Hacker, Researcher and Author.

How Was 1337day.com Hacked?

Today, in the morning when i browsed to 1337day.com (The famous exploit buying/selling database), I was shocked to see 1337day defaced by famous turkish hacker group named "Turkguvenligi", In past Turkguvenligi has been responsible for defacements of lots of famous websites. Here is what appeared when i came across 1337day.com


On their defacement page, they told that they had asked 1337day to ban a fake user with author id =5819 but they refused to do so, As i browsed to http://www.1337day.com/author/5819, i website was first appeared to be inaccessible, later it showed the following message:


However, i used their mirror site 1337day.org to access the author link, Here is the screenshot:


By looking at the author name "Agd_Scorp", i understood the whole point of the dispute, Agd_Scorp is a well known hacker and founding member of "Turkguvenligi", He is responsible for lots of high profile defacements, If you take a look at his Zone-h record, it's pretty impressive, he has history of hacking into domain registrars.

It appears to me that some known was submitting exploits with the name of Agd_Scorp, They asked 1337day team to remove it, however they refused to remove it. Therefore they defaced their website.

How was 1337day.com hacked?

There have been issues in the past where 1337day, injectors etc and their mirror websites were hacked, but in all of those cases, their servers were never compromised, it was their domain registrar Moniker.com, which got compromised by the attackers.

The attackers, compromised moniker.com and changed their dns servers to their own dns servers, a story matching Google Pakistan hack, The 1337day team later confirmed on their facebook that their domain registrar was the victim of their attack not their DNS servers.

They have also asked webmasters not to invent stories that their server was hacked. They say it's impossible, I don't agree with them on this point. Even most secure systems can be compromised.

On performing a WHOIS lookup, I came to know that they have actually switched their hosting account from Moniker.com to hostgator.com


I have confirmed with hostgator that the dns servers for websitewelcome belong to them. We, will update you as soon as we have more information. 

6 comments:

  1. this is why i like ur posts rafay.. u go into details.. keep it up bro :)

    ReplyDelete
  2. Replies
    1. Is paying thousands of USD for CEH worth it? Can I study this on my own? Pls advise
      Thanks

      Delete
  3. Rafay bro thanks for sharing...
    I've one question for you..i've been asked already on fb now m repeating......
    I heard about your eBooks and also have been read out one of your eBook "An Introduction to Keyloggers RATS and Malwares which is currently freeware" and it's saying that you are going to launch a new one about "Advance Guide to Ethical Hacking"..Is it right?
    And I want to read read your 2nd eBook "A Beginners Guide to Ethical Hacking" but the fact is that I reside in lower Punjab where there is no such means of electronic so far and I don't have even an account on any online bank!!
    I can pay you through any other means if you are willing to give away this eBook. And whether would you make your 2nd eBook free or not??? Because your new book will be banner over the market?????? waiting to hearing something from you....

    ReplyDelete
  4. @Adeel

    Contact me via the contact form on the website, i'll take a look.

    @Jabbok

    Certainly not, instead you should go for PWB 3.0 from Offensive security.

    ReplyDelete
  5. Turks are always using prefab tools though.

    ReplyDelete

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.