When it comes to Digital Forensics, Penetration and Security testing, we mostly relies on Kali Linux distribution (also known as Backtrack), which is designed for security professionals and packed with more than 300 security testing tools.
But Today, Mailing List sub-domain of Kali Linux get hacked and defaced by Libyan hacking group known as ‘The GreaT TeAm (TGT)’.
A mailing list is simply a list of email addresses to which the same information is being sent. A discussion list is used to allow a group of people to discuss topics amongst themselves, with everyone able to send mail to the list and have it distributed to everyone in the group. Mailing lists have become a popular way for Internet users to keep up with topics they're interested in.
At the time of writing, The Homepage of Kali Linux mailing list domain was displaying two lists, i.e.
Somehow Hackers managed to exploit some unknown vulnerability, either on Kali Linux web server or in Mailing list software used by Offensive Security team, and posted a Batman movie pic with Greetings text, “h4x3d by The GreaT TeAm” and “Libyan H4x0rz :D”, as shown in the above screenshot.
Hackers have also shared mirror of the defacement attack at Zone-H website.
Update: Hacker told 'The Hacker News' editorial via email that_ lists.kali.org_ domain is hosted on https://mailmanlist.net/, _who offers an easy web interface for administrators to manage their discussion lists. Hacker claimed that '_Mailman List' website is affected by 'Heartbleed' vulnerability.
He said, "First I got access to one of the Mailmanlist.net user acount with stolen cookies, collected by exploiting Heartbleed vulnerability and then I searched for other web application vulnerabilities", that allowed him to extract the administrative username and password of the Kali Malining list account.
Heartbleed vulnerability in OpenSSL is a serious and widespread problem and despite having a team of top Security Researchers, Kali Linux too didn't remain untouched from it.
Update: Kali team tweeted, "Looks like our inactive, 3rd party, 0 volume mailing list was hacked. DNS entry removed - back to sleep, problem solved."