How Hackers Can Take Down 40 Websites in Minutes

Here’s a situation that underscores the importance of network security these days: a novice hacker working for the research and development department of a Japanese automaker was able to exploit a cross-site scripting vulnerability to infiltrate a server and compromise 40 websites in seven minutes.

Armed with an interest in computer science, the information security student started attending hacker gatherings a few month ago; after a few months playing around in sandbox environments, a fellow hacker invited him to penetrate a server that featured an XSS vulnerability. In a technical article recently published by infosec website, the hacking student explained how he set a timer as he accepted the challenge.

Method of Attack Used in the Hack

The attack started with pinging the server and using a port scanning tool; it took two minutes for the hacker to determine that he was dealing with a business network that allowed file sharing by means of SMB and FTP. The hacker found an open port that could be accessed without standard username/password login credentials. Although this open port by itself does not allow privileged access, the hacker was able to deploy another tool to look for files that may be of interest; such files may include unencrypted login credentials.

In less than five minutes, the hacker figured out that the server did not have restrictions on uploading files; this allowed him to execute an upload command to inject a malicious script, which in turns allowed the hacker to build a web shell. What this means for the attacker is that they can establish a remote connection to the server. The hacker then used a Perl script to read the source code of the hosted websites, which were connected to a database. Amazingly, the hacker was also able to read a text file with credentials to gain root access to the MySQL database.

Once inside the database, the hacker located a configuration file that would have allowed him to take down all the websites with just one line of code; thankfully, he did not do this since his interest in network security is not malicious. The hacker explored further into the SMB (Samba) ports that allow file sharing; diving into these ports allowed him to open the folder with very sensitive information that included the SSID of Wi-Fi networks.

As you can see, even novice hackers can do significant damage to business networks, and they do not need too much time to do so. When was the last time you had a security audit done on your network? To learn more about server security in the High Desert, contact Sonic Systems in Victorville today.