The Hacker News Logo
Subscribe to Newsletter

Tajikistan Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced

Tajikistan's Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced
Google’s primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page.

Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar (domain.tj) authority has been hacked, that allows the hacker to access domain control panel.
Server Kernel: Linux mx.takemail.com 2.4.21-27.ELsmp #1 SMP Wed Dec 1 21:59:02 EST 2004 i686
Iranian hacker 'Mr.XHat' successfully managed to change the DNS records of attack websites and defaced them for about a day. Hacker told 'The Hacker News' that he used Directory Traversal vulnerability to hack the website and still has the access to the control panel.
Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files.
Following the screenshot of compromised Domain Registrar's Control Panel:
hacked Domain Registrar Control Panel
The hacker claimed to have the Root access to Mysql database of the site, where customer' passwords are stored in a hashed / encrypted format. To get an access of Twitter/Google's Customer domain panel, he smartly changed the administrative email address of respective accounts to his own email address and proceed with password recovery option.
Tajikistan Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced
In the above screenshot (provided by the hacker), showing the password recovery email received with the new password in plain text that allowed him to finally access the customer domain panel.

Hacked Domain are:
  • google.com.tj
  • yahoo.com.tj
  • twitter.com.tj
  • amazon.com.tj
At the time of writing the hacked domains are recovered back to original DNS, but defacement mirror available following:
  • http://zone-h.org/mirror/id/21452417
  • http://zone-h.org/mirror/id/21452420
  • http://zone-h.org/mirror/id/21452426
  • http://zone-h.org/mirror/id/21452428
We will update the post with new information as it becomes available.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.