to see this image.]

[You must be registered and logged in to see this image.]

Some of the sites for example which are vulnreable for this attack
Code:
    http://test.fraymamertoesquiu.gov.ar
    http://test.concejodeitagui.gov.co
    http://dns.hviota.gov.co
    http://test.digitizeyou.in
    http://men.csirt.gov.bd
    http://bd.csirt.gov.bd

_________________
Mess with the Best, Die like the Rest
Back to top Go down
 
000webhost DNS Hijacking Vulnerablity - Thousands of Websites including .gov domains Can be Hacked
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical White Hat Hackers :: White Hat Hackers Community :: Hacking & Security Tutorials-
Jump to: