Wait...did you not understand our meaning? Hacking for AnimaLs Lives will not be denied.
nmrc always does something stupid on April Fools day, like that yawnfest tehy did last year. So what better time to deface them? We remvoed their original joke and replaced it with ours. So if they got a call from friends (one of three people in the world) or a reporter (they talk to reporters ALL THE TIME) then they'd say, oh yes, it's April Fools, ignore it. And it would stay defaced for HOURS.
But some one finally tipped them off, you should see them scrambling!
Proof that they use security thru obscurity:
$ telnet nmrc.org 25 Trying 209.102.192.102... Connected to nmrc.org. Escape character is '^]'. 220 www.nmrc.org ESMTP nmrcOS mail 6.6.6/6.6.6; Tues, 01 Apr 2003 12:04:12 -0600 help 214-2.0.0 This is Sendmail version 8.12.6 214-2.0.0 Topics: 214-2.0.0 HELO EHLO MAIL RCPT DATA 214-2.0.0 RSET NOOP QUIT HELP VRFY 214-2.0.0 EXPN VERB ETRN DSN AUTH 214-2.0.0 STARTTLS 214-2.0.0 For more info use "HELP". 214-2.0.0 To report bugs in the implementation send email to 214-2.0.0 sendmail-bugs@sendmail.org. 214-2.0.0 For local information send email to Postmaster at your site. 214 2.0.0 End of HELP info
nmrcos my ass. And guess what? Their sendmail IS vulnerable. To more than one bug. That's just ONE way in.
A HEAD command on Apache reveals this:
$ telnet www.nmrc.org 80 Trying 209.102.192.102... Connected to www.nmrc.org. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Mon, 01 Apr 2003 10:39:04 GMT Server: Apache/1.3.27 (Unix) Last-Modified: Wed, 01 Jan 2003 17:13:17 GMT ETag: "b4003-ebe-3e1321ad" Accept-Ranges: bytes Content-Length: 3774 Connection: close Content-Type: text/html Connection closed by foreign host.
of course the binary tells a different story:
# uname -a Linux www.nmrc.org 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown [root@www sbin]# strings httpd | grep "Apache/"<
ADDRESS>
Apache/1.3.27 Server at<
A HREF="mailto:<
ADDRESS>
Apache/1.3.27 Server at Apache/1.3.20 Apache/1.3.27 (Unix)
Ooops! forgot to change ALL the instances! Can you say chunked?
Oh and your treasured animal pr0n is long gone. We used your own wiping tools to make sure you can't recover it. Pity.
HALL sooooo owns your asses, and has for a long time. My guess is HALL will have you in the palm of her hand for months if not years. Better wipe and reload becuase your r00ted a bunch of different ways. Of course the only more annoying thing is that it is a pain in the butt keeping script kiddies off your system. I can see why you don't try anymore.
No vanity email for reporters to email us on hotmail.com or hushmail.com, both are rather owned, hehehe, prolly said too much.... (yes you animal rights abusing bastard at ciso@hushmail.com, we know who you are and your stupid sellout security company and the dumbass wannabies you hire all suck) we are simply Hacking for AnimaLs Lives, and don't need brian mcwilliams writing to us.
*christine*
p.s.: attrition you're next.