4Chan Taken Offline After Hack β Recap
Controversial internet forum 4chan was breached and its internal data leaked after hackers gained shell access to its hosting server, likely doxxing the entire moderation team along with many of the site's registered users.
A 4chan splinter site called #soyjackparty, aka #sharty, has claimed responsibility for the security breach and posted what they alleged was internal data on their rival website, including source code and information on moderators and janitors. A hacktivist group called the Dark Storm Team also claimed to have taken down the site on its Telegram channel, alongside BreachForums ("breachforums[.]st"). One #4chan janitor told TechCrunch that they are "confident" the leaked data and screenshots are real. In a screenshot shared by Hackmanac on X, the threat actors behind the breach revealed how they managed to gain access to the site's internal systems: "4chan allows uploading PDF to certain boards (/gd/, /po/, /qst/, /sci/, /tg/) They neglected to verify that the uploaded file is actually a PDF file. As such, PostScript files, containing PostScript drawing commands, can be uploaded. Said PostScript file will be passed into Ghostscript to generate a thumbnail image.
The version of Ghostscript that 4chan uses is from 2012, so it is trivial to exploit. From there, we exploit a mistaken SUID binary to elevate to the global user." The development comes as cybercrime forum Cracked.io has resumed operations under the new cracked[.]sh domain over two months after its earlier version hosted on "cracked[.]io" was seized in a joint law enforcement operation.
@thehackernews
#4chanHack
Controversial internet forum 4chan was breached and its internal data leaked after hackers gained shell access to its hosting server, likely doxxing the entire moderation team along with many of the site's registered users.
A 4chan splinter site called #soyjackparty, aka #sharty, has claimed responsibility for the security breach and posted what they alleged was internal data on their rival website, including source code and information on moderators and janitors. A hacktivist group called the Dark Storm Team also claimed to have taken down the site on its Telegram channel, alongside BreachForums ("breachforums[.]st"). One #4chan janitor told TechCrunch that they are "confident" the leaked data and screenshots are real. In a screenshot shared by Hackmanac on X, the threat actors behind the breach revealed how they managed to gain access to the site's internal systems: "4chan allows uploading PDF to certain boards (/gd/, /po/, /qst/, /sci/, /tg/) They neglected to verify that the uploaded file is actually a PDF file. As such, PostScript files, containing PostScript drawing commands, can be uploaded. Said PostScript file will be passed into Ghostscript to generate a thumbnail image.
The version of Ghostscript that 4chan uses is from 2012, so it is trivial to exploit. From there, we exploit a mistaken SUID binary to elevate to the global user." The development comes as cybercrime forum Cracked.io has resumed operations under the new cracked[.]sh domain over two months after its earlier version hosted on "cracked[.]io" was seized in a joint law enforcement operation.
@thehackernews
#4chanHack