Jump to content

Microsoft France: DEFACED


Guest

Recommended Posts

A turkich hacker that goes by the name of TiTHack defaced http://experts.microsoft.fr/default.aspx a mirror of the defacement can be seen here http://www.zone-h.org/index2.php?option=co...&id=4181592

You can read the full story from http://www.zone-h.org/content/view/4767/31/

after looking at all the sites he has defaced http://www.zone-h.org/component/option,com...efacer,TiTHacK/ it looks like iis6 has a major bug in it, considering he told them it was done through a "web server intrusion"

He says he is going after microsoft.com next, it would be interesting to see if he can gain access to them.

Link to comment
Share on other sites

Problem is that the default doesn't even have Apache running.

Microsoft.fr got hacked somehow through IIS which was potentially running whatever type of software underneath.

Apples and oranges in more ways than the obvious one.

Link to comment
Share on other sites

I'm sure they said that some where... a couple of years ago any way. They still block pings now...

C:>ping www.microsoft.com



Pinging lb1.www.ms.akadns.net [207.46.198.60] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.198.60:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Link to comment
Share on other sites

Do a traceroute (tracert on windows) to it and see where it stops. *THAT*'s the one that doesn't respond to pings (or at least allows them safe passage).

And since we're on the topic of ping, just so you know, on UNIX the ping command requires superuser privillege as they need full control over the packet that's being sent.

Link to comment
Share on other sites

C:>pathping www.microsoft.com



Tracing route to lb1.www.ms.akadns.net [207.46.199.30]

over a maximum of 30 hops:

  0  the-dwarf [192.168.0.51]

  1  192.168.0.1

  2  192.168.1.1

  3  esr4.sheffield3.broadband.bt.net [217.47.73.143]

  4  217.47.73.30

  5  217.41.176.21

  6  217.41.176.65

  7  217.41.176.122

  8  217.41.176.34

  9  217.32.96.49

 10  core2-pos6-0.sheffield.ukcore.bt.net [217.32.171.169]

 11  core2-pos9-3.birmingham.ukcore.bt.net [62.6.204.125]

 12  core2-pos14-1.reading.ukcore.bt.net [62.6.204.166]

 13  londont-ia1-fe00.mdip.bt.net [195.99.125.37]

 14  transit1-pos4-0.ealing.ukcore.bt.net [194.72.9.238]

 15  t2c1-p3-0.uk-eal.eu.bt.net [166.49.168.5]

 16  t2c1-p4-0.us-ash.eu.bt.net [166.49.164.110]

 17  166-49-151-130.eu.bt.net [166.49.151.130]

 18  gig2-1.ash-76cb-1b.ntwk.msn.net [207.46.47.99]

 19  ten9-3.ash-76cb-1a.ntwk.msn.net [207.46.34.25]

 20  pos6-2.wst-76cb-1a.ntwk.msn.net [207.46.40.69]

 21  pos1-0.wst-12ix-1a.ntwk.msn.net [207.46.36.210]

 22  pos1-0.tke-12ix-2a.ntwk.msn.net [207.46.155.10]

 23  po10.tuk-65ns-mcs-1a.ntwk.msn.net [207.46.224.151]

 24     *        *        *

Computing statistics for 600 seconds...

            Source to Here   This Node/Link

Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address

  0                                           the-dwarf [192.168.0.51]

                                0/ 100 =  0%   |

  1    0ms     0/ 100 =  0%     0/ 100 =  0%  192.168.0.1

                                0/ 100 =  0%   |

  2    1ms     0/ 100 =  0%     0/ 100 =  0%  192.168.1.1

                                0/ 100 =  0%   |

  3   51ms     0/ 100 =  0%     0/ 100 =  0%  esr4.sheffield3.broadband.bt.net [217.47.73.143]

                                0/ 100 =  0%   |

  4   53ms     0/ 100 =  0%     0/ 100 =  0%  217.47.73.30

                                0/ 100 =  0%   |

  5   56ms     0/ 100 =  0%     0/ 100 =  0%  217.41.176.21

                                0/ 100 =  0%   |

  6   54ms     0/ 100 =  0%     0/ 100 =  0%  217.41.176.65

                                0/ 100 =  0%   |

  7   55ms     0/ 100 =  0%     0/ 100 =  0%  217.41.176.122

                                0/ 100 =  0%   |

  8   56ms     0/ 100 =  0%     0/ 100 =  0%  217.41.176.34

                                0/ 100 =  0%   |

  9   58ms     0/ 100 =  0%     0/ 100 =  0%  217.32.96.49

                                0/ 100 =  0%   |

 10   59ms     0/ 100 =  0%     0/ 100 =  0%  core2-pos6-0.sheffield.ukcore.bt.net [217.32.171.169]

                                0/ 100 =  0%   |

 11   67ms     0/ 100 =  0%     0/ 100 =  0%  core2-pos9-3.birmingham.ukcore.bt.net [62.6.204.125]

                                0/ 100 =  0%   |

 12   64ms     0/ 100 =  0%     0/ 100 =  0%  core2-pos14-1.reading.ukcore.bt.net [62.6.204.166]

                                0/ 100 =  0%   |

 13   56ms     1/ 100 =  1%     1/ 100 =  1%  londont-ia1-fe00.mdip.bt.net [195.99.125.37]

                                0/ 100 =  0%   |

 14   63ms     0/ 100 =  0%     0/ 100 =  0%  transit1-pos4-0.ealing.ukcore.bt.net [194.72.9.238]

                                0/ 100 =  0%   |

 15   62ms     0/ 100 =  0%     0/ 100 =  0%  t2c1-p3-0.uk-eal.eu.bt.net [166.49.168.5]

                                0/ 100 =  0%   |

 16  136ms     0/ 100 =  0%     0/ 100 =  0%  t2c1-p4-0.us-ash.eu.bt.net [166.49.164.110]

                                0/ 100 =  0%   |

 17  141ms     0/ 100 =  0%     0/ 100 =  0%  166-49-151-130.eu.bt.net [166.49.151.130]

                              100/ 100 =100%   |

 18  ---     100/ 100 =100%     0/ 100 =  0%  gig2-1.ash-76cb-1b.ntwk.msn.net [207.46.47.99]

                                0/ 100 =  0%   |

 19  ---     100/ 100 =100%     0/ 100 =  0%  ten9-3.ash-76cb-1a.ntwk.msn.net [207.46.34.25]

                                0/ 100 =  0%   |

 20  ---     100/ 100 =100%     0/ 100 =  0%  pos6-2.wst-76cb-1a.ntwk.msn.net [207.46.40.69]

                                0/ 100 =  0%   |

 21  ---     100/ 100 =100%     0/ 100 =  0%  pos1-0.wst-12ix-1a.ntwk.msn.net [207.46.36.210]

                                0/ 100 =  0%   |

 22  ---     100/ 100 =100%     0/ 100 =  0%  pos1-0.tke-12ix-2a.ntwk.msn.net [207.46.155.10]

                                0/ 100 =  0%   |

 23  ---     100/ 100 =100%     0/ 100 =  0%  po10.tuk-65ns-mcs-1a.ntwk.msn.net [207.46.224.151]

                                0/ 100 =  0%   |

 24  ---     100/ 100 =100%     0/ 100 =  0%  the-dwarf [0.0.0.0]



Trace complete.

Happy?

Notice how the pings only start timing out when they hit microsofts routers.

Link to comment
Share on other sites

And since we're on the topic of ping, just so you know, on UNIX the ping command requires superuser privillege as they need full control over the packet that's being sent.

What UNIX? On FreeBSD I don't need to su to use ping, although since they don't pay royalties to use the UNIX trademark it isn't technically UNIX.

Link to comment
Share on other sites

what does ping have to do with defacing a microsft site? And a ping can be seen as an attack, it at least lets the attacker know the system is online, or the attack could use that to DoS the system offline. So in the right situations and with someone that knows what they are doing a ping can be used to aid in an attack.

Link to comment
Share on other sites

since when is a ping a http request? and that isnt what i said im suggesting they would block ping request to make it harder for an attacker. if you cant ping them then you cant set at BotNet up to ping them over and over again to knock them off the net.

but i still cant see what this has to do with the defacement, (what does a n00b do when he doesnt know how to hack

c:> ping victem

Link to comment
Share on other sites

what does ping have to do with defacing a microsft site? And a ping can be seen as an attack, it at least lets the attacker know the system is online, or the attack could use that to DoS the system offline. So in the right situations and with someone that knows what they are doing a ping can be used to aid in an attack.

As Sparda said, I think people will know Microsoft's online when they see the website. Blocking pings doesn't really aid you when you are running a server which is supposed to be accessible to the general public.

since when is a ping a http request? and that isnt what i said im suggesting they would block ping request to make it harder for an attacker. if you cant ping them then you cant set at BotNet up to ping them over and over again to knock them off the net.

Yes you can, pinging them will still use their bandwidth, although less of it since they won't be replying. You'd need a massive botnet to take out Microsoft anyway, I doubt ping flooding would be the best DoS attack to use.

Link to comment
Share on other sites

Agnologing pings is also a usfull service to people, it allows them to test if they can reach servers on the internet with out having to vitis a web site. Guess who offers this service where microsoft are too scared to... Google!

C:>ping www.google.co.uk



Pinging www.l.google.com [216.239.59.99] with 32 bytes of data:



Reply from 216.239.59.99: bytes=32 time=84ms TTL=234

Reply from 216.239.59.99: bytes=32 time=87ms TTL=234

Reply from 216.239.59.99: bytes=32 time=37ms TTL=234

Reply from 216.239.59.99: bytes=32 time=184ms TTL=234



Ping statistics for 216.239.59.99:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 37ms, Maximum = 184ms, Average = 98ms

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...