Forgot your password?
typodupeerror

+ - Owned And exposed->

Submitted by Anonymous Coward
An anonymous reader writes "Resource : http://tny.cz/44e5a1d5 ================================================================= _____ = |_ _|__ __ _ _ __ ___ = | |/ _ \/ _` | '_ ` _ \ = | | __/ (_| | | | | | | = |_|\___|\__,_|_| |_| |_| = = ____ _ _ _ _ _ = | __ )| | __ _ ___| | _| |__ __ _| |_ ___ _ __ | | __ = | _ \| |/ _` |/ __| |/ / '_ \ / _` | __/ __| | '_ \| |/ / = | |_) | | (_| | (__| http://pknic.net.pk/ Who are pknic.net.pk ? PKNIC is responsible for the administration of the .PK domain name space, including the operation of the DNS for the Root-Servers for .PK domains, and registration and maintenance of all .PK domain names. PKNIC is operated as a self-supporting organization. ,----. ( Owned And Exposed! ) .-. `----' _ \ \ (_) \ \ O | | |\ /\ o | | __ |,\(_\_ . /\---/\ _,---._ | | ( ( |\,` `-^. /^ ^ \,' `. ; \ \ : `-' ) ( O O ) ; \ \ \ ; `.=o=__,' \ \ \ `-. ,' / _,--.__ \ \ \ ____________,' ( / _ ) ,' `-. `-. \ ; ' ; / ,' / ,' \ \ \ \ \ /___,-. / / / ,' (,_)(,_) `, ,_____| ;'_____,' (,; (,,) ,-" \ : | : ( .-" \ `.__ | | \__) `.__,' |__) Greeting followers, Before we start we need to clarify some facts. So, who are we? First, lets talk about some things we are not. We are not a cyber mafia gang. We are the watchmen, the hackers who quietly observe the scene. If any skiddy community Make Problem, we shut them down. If any lamer causes too much trouble, we shut them down. So why we are doing this ? — Simply to give Ans of propagandas like this : "Apparently Google Pakistan has been defaced by a Turkish Hacker group "Eboz" . It's still quite hard to believe that Google server has been hacked. They really need to put a lot of focus on their defenses because if one website got hacked that means every other websites can be hacked. " And some Indian And Other Lamer's Makeing comments like "“Hello friends who are still alive, not dead!”"" — So how did skiddy manage to deface these com.pk domains? Penetration Report : -[0x01]- Introduction : So we got report google.com.pk , translate.google.com.pk , msn.com.pk And other popular com.pk , co.pk , .pk Got defaced . indeed We Check out whois Report for these domains . And All of these domain are registered from pknic.net.pk .. And the attacker Changed dns To There host where they hosted Their deface page . All trafic of .com.pk domain was pointing to attacker host . -[0x02]- We Start Searching for Vulnerability in pknic.net.pk .. And boom We found it vulnerable to multiple highly critical vulnerability .. Vulnerability type : boolean-based blind sql injection, AND/OR time-based blind sql injection Vulnerability type : cross site scripting Vulnerability type : sensitive directory discloser -[0x03]- Exploiting Sql Injection Vulnerability : Affected Domain : http://pk5.pknic.net.pk/ Affected items : /pk5/userAuthorizeAgents.PK Sql injection poc : http://i46.tinypic.com/4s04uh.jpg Place: GET Parameter: userID Type: boolean-based blind Title: MySQL http://i49.tinypic.com/29yk2t0.jpg — Msg to skidy Defacers : Defaceing will not make you l33t . What Was soo hard in this ? — ===================================================== | | |\ /| | \____/ | | /\/\ | .'___ ___`. / \|/ \|/ \ _.--------------( ____ __ _____) .-' \ -. | | | | | \ ----\/---- / .'\ | | / \` | | | | `. -'`- .' /` ` ` '/ / \ | | | | \ `------'\ /- `-------.' `-----. -----. `---. ( / | | | | )/ | | | )/ | | | | | ) | | ) `._________.'_____,,,/\_______,,,,/_,,,,/ PK We are still alive not dead .. ====================================================="
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Owned And exposed

Comments Filter:

This file will self-destruct in five minutes.

Working...