The Hacker News Logo
Subscribe to Newsletter

KALI Linux Mailing List Website Hacked Using Heartbleed Vulnerability

KALI Linux Mailing List Website Hacked By Libyan Hackers
When it comes to Digital Forensics, Penetration and Security testing, we mostly relies on Kali Linux distribution (also known as Backtrack), which is designed for security professionals and packed with more than 300 security testing tools.

But Today, Mailing List sub-domain of Kali Linux get hacked and defaced by Libyan hacking group known as ‘The GreaT TeAm (TGT)’.

A mailing list is simply a list of email addresses to which the same information is being sent. A discussion list is used to allow a group of people to discuss topics amongst themselves, with everyone able to send mail to the list and have it distributed to everyone in the group. Mailing lists have become a popular way for Internet users to keep up with topics they're interested in.

At the time of writing, The Homepage of Kali Linux mailing list domain was displaying two lists, i.e.
  • Kali with description "Hacked By The GreaT TeAm -TGT"
  • Kali-Dev with description “Libyan Hackers”
KALI Linux Mailing List Website Hacked By Libyan Hackers
Somehow Hackers managed to exploit some unknown vulnerability, either on Kali Linux web server or in Mailing list software used by Offensive Security team, and posted a Batman movie pic with Greetings text, “h4x3d by The GreaT TeAm” and “Libyan H4x0rz :D”, as shown in the above screenshot.

Hackers have also shared mirror of the defacement attack at Zone-H website.

Update: Hacker told 'The Hacker News' editorial via email that lists.kali.org domain is hosted on https://mailmanlist.net/, who offers an easy web interface for administrators to manage their discussion lists. Hacker claimed that 'Mailman List' website is affected by 'Heartbleed' vulnerability.

He said, "First I got access to one of the Mailmanlist.net user acount with stolen cookies, collected by exploiting Heartbleed vulnerability and then I searched for other web application vulnerabilities", that allowed him to extract the administrative username and password of the Kali Malining list account.

Heartbleed vulnerability in OpenSSL is a serious and widespread problem and despite having a team of top Security Researchers, Kali Linux too didn't remain untouched from it.

Update: Kali team tweeted, "Looks like our inactive, 3rd party, 0 volume mailing list was hacked. DNS entry removed - back to sleep, problem solved."

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.