Hacker tools website hacked
H. D. Moore's prominent Metasploit exploit framework website has succumbed to an ARP cache poisoning attack on its hosting company. Using faked ARP packets, Chinese hackers altered the ARP cache on H. D. Moore's server, causing it to redirect packets to a compromised server controlled by the attackers on the same network at the hosting company. The content "hacked by sunwear! just for fun" was injected into the diverted http traffic on the fly. Moore's server was probably not specifically targeted for the attack, however: the hackers altered the ARP caches of all servers on the affected network.
Once the problem was noticed, Moore resolved it by hard-coding an entry for his provider's router in his server's ARP cache. Whether he will continue to take personal steps to protect against such attacks is not known. Attacks on web hosts using ARP spoofing to spy on data traffic have been known for some time. Reports of iframes and other content being injected into html pages using this method first started appearing at the end of last year, however, when the Chinese Internet Security Response Team (CISRT) fell victim to such an attack. Some versions of the MPack web attack toolkit are reported to support ARP spoofing.
- Metasploit - Hack?, thread on Full Disclosure
- Exploits for All, heise Security background article on Metasploit