Original URL: http://www.theregister.co.uk/2008/06/03/metasploit_hijack/

Hackers hijack hacking tools website

Ironic exploit

By John Leyden

Posted in Security, 3rd June 2008 16:25 GMT

Crackers briefly hijacked hacking tools website Metasploit on Monday.

Metasploit is an open-source toolkit widely used by both hackers and security admins to test for website vulnerabilities. But visitors to the site on Monday were redirected to a page announcing the site was "hacked by sunwear ! just for fun", as recorded by Sunbelt Software.

Unidentified miscreants used an ARP poisoning attack aimed at the network of Metasploit's hosting provider in order to pull off the hack. The Metasploit project was quickly restored. H D Moore, the creator of the project, explained what happened in response to online reports of the hack.

"Another customer on the same ISP was compromised and used to ARP poison all servers in that subnet. I corrected the problem by setting a static ARP entry and notifying the ISP. To make it very clear - the metasploit.com servers were not compromised, nor have been to this date," he said. ®