1 recommendation |
Nob0dy
Anon
2014-Feb-6 3:41 pm
Hackers? Hardly.This is likely the Zimbra exploit that was published back in early December. The story here should be about Comcast's security practices (or lack thereof). Too much credit is given to a group of losers who just ran a published exploit script and called themselves hackers. |
|
|
ArrayListDevOps Premium Member join:2005-03-19 Mullica Hill, NJ |
get off your high horse. "hacker" doesn't mean what you think it means. |
|
FlsRend Premium Member join:2004-01-31 Philadelphia, PA |
to Nob0dy
said by Nob0dy :This is likely the Zimbra exploit that was published back in early December. The story here should be about Comcast's security practices (or lack thereof). Too much credit is given to a group of losers who just ran a published exploit script and called themselves hackers. Just to clarify The exploit was discovered and fixed by Zimbra in Feb of 2013 (Was "published" on Twitter in Dec 2013) (» www.zimbra.com/forums/an ··· oit.html) |
|
|
|
Hacktivist Collective Takes Credit for Comcast Mail Server Hackby Chris Brook, Threatpost - February 6, 2014 » threatpost.com/hacktivis ··· k/104110quote: The compromised mail servers apparently run on Zimbra, a groupware email server client whose Lightweight Directory Access Protocol (LDAP) directory service was the target of the attack.
NullCrew was able to exploit a local file inclusion (LFI) vulnerability in LDAP to secure access to the credentials and passwords.
A LFI vulnerability can allow a hacker to add local files to web servers via script and execute PHP code. OWASPs definition notes that hackers can take advantage of the vulnerability when sites allow user-supplied input without proper validation, something Comcast is apparently guilty of.
Through the vulnerability, NullCrew was able to access localconfig.xml, a file that contains Comcast LDAP administrative credentials, including LDAP passwords and credentials for MySQL and Nginx.
With the information they could be able to make an API call and then execute a privilege escalation, according to a chat log from a few weeks ago, posted today between two hackers familiar with the vulnerability, _MLT_, formerly of TeaMp0isoN and C0RPS3, also formerly of TeaMp0isoN but now with NullCrew.
|
|
|
to Nob0dy
I asked Nullcrew to deface Viacom, News Corp, and Comcast for being against la a carte. |
|
QumahlinNever Enough Time MVM join:2001-10-05 united state |
to Nob0dy
99% of the existing "hacker" groups are nothing more then people who keep metasploit updated and continually retry or find "unique" targets.
This is also why a companies own IT team should be doing the same. you should be penetration testing at MINIMUM once a quarter using the existing tools out there. It's really not that hard to configure backtrack and metasploit and make sure your systems are vulnerable to every kid with minimal computer knowledge out there. |
|