It is a bit old method but necessary to understand if you are learning about DNS hijacking and In Past a Pakistani Famous BlackHat hacker " Shadow008 " was hijacking the subdomains of blogger blogs and everyone was shocked to see how he is doing this but after a mean while he published an article about how he hijacked the blogger sub domains on his blog.
We know that when someone host his website on blogger he have to point the CNAME toward to given address by blogger or if we want to connect the domain mail with Gmail we also have to point it toward the Gmail Address given by them and many peoples at that time do one mistake that they point their domains to Gmail or blogger cname to connect their domain and they forget to add the pointed sub domain in blogger and this gives us the error which is in the below picture.
" 404.
That’s an error.
This error means that the domain is pointed toward google,s cname or ip address but it is not yet hosted and shadow008 took its revenge and hijacked the sub domains of many blogs by simply hosting thos sub domains on blogger.com by adding custom domain in settings and he was successfully able to add the sub domain.
Shado008 hijacked the sub-domains of many important websites including thehackernews.com which was
some how the direct subdomain was pointing toward,s the google,s ip and he hijacked it easily and not only this but including many more high ranking websites.
2. You found the 404 error sub-domain ? looking for how to hijack ?
We know that when someone host his website on blogger he have to point the CNAME toward to given address by blogger or if we want to connect the domain mail with Gmail we also have to point it toward the Gmail Address given by them and many peoples at that time do one mistake that they point their domains to Gmail or blogger cname to connect their domain and they forget to add the pointed sub domain in blogger and this gives us the error which is in the below picture.
" 404.
That’s an error.
This error means that the domain is pointed toward google,s cname or ip address but it is not yet hosted and shadow008 took its revenge and hijacked the sub domains of many blogs by simply hosting thos sub domains on blogger.com by adding custom domain in settings and he was successfully able to add the sub domain.
Shado008 hijacked the sub-domains of many important websites including thehackernews.com which was
- " http://direct.thehackernews.com/ "
- " http://www.zone-h.org/mirror/id/18307796 "
some how the direct subdomain was pointing toward,s the google,s ip and he hijacked it easily and not only this but including many more high ranking websites.
- Now the question arises in our mind is how we can find the vulnerable subdomains ?
2. You found the 404 error sub-domain ? looking for how to hijack ?
- Open blogger.com and open your free blogspot as mine is sniperhaxx.blogspot.com
- Goto Settings
- Click on setup 3rd party URL
- Add the sub-domain which is giving url
- Done now you have added successfully now go and edit the html of template and deface it.
Video ? :D
ReplyDeleteSorry there,s no video tutorial.
Delete- Okay ! No Prob :D
DeleteDude, so if there is a site say example.com,
ReplyDeleteI type in xyz.example.com and I get 404 error, then does it mean that it is vulnerable ?
It was but recently google has patched the bug :p
DeleteI mean, if I want to test a site whether it is vulnerable or not .. how can I test it.
DeleteI'm talking in terms of other websites and not blogger/google/blogspot ..
Could you please tell the actual way to assess the same ..
Really would appreciate the same.
look brother this bug is patched now and we can not practice anymore but this will help you to learn dns hijacking
DeleteWow!! Awesome Work you have done!!! This software is work properly!! I had a little problem but I fix that my self
ReplyDeleteA very awesome blog post. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. I was exactly searching for. Thanks for such post and please keep it up ria hacker
ReplyDeleteSuch a very useful article. Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. hire a hacker
ReplyDelete