Monday, November 20, 2017
Home / Security / Breaches / NullCrew breaches Comcast Mail Server

NullCrew breaches Comcast Mail Server

The hacker collective, Nullcrew, obtained access to no less than 34 servers owned by Comcast on the 5th of Februrary, dumping what seems to be a listing of the company’s mail servers, passwords along with a link to the root file which contains the vulnerability they utilized to penetrate the servers.

@NullCrew claimed to have hacked a number of companies throughout the years, Sony, PayPal, Orange Telecom and Ford to name a few, and took credit for the attack on Comcast Wednesday.  They tweeted the attack on their official twitter, you can view the tweet below.

The group went on to post the leak to Pastebin, which was later removed.

The affected mail servers seemingly operate on Zimbra, a groupware email server client whose Lightweight Directory Access Protocol (LDAP) directory service was the objective of the attack.

NullCrew managed to exploit a local file inclusion (LFI) vulnerability in LDAP to obtain access to the credentials and passwords.

They were then able to access localconfig.xml, a file which contains Comcast LDAP administrative credentials, LDAP passwords and credentials for MySQL and Nginx.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …