The Dark Visitor » defaced http://www.thedarkvisitor.com Wed, 08 Jun 2011 03:15:53 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Sunwear hacks metasploit.com? http://www.thedarkvisitor.com/2008/06/sunwear-hacks-metasploitcom/ http://www.thedarkvisitor.com/2008/06/sunwear-hacks-metasploitcom/#comments Mon, 02 Jun 2008 18:07:12 +0000 jumper http://www.thedarkvisitor.com/?p=594 Heike and I have reported on the well-known Chinese hacker sunwear several times:

People’s Armed Police Officer Hacking?

Sunwear Picture Proclaimed a Joke

Chinese Hacker…repeat offender!

Top Chinese Veteran Hackers

sunwear vs. metasploit.com

A forum posting on eviloctal from sunwear shows a screenshot of a hacked metasploit.com with his mark:  “hacked by sunwear ! just for fun”.  Here is a link to the eviloctal.com forum posting.  Thanks to sunbelt for the newsNo way to tell if it was a hoax or real just yet. The metasploit site seems to be normal at the time of this writing.  The forum post was made by sunwear on June 3.

Update (June 3 2003hrs GMT): One reader commented that the site was indeed hacked and that he was redirected to the evil octal forums.

Update from HD at Metasploit: The issue was that someone hacked a machine on the same subnet and was ARP spoofing the gateway. The metasploit.com machines were not compromised, but all HTTP requests coming into the ISP network were passed through a MITM defacer that inserted that HTML. Once I as able to set a static ARP entry and notify the ISP, the problem was resolved. So, to make things clear, the metasploit.com servers were not hacked, the ISP’s network was.

]]> http://www.thedarkvisitor.com/2008/06/sunwear-hacks-metasploitcom/feed/ 9