Incident Date: 2024-10-12 03:05:52
Publication Date: 2024-10-12 14:43:52 (WIB)
On October 12, 2024, according to the local server time of Zone-H, the subdomain of Pengelola Nama Domain Internet Indonesia (PANDI), specifically repo.pandi.id, was hacked by the defacer known as ./Kal6666h05t. The timestamp of 03:05:52 reflects the time recorded by Zone-H’s servers, indicating when the defacement was captured and archived on their platform. The hacked page, located at https://repo.pandi.id/v2/, revealed critical information, including the server’s kernel version, suggesting a complete takeover of the system.
The hacker left behind a message associating himself with two hacker groups: Foursdeath Team and Kalimantan Barat Hacker. The defacement displayed the server’s kernel details, exposing the system as running a Linux-based OS, further demonstrating the hacker’s deep access to the infrastructure. The compromised server, hosted at the IP address 103.19.176.112 in Indonesia, operates under Linux, though the web server software is currently unknown.
Proof of Concept:
The hacker displayed root-level access to PANDI’s server by showcasing the server’s kernel details and system information, indicating full control over the machine. The following output was displayed on the defaced page:
uname -a Linux repo 5.4.106-1-pve #1 SMP PVE 5.4.106-1 (Fri, 19 Mar 2021 11:08:47 +0100) x86_64 x86_64 x86_64 GNU/Linux root@repo:/home/repoapp/app/repoapp/public# id uid=0(root) gid=0(root) groups=0(root)
The presence of root privileges suggests that the hacker could manipulate and control the entire server environment.
The motivation behind the attack remains unclear, but given the hacker’s association with Foursdeath Team and Kalimantan Barat Hacker, it may be part of a coordinated effort to expose vulnerabilities in high-profile targets like PANDI, which manages Indonesia’s internet domain names. This could be a demonstration of skill or a way to challenge the security measures in place at key institutions.
Archive Page: