How A Website Gets DNS Poisoned/DNS Hijacked

So you might be thinking how websites get DNS Poisoned or in other words, DNS Hijacked !

Recently, many Google’s had been defaced. Such as Google Indonesia, Google Malaysia, Google Pakistan, Google Palestine, Google Serbia and Google Kenya. While many people still does not understand how hackers managed to deface such big sites. In this article, I will teach you guys how it works and how hackers manage to DNS Poison a target.

Exploitation

Exploitation

1st of all, the hacker try’s to find the Domain Registry. Main registry can be found by using Google or Wikipedia. (Example: If the hacker sets Google.com.au a target, he would go to Google and search”Official Domain Registry Of Australia” or would go to Wikipedia and search “.au”.  )

Once the hacker finds the main domain registry, he then starts to pentest the web application to find vulnerability’s where users login. When the hacker finds a vulnerability  (Example:SQL Injection) , he then try’s to access the server or the database using that vulnerability. Once he gets access to the database, he is then able to see all users login details (Usernames/Passwords/Email/ Password Reset Key). The hacker then try’s to access to its targets account using the information provided from the database.

Domain Names

Domain Names Servers

When the hacker gains access to its targets domain control panel using the user login details, he then has control of all domain names linked to that account. The hacker can then change its targets domain name servers and contact details. If the hacker wants its target to be DNS hijacked, he simple changes all passwords and login details. If the hacker wants to DNS poison its target, he only changes the domain name servers. Changing the domain name servers would allow the hacker to change from its old server to its new server (New server = Hackers server). Once the domain name servers are changed to the hackers server, the hacker then has full control of that website. He can then add his own page (deface page) on the domain name that he took control of. Once a the name servers are changed, it then takes maximum 24 hours for it to change globally (Normally it takes around 6 hours).

I hope you learned something from this article. If you have any questions, feel free to comment. This article has been written by me (Haider Ali Khan @ www.HaiderK.com).

Haider Khan
Author: 
Independent Cyber Security Researcher :)
Password Protect Your Modem/Router Before You Get Hacked
Password Protect Your Modem/Router Before You Get Hacked
Start protecting your modems/routers before hackers dSploit
  1. James3 years ago

    Nice information about dns poisoning.
    i think you should wrote about all of hacking/hijacking techniques and how to protect/secure our sites from these attacks.

    Reply
  2. Baber Siddiqui3 years ago

    – thanks sir your article is very outstanding 🙂 keep it up !

    Reply

Leave a reply "How A Website Gets DNS Poisoned/DNS Hijacked"

Must read×

Top