Navigation



The Biggest Web Defacement Ever

Last updated: September 9, 2015 | 15,210 views

A Turkish hacker using the handle iSKORPiTX was able to breach the security of a group of web servers, containing more than 38.500 web sites in less than a day!

Iskorpitx is believed to be 45 years old, sometimes being helped for minor defacement activities by another Turkish “senior cracker” (42) going by the handle of Metlak .

Apparently he doesn’t like a couple of countries:

“HACKED BY iSKORPiTX

(TURKISH HACKER)

FUCKED ARMANIAN-FUCKED FRANCE-FUCKED GREECE-FUCKED PKK TERROR

iscorpitx, marque du monde, presente ses salutations tout le monde. “

Defacement mirror – example

I gotta say:

Script kiddie hack or not, a defacement will always be a ‘cool’ hack to do.

Zone-H is keeping everyone posted of his actions and has compiled a full list of the 21.549 sites he was able to deface.

You can also keep updated with iSKORPiTX latest actions here.

Of all the sites iSKORPiTX was able to hack, 95% of them were using Windows (big part of those same sites, Windows 2003) and running IIS 6. New exploit?

No doubt, the biggest hack ever.

Source: Zone-H

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares
Posted in: Exploits/Vulnerabilities, Web Hacking

, , , ,


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
July 7, 2021 - 77 Shares
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
May 27, 2021 - 219 Shares
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
May 7, 2021 - 95 Shares
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
April 19, 2021 - 207 Shares
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
March 5, 2021 - 232 Shares
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
February 3, 2021 - 162 Shares


2 Responses to The Biggest Web Defacement Ever

  1. backbone August 1, 2007 at 3:44 am #

    then imagine how would it be if someone would hack lycos, or geocities ;)

  2. Sandeep Nain August 1, 2007 at 6:23 am #

    Well I am sure Geocities and Lycoz both are not using IIS… In my couple years of pen test experience I have seen that most of the the windows based web are not properly patched (microsoft releases a new patch everyday…).