Guest Posted June 19, 2006 Share Posted June 19, 2006 A turkich hacker that goes by the name of TiTHack defaced http://experts.microsoft.fr/default.aspx a mirror of the defacement can be seen here http://www.zone-h.org/index2.php?option=co...&id=4181592 You can read the full story from http://www.zone-h.org/content/view/4767/31/ after looking at all the sites he has defaced http://www.zone-h.org/component/option,com...efacer,TiTHacK/ it looks like iis6 has a major bug in it, considering he told them it was done through a "web server intrusion" He says he is going after microsoft.com next, it would be interesting to see if he can gain access to them. Quote Link to comment Share on other sites More sharing options...
armadaender Posted June 19, 2006 Share Posted June 19, 2006 Interesting. I too, wonder if he(she) will be able to gain access to Mircoshaft's site. Quote Link to comment Share on other sites More sharing options...
CaveMan Posted June 19, 2006 Share Posted June 19, 2006 lol at if they did :P but than again... if they did get to microshaft he would get absolutely hammered by the evil server Quote Link to comment Share on other sites More sharing options...
stingwray Posted June 19, 2006 Share Posted June 19, 2006 Must have been a fun weekend for the administrator of microsoft.fr. Sites down know so they haven't even got the old one up. Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 19, 2006 Share Posted June 19, 2006 Perhaps they should upgrade to a more secure OS... i.e. OpenBSD (default install never been hacked?). Quote Link to comment Share on other sites More sharing options...
stingwray Posted June 19, 2006 Share Posted June 19, 2006 Perhaps they should upgrade to a more secure OS... i.e. OpenBSD (default install never been hacked?). "Only one remote hole in the default install, in more than 8 years!" Quote Link to comment Share on other sites More sharing options...
cooper Posted June 19, 2006 Share Posted June 19, 2006 Problem is that the default doesn't even have Apache running. Microsoft.fr got hacked somehow through IIS which was potentially running whatever type of software underneath. Apples and oranges in more ways than the obvious one. Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 19, 2006 Share Posted June 19, 2006 Don't microsoft think pinging is a security threat? Quote Link to comment Share on other sites More sharing options...
barrytone Posted June 19, 2006 Share Posted June 19, 2006 Don't microsoft think pinging is a security threat? What makes you think that? :? Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 19, 2006 Share Posted June 19, 2006 I'm sure they said that some where... a couple of years ago any way. They still block pings now... C:>ping www.microsoft.com Pinging lb1.www.ms.akadns.net [207.46.198.60] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 207.46.198.60: Â Â Â Â Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), Quote Link to comment Share on other sites More sharing options...
rFayjW98ciLoNQLDZmFRKD Posted June 19, 2006 Share Posted June 19, 2006 microsoft desent even respond to pings anymore, this is all I get: adam@adam-desktop:~$ ping microsoft.comPING microsoft.com (207.46.130.108) 56(84) bytes of data. and it just stays there. Quote Link to comment Share on other sites More sharing options...
cooper Posted June 19, 2006 Share Posted June 19, 2006 Do a traceroute (tracert on windows) to it and see where it stops. *THAT*'s the one that doesn't respond to pings (or at least allows them safe passage). And since we're on the topic of ping, just so you know, on UNIX the ping command requires superuser privillege as they need full control over the packet that's being sent. Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 19, 2006 Share Posted June 19, 2006 C:>pathping www.microsoft.com Tracing route to lb1.www.ms.akadns.net [207.46.199.30] over a maximum of 30 hops:   0  the-dwarf [192.168.0.51]   1  192.168.0.1   2  192.168.1.1   3  esr4.sheffield3.broadband.bt.net [217.47.73.143]   4  217.47.73.30   5  217.41.176.21   6  217.41.176.65   7  217.41.176.122   8  217.41.176.34   9  217.32.96.49 10  core2-pos6-0.sheffield.ukcore.bt.net [217.32.171.169] 11  core2-pos9-3.birmingham.ukcore.bt.net [62.6.204.125] 12  core2-pos14-1.reading.ukcore.bt.net [62.6.204.166] 13  londont-ia1-fe00.mdip.bt.net [195.99.125.37] 14  transit1-pos4-0.ealing.ukcore.bt.net [194.72.9.238] 15  t2c1-p3-0.uk-eal.eu.bt.net [166.49.168.5] 16  t2c1-p4-0.us-ash.eu.bt.net [166.49.164.110] 17  166-49-151-130.eu.bt.net [166.49.151.130] 18  gig2-1.ash-76cb-1b.ntwk.msn.net [207.46.47.99] 19  ten9-3.ash-76cb-1a.ntwk.msn.net [207.46.34.25] 20  pos6-2.wst-76cb-1a.ntwk.msn.net [207.46.40.69] 21  pos1-0.wst-12ix-1a.ntwk.msn.net [207.46.36.210] 22  pos1-0.tke-12ix-2a.ntwk.msn.net [207.46.155.10] 23  po10.tuk-65ns-mcs-1a.ntwk.msn.net [207.46.224.151] 24    *        *        * Computing statistics for 600 seconds...             Source to Here  This Node/Link Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address   0                                          the-dwarf [192.168.0.51]                                 0/ 100 =  0%  |   1    0ms    0/ 100 =  0%    0/ 100 =  0%  192.168.0.1                                 0/ 100 =  0%  |   2    1ms    0/ 100 =  0%    0/ 100 =  0%  192.168.1.1                                 0/ 100 =  0%  |   3  51ms    0/ 100 =  0%    0/ 100 =  0%  esr4.sheffield3.broadband.bt.net [217.47.73.143]                                 0/ 100 =  0%  |   4  53ms    0/ 100 =  0%    0/ 100 =  0%  217.47.73.30                                 0/ 100 =  0%  |   5  56ms    0/ 100 =  0%    0/ 100 =  0%  217.41.176.21                                 0/ 100 =  0%  |   6  54ms    0/ 100 =  0%    0/ 100 =  0%  217.41.176.65                                 0/ 100 =  0%  |   7  55ms    0/ 100 =  0%    0/ 100 =  0%  217.41.176.122                                 0/ 100 =  0%  |   8  56ms    0/ 100 =  0%    0/ 100 =  0%  217.41.176.34                                 0/ 100 =  0%  |   9  58ms    0/ 100 =  0%    0/ 100 =  0%  217.32.96.49                                 0/ 100 =  0%  | 10  59ms    0/ 100 =  0%    0/ 100 =  0%  core2-pos6-0.sheffield.ukcore.bt.net [217.32.171.169]                                 0/ 100 =  0%  | 11  67ms    0/ 100 =  0%    0/ 100 =  0%  core2-pos9-3.birmingham.ukcore.bt.net [62.6.204.125]                                 0/ 100 =  0%  | 12  64ms    0/ 100 =  0%    0/ 100 =  0%  core2-pos14-1.reading.ukcore.bt.net [62.6.204.166]                                 0/ 100 =  0%  | 13  56ms    1/ 100 =  1%    1/ 100 =  1%  londont-ia1-fe00.mdip.bt.net [195.99.125.37]                                 0/ 100 =  0%  | 14  63ms    0/ 100 =  0%    0/ 100 =  0%  transit1-pos4-0.ealing.ukcore.bt.net [194.72.9.238]                                 0/ 100 =  0%  | 15  62ms    0/ 100 =  0%    0/ 100 =  0%  t2c1-p3-0.uk-eal.eu.bt.net [166.49.168.5]                                 0/ 100 =  0%  | 16  136ms    0/ 100 =  0%    0/ 100 =  0%  t2c1-p4-0.us-ash.eu.bt.net [166.49.164.110]                                 0/ 100 =  0%  | 17  141ms    0/ 100 =  0%    0/ 100 =  0%  166-49-151-130.eu.bt.net [166.49.151.130]                               100/ 100 =100%  | 18  ---    100/ 100 =100%    0/ 100 =  0%  gig2-1.ash-76cb-1b.ntwk.msn.net [207.46.47.99]                                 0/ 100 =  0%  | 19  ---    100/ 100 =100%    0/ 100 =  0%  ten9-3.ash-76cb-1a.ntwk.msn.net [207.46.34.25]                                 0/ 100 =  0%  | 20  ---    100/ 100 =100%    0/ 100 =  0%  pos6-2.wst-76cb-1a.ntwk.msn.net [207.46.40.69]                                 0/ 100 =  0%  | 21  ---    100/ 100 =100%    0/ 100 =  0%  pos1-0.wst-12ix-1a.ntwk.msn.net [207.46.36.210]                                 0/ 100 =  0%  | 22  ---    100/ 100 =100%    0/ 100 =  0%  pos1-0.tke-12ix-2a.ntwk.msn.net [207.46.155.10]                                 0/ 100 =  0%  | 23  ---    100/ 100 =100%    0/ 100 =  0%  po10.tuk-65ns-mcs-1a.ntwk.msn.net [207.46.224.151]                                 0/ 100 =  0%  | 24  ---    100/ 100 =100%    0/ 100 =  0%  the-dwarf [0.0.0.0] Trace complete. Happy? Notice how the pings only start timing out when they hit microsofts routers. Quote Link to comment Share on other sites More sharing options...
stingwray Posted June 19, 2006 Share Posted June 19, 2006 Quite a lot of information you posted about yourself there Sparda. Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 19, 2006 Share Posted June 19, 2006 What? My computers host name? My ISP? Three internal IP addresses? That I live in England? Thats not alot of information... Quote Link to comment Share on other sites More sharing options...
Shaun Posted June 19, 2006 Share Posted June 19, 2006 And since we're on the topic of ping, just so you know, on UNIX the ping command requires superuser privillege as they need full control over the packet that's being sent. What UNIX? On FreeBSD I don't need to su to use ping, although since they don't pay royalties to use the UNIX trademark it isn't technically UNIX. Quote Link to comment Share on other sites More sharing options...
Guest Posted June 19, 2006 Share Posted June 19, 2006 what does ping have to do with defacing a microsft site? And a ping can be seen as an attack, it at least lets the attacker know the system is online, or the attack could use that to DoS the system offline. So in the right situations and with someone that knows what they are doing a ping can be used to aid in an attack. Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 19, 2006 Share Posted June 19, 2006 Are you surgesting that they block http requests so that the attacker doesn't know the system is online? Quote Link to comment Share on other sites More sharing options...
Guest Posted June 20, 2006 Share Posted June 20, 2006 since when is a ping a http request? and that isnt what i said im suggesting they would block ping request to make it harder for an attacker. if you cant ping them then you cant set at BotNet up to ping them over and over again to knock them off the net. but i still cant see what this has to do with the defacement, (what does a n00b do when he doesnt know how to hack c:> ping victem Quote Link to comment Share on other sites More sharing options...
Shaun Posted June 20, 2006 Share Posted June 20, 2006 what does ping have to do with defacing a microsft site? And a ping can be seen as an attack, it at least lets the attacker know the system is online, or the attack could use that to DoS the system offline. So in the right situations and with someone that knows what they are doing a ping can be used to aid in an attack. As Sparda said, I think people will know Microsoft's online when they see the website. Blocking pings doesn't really aid you when you are running a server which is supposed to be accessible to the general public. since when is a ping a http request? and that isnt what i said im suggesting they would block ping request to make it harder for an attacker. if you cant ping them then you cant set at BotNet up to ping them over and over again to knock them off the net. Yes you can, pinging them will still use their bandwidth, although less of it since they won't be replying. You'd need a massive botnet to take out Microsoft anyway, I doubt ping flooding would be the best DoS attack to use. Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 20, 2006 Share Posted June 20, 2006 Agnologing pings is also a usfull service to people, it allows them to test if they can reach servers on the internet with out having to vitis a web site. Guess who offers this service where microsoft are too scared to... Google! C:>ping www.google.co.uk Pinging www.l.google.com [216.239.59.99] with 32 bytes of data: Reply from 216.239.59.99: bytes=32 time=84ms TTL=234 Reply from 216.239.59.99: bytes=32 time=87ms TTL=234 Reply from 216.239.59.99: bytes=32 time=37ms TTL=234 Reply from 216.239.59.99: bytes=32 time=184ms TTL=234 Ping statistics for 216.239.59.99: Â Â Â Â Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Â Â Â Â Minimum = 37ms, Maximum = 184ms, Average = 98ms Quote Link to comment Share on other sites More sharing options...
Guest Posted June 20, 2006 Share Posted June 20, 2006 c:>telnet www.microsoft.com 80 tells me i can reach it and i didnt need to open a browser, there are ways around it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.