dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
207

Nob0dy
@rr.com

1 recommendation

Nob0dy

Anon

Hackers? Hardly.

This is likely the Zimbra exploit that was published back in early December. The story here should be about Comcast's security practices (or lack thereof). Too much credit is given to a group of losers who just ran a published exploit script and called themselves hackers.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList

Premium Member

get off your high horse. "hacker" doesn't mean what you think it means.

FlsRend
Premium Member
join:2004-01-31
Philadelphia, PA

FlsRend to Nob0dy

Premium Member

to Nob0dy
said by Nob0dy :

This is likely the Zimbra exploit that was published back in early December. The story here should be about Comcast's security practices (or lack thereof). Too much credit is given to a group of losers who just ran a published exploit script and called themselves hackers.

Just to clarify

The exploit was discovered and fixed by Zimbra in Feb of 2013 (Was "published" on Twitter in Dec 2013) (»www.zimbra.com/forums/an ··· oit.html)

telcodad
MVM
join:2011-09-16
Lincroft, NJ

telcodad

MVM

Hacktivist Collective Takes Credit for Comcast Mail Server Hack
by Chris Brook, Threatpost - February 6, 2014
»threatpost.com/hacktivis ··· k/104110
quote:
The compromised mail servers apparently run on Zimbra, a groupware email server client whose Lightweight Directory Access Protocol (LDAP) directory service was the target of the attack.

NullCrew was able to exploit a local file inclusion (LFI) vulnerability in LDAP to secure access to the credentials and passwords.

A LFI vulnerability can allow a hacker to add local files to web servers via script and execute PHP code. OWASP’s definition notes that hackers can take advantage of the vulnerability when sites allow user-supplied input without proper validation, something Comcast is apparently guilty of.

Through the vulnerability, NullCrew was able to access localconfig.xml, a file that contains Comcast LDAP administrative credentials, including LDAP passwords and credentials for MySQL and Nginx.

With the information they could be able to make an API call and then execute a privilege escalation, according to a chat log from a few weeks ago, posted today between two hackers familiar with the vulnerability, _MLT_, formerly of TeaMp0isoN and C0RPS3, also formerly of TeaMp0isoN but now with NullCrew.
trollscience
join:2013-12-14
Carrington, ND

trollscience to Nob0dy

Member

to Nob0dy
I asked Nullcrew to deface Viacom, News Corp, and Comcast for being against la a carte.

Qumahlin
Never Enough Time
MVM
join:2001-10-05
united state

Qumahlin to Nob0dy

MVM

to Nob0dy
99% of the existing "hacker" groups are nothing more then people who keep metasploit updated and continually retry or find "unique" targets.

This is also why a companies own IT team should be doing the same. you should be penetration testing at MINIMUM once a quarter using the existing tools out there. It's really not that hard to configure backtrack and metasploit and make sure your systems are vulnerable to every kid with minimal computer knowledge out there.