• Home
  • About
  • Contacts
  • EnglishEnglish
    • RussianRussian
    • TajikTajik

Информационные технологии в Таджикистане

  • Government
  • Bank
  • Internet
  • Education
  • Interview
  • Telecom
  • FOSS
  • Vacancy
Home 2014 January Tajikistan’s Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced

Tajikistan’s Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced

Tajikistan's Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced

Google’s primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon — redirected to a defaced page. Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan’s Domain registrar (domain.tj) authority has been hacked, that allows the hacker to access domain control panel.

Server Kernel: Linux mx.takemail.com 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST 2004 i686

Iranian hacker ‘Mr.XHat’ successfully managed to change the DNS records of attack websites and defaced them for about a day. Hacker told ‘The Hacker News’ that he used Directory Traversal vulnerability to hack the website and still has the access to the control panel.

Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files.

Following the screenshot of compromised Domain Registrar’s Control Panel:

hacked Domain Registrar Control Panel

The hacker claimed to have the Root access to Mysql database of the site, where customer’ passwords are stored in a hashed / encrypted format. To get an access of Twitter/Google’s Customer domain panel, he smartly changed the administrative email address of respective accounts to his own email address and proceed with password recovery option.

Tajikistan Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced

In the above screenshot (provided by the hacker), showing the password recovery email received with the new password in plain text that allowed him to finally access the customer domain panel.

Hacked Domain are:

  • google.com.tj
  • yahoo.com.tj
  • twitter.com.tj
  • amazon.com.tj

At the time of writing the hacked domains are recovered back to original DNS, but defacement mirror available following:

  • http://zone-h.org/mirror/id/21452417
  • http://zone-h.org/mirror/id/21452420
  • http://zone-h.org/mirror/id/21452426
  • http://zone-h.org/mirror/id/21452428

 

We will update the post with new information as it becomes available.

via-thehackernews.com

Jan 8, 2014Suhrob N.

Этот пост также доступен на: Tajik

50 Top Sources Of Free eLearning Courses14 Reasons To Pass Immigration Reform In 2014
You Might Also Like
 
Sirius Programme UK launches global search for next group of talented entrepreneurs
 
Abstraction and Virtualization

Leave a Reply Cancel reply

Картинка профиля Suhrob N.
Suhrob N.

Сделайте мир лучше с креативных вещей.

9 years ago Internet87
  • en  English
  • ru  Russian
  • tj  Tajik
0
GooglePlus
0
Facebook
0
Twitter
0
Linkedin
Активные колумнисты
Рисунок профиля (Jamshed Marupov)
Рисунок профиля (Farishtamoh Gulova)
Рисунок профиля (Firdavs Yormatov)
Рисунок профиля (Suhrob N.)
Рисунок профиля (Bakhtiyor Bahriddinov)
Рисунок профиля (Firdavs Umarjonov)
Рисунок профиля (Yahya Qurbani)
Рисунок профиля (Khushruz Hazratkulov)
Рисунок профиля (muhtasham)
Рисунок профиля (Farhod Pulatov)
Рисунок профиля (Jafar Urunov)
Рисунок профиля (Orif Jr.)
Рисунок профиля (Daler Bahritdinov)
Рисунок профиля (Erkin Kholmatov)
Рисунок профиля (Dilrabo Shukri)
Наша рассылка
Подпишитесь на нашу рассылку, чтобы получать последние новости и события
* = required field
КАЛЕНДАРЬ СОБЫТИЙ

There are no upcoming events at this time.

Следите за нами на Твиттере
My Tweets
Популярные
RSS ИТ блоги
- 2013 — Company ICT4D.TJ.
This material is Open Knowledge Лицензия Creative Commons
Content on this site, made by ICT4D.TJ, is licensed under a
Creative Commons «Attribution-NonCommercial-ShareAlike» 4.0 International License
.