KALI Linux Website Hacked Using Heartbleed Bug

When it comes to hacking there is nothing like 100% security. Same has happened with the popular penetration testing and Security-related Linux provider Kali aka BackTrack.

Few hours ago the Libyan hackers from ‘’The GreaT Team (TGT)’’ hacked and defaced the official mailing list sub-domain of Kali Linux website (lists.kali.org).

The hackers left their deface page along with a note expressed in following words:

Hacked By The GreaT TeAm –TGT

The hacker news reported that lists.kali.org has been hosted on http://mailmanlist.net/ which offers an easy solution for domain owners to manage their discussion list. The hackers claimed that Mail Man List website is vulnerable to Heartbleed bug.

Deface page left by the hackers

He explained how he breached the site:

I got access to one of the mailmanlist.net user account with stolen cookies, collected by exploiting Heartbleed vulnerability and then I searched for other web apps vulnerabilities. That’s how he was able to access login details of Kali Linux mailing list.

The bug, called Heartbleed, is a serious vulnerability in the openSSL cryptographic software library, which allows stealing of the protected information.

Mirror of hacked site is available here.

At the time of publishing this article, the mailing domain was down. However, Kali Linux tweeted from their official Twitter handle about the hack.

The GreaT TeAm – TGT is the same group which hacked and defaced the official website of Egyptian Ministry of Information just 3 days ago.

Related Posts