Metasploit Project's site hijacked through ARP poisoning

Summary:Metasploit, the open-source platform for developing, testing, and using exploit code, got its official project site briefly hijacked on Monday by a well known member of the Chinese underground who left the following message offering a new zero day exploit for sale - "hacked by sunwear! just for fun!

Metasploit, the open-source platform for developing, testing, and using exploit code, got its official project site briefly hijacked

Metasploit ARP Poisoning
on Monday by a well known member of the Chinese underground who left the following message offering a new zero day exploit for sale - "hacked by sunwear! just for fun! ring04h come on :) ps:sell 0day, my qq 47347 .call me sunwear".  The appearance of the message and the redirection of Metasploit.com to the Chinese forum appears to have been done though ARP poisoning on the ISP level according to H D Moore :

"Problem solved. Someone is ARP poisoning the IP address of the router on which the www.metasploit.com server resides. I hardcoded an ARP entry for the real router and that seems to solve the MITM issue. It doesn't help the other 250 servers on that network, but thats an issue for the ISP to resolve."

The Chinese hackers then distributed an image of what Metasploit.com looked like in the time of the ARP poisoning on the forum where the site used to redirect its visitors to, as you can also see for yourself. Offering to sale a zero day exploit by hijacking Metasploit's official site is surreal enough not to consider the possibility that a real zero day exploit could have been served if they were to fully abuse the man-in-the-middle attack potential.

Topics: Malware, Networking, Open Source, Security, Servers

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.