The Websites of NASA's Instrument Systems and Technology unit and Software Engineering division were broken into and screenshots illustrating the hack posted online. The website was hacked my a hacker named "c0de.breaker" . The main aim was according to the hacker was -
“Because this is my hobby and I want to prove that even big websites which should be very secure, can be hacked, and this is true and sad at the same time.
I think it’s alright what i’m doing because if somebody else would find the vulnerability before me, he/she could do many bad things and damages (shelling, rooting, backdooring,etc).”
Ok that was great.The Website Vulnerable: http://saif-1.larc.nasa.gov (CEOS Systems Analysis Database).The hacker used many SQL injections for this vulnerability to hack in the website. some of them he showed us were some…
(True) and 1=1–
(False) and 1=2–
Information's
Some screens:
http://i41.tinypic.com/25j9zle.png
http://i37.tinypic.com/294t26t.png
http://i35.tinypic.com/qnpf9y.png
http://i38.tinypic.com/23r5mw.png
http://i37.tinypic.com/2rfe92u.png
http://i35.tinypic.com/a57s5e.png
Ok this thing was funny straight from the hacker – these lines where quoted form the http://www.theregister.co.uk/2009/12/07/nasa_hack/.
Hackers appear to have taken advantage of SQL Injection flaws and poor access controls in mounting the attack, reports Gunter Ollmann, an ex-IBM security expert who is now VP of Research at security firm Damballa.
SQL injection was made only by me.
The motives and perpetrators of the attack remain unclear at the time of writing. Messing around with sites run by the space agency is a risky business for hackers, as Gary McKinnon and others have discovered, though whether anything will happen over the latest break-in is unclear.
The reason was simple!
Because I could, and they were vulnerable.
As you can see, I didn’t change anything.
Happy Hacking @hackerthedude
0 nhận xét:
Đăng nhận xét