Go Back   FlashFXP Forums > >
update server dns records were spoofed on google public DNS servers update server dns records were spoofed on google public DNS servers
Tickets Search Today's Posts Mark Forums Read

Website Comments, Suggestions, Questions, Concerns, Fan mail, Hate mail, Whatever goes.

 
 
Thread Tools Rate Thread Display Modes
Prev Previous Post   Next Post Next
Old 03-25-2015, 03:59 AM   #3
owahfxp
Junior Member
FlashFXP Registered User
 
Join Date: Sep 2014
Posts: 3
Default
i used several different dns in this test, amongst them google dns.

if you look at the situation right now, every dns server points to the same IP as the website's

Code:
; <<>> DiG 9.9.5-9-Debian <<>> liveupdate.flashfxp.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29985
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;liveupdate.flashfxp.com.       IN      A

;; ANSWER SECTION:
liveupdate.flashfxp.com. 296    IN      A       96.30.5.209

;; Query time: 17 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Mar 25 09:57:27 CET 2015
;; MSG SIZE  rcvd: 68
that said, i started disassembling the malware which was pushed via this hack and it looks very amateurish to me, i hardly believe that this was a targeted dns poison.
owahfxp is offline  
 

Tags
9.9.5-9-debian, dig, flashfxp, global, www.flashfxp.com, flashfxp, hacked, domain

« Previous Thread | Next Thread »
Thread Tools
Display Modes Rate This Thread
Threaded Mode Threaded Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 12:12 AM.
Archive - Privacy Statement - Top
Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)