Results 1 to 9 of 9

Thread: WTF: Metasploit Website attacked by ARP spoofing?!?

  1. #1
    Member
    Join Date
    Aug 2007
    Posts
    468

    Default WTF: Metasploit Website attacked by ARP spoofing?!?


    onday morning, Metasploit.com was temporarily hijacked using an attack on the local area network of Metasploit's hosting provider. Using what is technically known as ARP spoofing, the attacker was able to intercept visitors to Metasploit.com, and instead serve them up a page saying the site had been "hacked by sunwear ! just for fun. Users were then redirected to a Chinese forum with an image of the hack.

    The Metasploit server itself wasn't compromised, according to Moore, who fairly quickly fixed the vulnerability by hard-coding the right route for the packets.

    But since some 250 other servers are hosted on the same local area network at the service provider, they remain at risk, according to Moore.

    http://blog.wired.com/27bstroke6/200...r-hijacks.html

  2. #2
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    What a bunch of n00b cakes
    dd if=/dev/swc666 of=/dev/wyze

  3. #3
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    HD Moore is going to get those beeyatches!!!!!

  4. #4
    Junior Member BlackRS's Avatar
    Join Date
    May 2008
    Posts
    45

    Default

    Someone must be trying to make a name for themselves. I certainly wouldn't mess with H.D.
    Information is like water...

  5. #5
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    An interesting choice of victim indeed.
    -Monkeys are like nature's humans.

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Its a Chinese h4x0r gang. here is the forum post.

    http://forum.eviloctal.com/redirect....tpost#lastpost


    Update from HD at Metasploit: The issue was that someone hacked a machine on the same subnet and was ARP spoofing the gateway. The metasploit.com machines were not compromised, but all HTTP requests coming into the ISP network were passed through a MITM defacer that inserted that HTML. Once I as able to set a static ARP entry and notify the ISP, the problem was resolved. So, to make things clear, the metasploit.com servers were not hacked, the ISP’s network was.

  7. #7
    Member
    Join Date
    Jan 2010
    Posts
    83

    Default

    Did Moore respond as to any actions he is going to take against them? I would like to see a follow-up on Moore's end as to what he does to them, if any, interesting...

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Just for the record I was kinda kidding. Obviously taking any aggressive action against the culprits would be illegal.

  9. #9
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by pureh@te View Post
    Just for the record I was kinda kidding. Obviously taking any aggressive action against the culprits would be illegal.
    Yep, and had they of been stateside, they'd be well on their way to a place where they give free colonoscopies .
    dd if=/dev/swc666 of=/dev/wyze

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •