📄 advisory01.html
字号:
<html>
<head>
<title>A Flaw in InterNIC Authentication Scheme</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<table width="680" border="0" cellspacing="2" cellpadding="2" align="center">
<tr>
<td width="693">
<pre>
::::::::: :::::::: ::::::::: ::::::::::
:+: :+: :+: :+: :+: :+: :+:
+:+ +:+ +:+ +:+ +:+ +:+
+#++:++#+ +#++:++#++ +#++:++#: :#::+::#
+#+ +#+ +#+ +#+ +#+ +#+
#+# #+# #+# #+# #+# #+# #+#
######### ######## ### ### ###
<a href="%20http://blacksun.box.sk" target="_blank">http://blacksun.box.sk</a>
_____________________________
______________________I <b> Topic:</b> I_____________________
\ I I /
\ HTML by: I <b>A Flaw in InterNIC</b> I Written by: /
> I <b>Authentication Scheme</b> I <
/ <a href="mailto:black_mesa@gmx.de">Martin L.</a> I_____________________________I <a href="mailto:lucifermirza@hotmail.com">Lucifer Mirza</a> \
/___________________________> <_________________________\</pre>
</td>
</tr>
</table>
<br>
<br>
<br>
<font size="4"><b>Disclaimer:</b></font><br>
<br>
This sole purpose of the information contained in this advisory is to point out
the flaws in InterNIC's domain name handling system and is intented for education.
Any abuse of the information in whole or in part is NOT my responsibility nor
do I encourage illegal activities.
<p>The below mentioned technique involves a planned step by step way of stealing
different sorts of com/net/org/gov/mil domain names.<br>
<br>
<font size="4"><b>Tools:</b></font><br>
</p>
<ul>
<li> anonymous remailer or mail bomber which could spoof email adresses (I used
Kaboom). </li>
<li>access to internet and mainly networksolutions.com website.</li>
<li>Social Engineering skills for timing the emails.</li>
<li>A fake email address at hotmail.com or any other free service.</li>
</ul>
<p><br>
<br>
<font size="4"><b>Intructions:</b></font><br>
<br>
As an example for this advisory, I will take the domain name wi2000.org. Go
to <a href="http://networksolutions.com" target="_blank">networksolutions.com</a>
and click on the link that says 'Who Is.' Now enter the domain name (wi2000.org
in this case) in the search field and click on the 'Search' button. This would
show you the WhoIs information as shown below<br>
</p>
<hr width="75%" align="center">
<br>
Registrant:<br>
WI2000 (WI24-DOM)<br>
Blixered 1<br>
Goteborg, Lila Edet 46394<br>
SE
<p> Domain Name: WI2000.ORG</p>
<p> <b>Administrative Contact:</b><br>
MICKE, ANDERSSON (AMM367) HACKEDINDUSTRIES@HOTMAIL.COM<br>
545326-3445 (FAX) 545326-3445<br>
<b>Technical Contact, Zone Contact:</b><br>
Jason, Berresford (BJE41) jasonb@MOUNTAINCABLE.NET<br>
1-(905)-765-5212<br>
<b>Billing Contact:</b><br>
MICKE, ANDERSSON (AMM367) HACKEDINDUSTRIES@HOTMAIL.COM<br>
545326-3445 (FAX) 545326-3445</p>
<p> Record last updated on 22-Jan-2000.<br>
Record created on 19-Dec-1999.<br>
Database last updated on 3-Feb-2000 14:29:53 EST.</p>
<p> Domain servers in listed order:</p>
<p> NS1.CAN-HOST.COM 24.215.1.6<br>
NS2.MOUNTAINCABLE.NET 24.215.0.12<br>
</p>
<hr width="75%" align="center">
<p>Now you have two choices here:</p>
<p><b>-01></b> Either you could take full control of the domain by changing
the Administrator's handle information.</p>
<p> OR</p>
<p><b>-02></b> You could simply point the domain to another host and let it
recover in time by itself.</p>
<p>The first approach is very aggressive and could be hazardous if you are going
for gov or mil domain names so I recommend second approach for gov and mil domains.<br>
<b><font size="4"><br>
Intiating the First Attack:</font></b><br>
<br>
Let me first explain the InterNIC authentication system in case most of you
would be the readers who do not have their own domain names. The problem with
InterNIC authentication is that they do NOT send a confirmation email if the
request is sent from the same email as the person owning the contact or the
domain name itself! Therefore, utilizing this flaw one could spoof anyone's
email address and change any domain name's information. Although, a confirmation
is required from the person to whom the domain is about to be transferred; and
that shouldn't be too hard as it would your own email address ;-)</p>
<p>Here's a step by step procedure:</p>
<ul>
<li>Go to <a href="http://www.networksolutions.com/" target="_blank">http://www.networksolutions.com/</a></li>
<li>Click on the link that says 'Make Changes.'</li>
<li>Enter the domain name wi2000.org</li>
<li>You should be presented with 2 blue buttons</li>
<li>Click on the one that says *Expert*</li>
<li>Next screen would have a heading 'Select the form that meets your needs'</li>
<li>Click on the link that say 'Contact Form'</li>
<li>Next you should see a form with 2 fields.</li>
<li>In the first field enter the admin's handle (wi2000.org admin is AMM367)</li>
<li>In the next field enter his/her email address (in this case it's HACKEDINDUSTRIES@HOTMAIL.COM)</li>
<li>Change the option to 'Modify.'</li>
<li>Now 'Proceed to Contact Information.'</li>
<li>Select the MAIL-FROM option and click the 'Go on to Contact Data Information.'</li>
<li>Now you should see all the information about the admin contact of domain
name!</li>
<li>In the E-mail address field change the email to your own fake email. (I
changed it to dd@doom.com)</li>
<li>Now 'Proceed to Set Authorization Scheme.'</li>
<li>Again choose MAIL-FROM and enter the email address of the admin (HACKEDINDUSTRIES@HOTMAIL.COM)</li>
<li>Leave the bottom option to 'No' and 'Generate Contact Form.'</li>
<li>Now you should see a template with all the information. Similar to this:</li>
<br>
</ul>
<p>******************* Please DO NOT REMOVE Version Number **********************</p>
<p>Contact Version Number: 1.0</p>
<p>**************** Please see attached detailed instructions *******************</p>
<table width="75%" border="0" cellpadding="2" cellspacing="2">
<tr>
<td> </td>
<td>Authorization</td>
<td> </td>
</tr>
<tr>
<td>0a.</td>
<td>(N)ew (M)odify (D)elete.:</td>
<td>Modify</td>
</tr>
<tr>
<td>0b.</td>
<td>Auth Scheme.............:</td>
<td><br>
MAIL-FROM</td>
</tr>
<tr>
<td>0c.</td>
<td>Auth Info...............:</td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td>Contact Information</td>
<td> </td>
</tr>
<tr>
<td>1a.</td>
<td>NIC Handle..............:</td>
<td>AMM367</td>
</tr>
<tr>
<td>1b.</td>
<td>(I)ndividual (R)ole.....:</td>
<td>Individual</td>
</tr>
<tr>
<td>1c.</td>
<td>Name....................:</td>
<td>MICKE, ANDERSSON</td>
</tr>
<tr>
<td>1d.</td>
<td>Organization Name.......:</td>
<td>WI2000</td>
</tr>
<tr>
<td>1e.</td>
<td>Street Address..........: </td>
<td>BLIXERED 1</td>
</tr>
<tr>
<td>1f.</td>
<td>City....................: </td>
<td>GOTEBORG</td>
</tr>
<tr>
<td>1g.</td>
<td>State...................:</td>
<td>LILLA EDET </td>
</tr>
<tr>
<td>1h.</td>
<td>Postal Code.............:</td>
<td>46394</td>
</tr>
<tr>
<td>1i.</td>
<td>Country.................:</td>
<td>SE</td>
</tr>
<tr>
<td>1j.</td>
<td>Phone Number............:</td>
<td>545326-3445 </td>
</tr>
<tr>
<td>1k.</td>
<td>Fax Number..............:</td>
<td>545326-3445</td>
</tr>
<tr>
<td>1l. </td>
<td>E-Mailbox...............: </td>
<td>dd@doom.com</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td>Notify Information</td>
<td> </td>
</tr>
<tr>
<td>2a. </td>
<td>Notify Updates..........: </td>
<td>AFTER-UPDATE</td>
</tr>
<tr>
<td>2b.</td>
<td>Notify Use..............: </td>
<td>AFTER-USE</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td>Authentication </td>
<td> </td>
</tr>
<tr>
<td>3a. </td>
<td>Auth Scheme.............: </td>
<td>MAIL-FROM</td>
</tr>
<tr>
<td>3b.</td>
<td>Auth Info...............: </td>
<td>HACKEDINDUSTRIES@HOTMAIL.COM</td>
</tr>
<tr>
<td>3c.</td>
<td>Public (Y/N)............:</td>
<td>NO</td>
</tr>
</table>
<hr width="75%" align="center">
<br>
<br>
<b>NOTE:</b> Do NOT press the button at the bottom that says 'Mail this contact
form to me!'<br>
<br>
Copy and paste this message into your anonymour remailer or mailbomber and you
are ready to go; but WAIT! It's not that easy, now comes the HARD part! When you
mail this message to hostmaster@networksolutions.com a message similar to the
following would be sent to the admin email address:
<p><br>
Subject: [NIC-000128.4r50] Your Mail</p>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -