DNS hijacking is the process of altering the name server records and redirecting the users to a bogus website.

As everyone knows every domain name depends on its name server to direct the user to go a particular IP address and when the name server get compromised user will be taken to another site which is not controlled directly by the original domain owner. See for example

www.jayacom.com.my
-> points to the name server ns1.yahoo.com
-> which points
www.jayacom.com.my -> some ip address
us.jayacom.com.my -> another ip address
mail.jayacom.com.my -> mail server ip etc
ftp.jayacom.com.my

So if ns1.yahoo.com is compromised the whole system goes down. The domain name owner of his machines or his firewall won’t give any security for such a hijacking.

Imagine the name server of a financial institution gets hijacked and redirect the user to a similar looking website. User won’t be notice that it’s a pishing attack as the url etc says the same but the underlying IP address is different. User might enter his user name and password trusting it as a legitimate website and that’s it…
Be careful and be aware of when such an attack is happening. Look for the HTTPS certificates while entering passwords to a financial website.

Explore More

How does the form-based authentication scheme work?

The form-based authentication scheme works in the following manner: * A client generates a request for a protected resource (e.g. a transaction details page). * The Internet Information Server (IIS)

Read More

LFI/RFI testing and exploiting with fimap

fimap is currently under development but still usable. Feel free to test it! This document and tool is not recommend for people who doesn’t know what LFI/RFI is. If you

Read More

Yet another simple Google Docs hack

A simple hack that allow you to edit read only Google docs is explained here http://googlesystem.blogspot.com/2009/01/copy-google-documents-to-your-account.html It works and all you need is to hack the url a bit like

Read More