Microsoft France: DEFACED

June 19, 2006

A turkich hacker that goes by the name of TiTHack defaced http://experts.microsoft.fr/default.aspx a mirror of the defacement can be seen here http://www.zone-h.org/index2.php?option=co...&id=4181592

You can read the full story from http://www.zone-h.org/content/view/4767/31/

after looking at all the sites he has defaced http://www.zone-h.org/component/option,com...efacer,TiTHacK/ it looks like iis6 has a major bug in it, considering he told them it was done through a "web server intrusion"

He says he is going after microsoft.com next, it would be interesting to see if he can gain access to them.

armadaender · June 19, 2006

Interesting. I too, wonder if he(she) will be able to gain access to Mircoshaft's site.

CaveMan · June 19, 2006

lol at if they did :P

but than again... if they did get to microshaft he would get absolutely hammered by the evil server

stingwray · June 19, 2006

Must have been a fun weekend for the administrator of microsoft.fr. Sites down know so they haven't even got the old one up.

Sparda · June 19, 2006

Perhaps they should upgrade to a more secure OS... i.e. OpenBSD (default install never been hacked?).

stingwray · June 19, 2006

Perhaps they should upgrade to a more secure OS... i.e. OpenBSD (default install never been hacked?).

"Only one remote hole in the default install, in more than 8 years!"

cooper · June 19, 2006

Problem is that the default doesn't even have Apache running.

Microsoft.fr got hacked somehow through IIS which was potentially running whatever type of software underneath.

Apples and oranges in more ways than the obvious one.

Sparda · June 19, 2006

Don't microsoft think pinging is a security threat?

barrytone · June 19, 2006

Don't microsoft think pinging is a security threat?

What makes you think that? :?

Sparda · June 19, 2006

I'm sure they said that some where... a couple of years ago any way. They still block pings now...

C:&gt;ping www.microsoft.com



Pinging lb1.www.ms.akadns.net [207.46.198.60] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.198.60:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

rFayjW98ciLoNQLDZmFRKD · June 19, 2006

microsoft desent even respond to pings anymore, this is all I get:

adam@adam-desktop:~$ ping microsoft.com
PING microsoft.com (207.46.130.108) 56(84) bytes of data.

and it just stays there.

cooper · June 19, 2006

Do a traceroute (tracert on windows) to it and see where it stops. *THAT*'s the one that doesn't respond to pings (or at least allows them safe passage).

And since we're on the topic of ping, just so you know, on UNIX the ping command requires superuser privillege as they need full control over the packet that's being sent.

Sparda · June 19, 2006

C:&gt;pathping www.microsoft.com



Tracing route to lb1.www.ms.akadns.net [207.46.199.30]

over a maximum of 30 hops:

  0  the-dwarf [192.168.0.51]

  1  192.168.0.1

  2  192.168.1.1

  3  esr4.sheffield3.broadband.bt.net [217.47.73.143]

  4  217.47.73.30

  5  217.41.176.21

  6  217.41.176.65

  7  217.41.176.122

  8  217.41.176.34

  9  217.32.96.49

 10  core2-pos6-0.sheffield.ukcore.bt.net [217.32.171.169]

 11  core2-pos9-3.birmingham.ukcore.bt.net [62.6.204.125]

 12  core2-pos14-1.reading.ukcore.bt.net [62.6.204.166]

 13  londont-ia1-fe00.mdip.bt.net [195.99.125.37]

 14  transit1-pos4-0.ealing.ukcore.bt.net [194.72.9.238]

 15  t2c1-p3-0.uk-eal.eu.bt.net [166.49.168.5]

 16  t2c1-p4-0.us-ash.eu.bt.net [166.49.164.110]

 17  166-49-151-130.eu.bt.net [166.49.151.130]

 18  gig2-1.ash-76cb-1b.ntwk.msn.net [207.46.47.99]

 19  ten9-3.ash-76cb-1a.ntwk.msn.net [207.46.34.25]

 20  pos6-2.wst-76cb-1a.ntwk.msn.net [207.46.40.69]

 21  pos1-0.wst-12ix-1a.ntwk.msn.net [207.46.36.210]

 22  pos1-0.tke-12ix-2a.ntwk.msn.net [207.46.155.10]

 23  po10.tuk-65ns-mcs-1a.ntwk.msn.net [207.46.224.151]

 24     *        *        *

Computing statistics for 600 seconds...

            Source to Here   This Node/Link

Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address

  0                                           the-dwarf [192.168.0.51]

                                0/ 100 =  0%   |

  1    0ms     0/ 100 =  0%     0/ 100 =  0%  192.168.0.1

                                0/ 100 =  0%   |

  2    1ms     0/ 100 =  0%     0/ 100 =  0%  192.168.1.1

                                0/ 100 =  0%   |

  3   51ms     0/ 100 =  0%     0/ 100 =  0%  esr4.sheffield3.broadband.bt.net [217.47.73.143]

                                0/ 100 =  0%   |

  4   53ms     0/ 100 =  0%     0/ 100 =  0%  217.47.73.30

                                0/ 100 =  0%   |

  5   56ms     0/ 100 =  0%     0/ 100 =  0%  217.41.176.21

                                0/ 100 =  0%   |

  6   54ms     0/ 100 =  0%     0/ 100 =  0%  217.41.176.65

                                0/ 100 =  0%   |

  7   55ms     0/ 100 =  0%     0/ 100 =  0%  217.41.176.122

                                0/ 100 =  0%   |

  8   56ms     0/ 100 =  0%     0/ 100 =  0%  217.41.176.34

                                0/ 100 =  0%   |

  9   58ms     0/ 100 =  0%     0/ 100 =  0%  217.32.96.49

                                0/ 100 =  0%   |

 10   59ms     0/ 100 =  0%     0/ 100 =  0%  core2-pos6-0.sheffield.ukcore.bt.net [217.32.171.169]

                                0/ 100 =  0%   |

 11   67ms     0/ 100 =  0%     0/ 100 =  0%  core2-pos9-3.birmingham.ukcore.bt.net [62.6.204.125]

                                0/ 100 =  0%   |

 12   64ms     0/ 100 =  0%     0/ 100 =  0%  core2-pos14-1.reading.ukcore.bt.net [62.6.204.166]

                                0/ 100 =  0%   |

 13   56ms     1/ 100 =  1%     1/ 100 =  1%  londont-ia1-fe00.mdip.bt.net [195.99.125.37]

                                0/ 100 =  0%   |

 14   63ms     0/ 100 =  0%     0/ 100 =  0%  transit1-pos4-0.ealing.ukcore.bt.net [194.72.9.238]

                                0/ 100 =  0%   |

 15   62ms     0/ 100 =  0%     0/ 100 =  0%  t2c1-p3-0.uk-eal.eu.bt.net [166.49.168.5]

                                0/ 100 =  0%   |

 16  136ms     0/ 100 =  0%     0/ 100 =  0%  t2c1-p4-0.us-ash.eu.bt.net [166.49.164.110]

                                0/ 100 =  0%   |

 17  141ms     0/ 100 =  0%     0/ 100 =  0%  166-49-151-130.eu.bt.net [166.49.151.130]

                              100/ 100 =100%   |

 18  ---     100/ 100 =100%     0/ 100 =  0%  gig2-1.ash-76cb-1b.ntwk.msn.net [207.46.47.99]

                                0/ 100 =  0%   |

 19  ---     100/ 100 =100%     0/ 100 =  0%  ten9-3.ash-76cb-1a.ntwk.msn.net [207.46.34.25]

                                0/ 100 =  0%   |

 20  ---     100/ 100 =100%     0/ 100 =  0%  pos6-2.wst-76cb-1a.ntwk.msn.net [207.46.40.69]

                                0/ 100 =  0%   |

 21  ---     100/ 100 =100%     0/ 100 =  0%  pos1-0.wst-12ix-1a.ntwk.msn.net [207.46.36.210]

                                0/ 100 =  0%   |

 22  ---     100/ 100 =100%     0/ 100 =  0%  pos1-0.tke-12ix-2a.ntwk.msn.net [207.46.155.10]

                                0/ 100 =  0%   |

 23  ---     100/ 100 =100%     0/ 100 =  0%  po10.tuk-65ns-mcs-1a.ntwk.msn.net [207.46.224.151]

                                0/ 100 =  0%   |

 24  ---     100/ 100 =100%     0/ 100 =  0%  the-dwarf [0.0.0.0]



Trace complete.

Happy?

Notice how the pings only start timing out when they hit microsofts routers.

stingwray · June 19, 2006

Quite a lot of information you posted about yourself there Sparda.

Sparda · June 19, 2006

What? My computers host name? My ISP? Three internal IP addresses? That I live in England? Thats not alot of information...

Shaun · June 19, 2006

And since we're on the topic of ping, just so you know, on UNIX the ping command requires superuser privillege as they need full control over the packet that's being sent.

What UNIX? On FreeBSD I don't need to su to use ping, although since they don't pay royalties to use the UNIX trademark it isn't technically UNIX.

June 19, 2006

what does ping have to do with defacing a microsft site? And a ping can be seen as an attack, it at least lets the attacker know the system is online, or the attack could use that to DoS the system offline. So in the right situations and with someone that knows what they are doing a ping can be used to aid in an attack.

Sparda · June 19, 2006

Are you surgesting that they block http requests so that the attacker doesn't know the system is online?

June 20, 2006

since when is a ping a http request? and that isnt what i said im suggesting they would block ping request to make it harder for an attacker. if you cant ping them then you cant set at BotNet up to ping them over and over again to knock them off the net.

but i still cant see what this has to do with the defacement, (what does a n00b do when he doesnt know how to hack

c:> ping victem

Shaun · June 20, 2006

what does ping have to do with defacing a microsft site? And a ping can be seen as an attack, it at least lets the attacker know the system is online, or the attack could use that to DoS the system offline. So in the right situations and with someone that knows what they are doing a ping can be used to aid in an attack.

As Sparda said, I think people will know Microsoft's online when they see the website. Blocking pings doesn't really aid you when you are running a server which is supposed to be accessible to the general public.

since when is a ping a http request? and that isnt what i said im suggesting they would block ping request to make it harder for an attacker. if you cant ping them then you cant set at BotNet up to ping them over and over again to knock them off the net.

Yes you can, pinging them will still use their bandwidth, although less of it since they won't be replying. You'd need a massive botnet to take out Microsoft anyway, I doubt ping flooding would be the best DoS attack to use.

Sparda · June 20, 2006

Agnologing pings is also a usfull service to people, it allows them to test if they can reach servers on the internet with out having to vitis a web site. Guess who offers this service where microsoft are too scared to... Google!

C:&gt;ping www.google.co.uk



Pinging www.l.google.com [216.239.59.99] with 32 bytes of data:



Reply from 216.239.59.99: bytes=32 time=84ms TTL=234

Reply from 216.239.59.99: bytes=32 time=87ms TTL=234

Reply from 216.239.59.99: bytes=32 time=37ms TTL=234

Reply from 216.239.59.99: bytes=32 time=184ms TTL=234



Ping statistics for 216.239.59.99:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 37ms, Maximum = 184ms, Average = 98ms

June 20, 2006

c:&gt;telnet www.microsoft.com 80

tells me i can reach it and i didnt need to open a browser, there are ways around it. :wink:

Sign In

Microsoft France: DEFACED

Recommended Posts

Guest

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members