Deep night hijacking and hidden fog Technical Team

Author: Noseay | Roc

Pink and round-robin

In the afternoon, I saw a group of big bull ARP hidden fog technical groups ,. therefore, I was about to cheat hichina's zookeeper when I was going to be attacked by ARP. I called the phone and wanted to say that the domain name was hijacked and asked him to reset the password. Who knows what I asked, finally, I was told that the page was restored .. in desperation, hichina's zookeeper told my agent's phone number and mobile phone number, Baidu
I found the agent's website and scanned it with an artifact that met the Agency.

If you find that there are a lot of other sites, just start with a station and use the default password.

 

 

In the previous webshell, Elevation of Privilege ing ....
After winning the server, I took off the agent's site and did not find the domain name registered in the black market.
In desperation, the dns in whois information is NS1.xxxxxx. COM.
After reading the server, there is also the website xx.xxxxxx.com.
I looked at the database on the homepage and found many domain names!

 

 

 

 

 

Every database ran and finally found it!

I directly resolved the address from the database and waited for half a day without reflecting it !!
It should be a matter of character. I searched DNS on the server,
This DNS manager is found

Another source code is found in the same directory.
After the dns is set up, the source code is used to manage dns.

 

In the source code, I quickly changed it again.

It was useless after logging on for a long time. I ran the source code and found this again.

 

 

Down (dead!
I tried to change the Database Password to one side and then restore the site.
I changed the DNS again and finally succeeded.

 

 

 

 

Later, I hijacked three domain names of the webmaster, and there were many DNS sites.

Finished !!!