No wait, there's more!!

NMRC still owned by HALL

Wait...did you not understand our meaning? Hacking for AnimaLs Lives will not be denied.

nmrc always does something stupid on April Fools day, like that yawnfest tehy did last year. So what better time to deface them? We remvoed their original joke and replaced it with ours. So if they got a call from friends (one of three people in the world) or a reporter (they talk to reporters ALL THE TIME) then they'd say, oh yes, it's April Fools, ignore it. And it would stay defaced for HOURS.

But some one finally tipped them off, you should see them scrambling!

Proof that they use security thru obscurity:

$ telnet nmrc.org 25
Trying 209.102.192.102...
Connected to nmrc.org.
Escape character is '^]'.
220 www.nmrc.org ESMTP nmrcOS mail 6.6.6/6.6.6; Tues, 01 Apr 2003 12:04:12 -0600
help
214-2.0.0 This is Sendmail version 8.12.6
214-2.0.0 Topics:
214-2.0.0 	HELO	EHLO	MAIL	RCPT	DATA
214-2.0.0 	RSET	NOOP	QUIT	HELP	VRFY
214-2.0.0 	EXPN	VERB	ETRN	DSN	AUTH
214-2.0.0 	STARTTLS
214-2.0.0 For more info use "HELP ".
214-2.0.0 To report bugs in the implementation send email to
214-2.0.0 	sendmail-bugs@sendmail.org.
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info

nmrcos my ass. And guess what? Their sendmail IS vulnerable. To more than one bug. That's just ONE way in.

A HEAD command on Apache reveals this:

$ telnet www.nmrc.org 80
Trying 209.102.192.102...
Connected to www.nmrc.org.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.1 200 OK
Date: Mon, 01 Apr 2003 10:39:04 GMT
Server: Apache/1.3.27 (Unix)
Last-Modified: Wed, 01 Jan 2003 17:13:17 GMT
ETag: "b4003-ebe-3e1321ad"
Accept-Ranges: bytes
Content-Length: 3774
Connection: close
Content-Type: text/html

Connection closed by foreign host.

of course the binary tells a different story:

# uname -a
Linux www.nmrc.org 2.4.7-10 #1 Thu Sep 6 17:27:27 EDT 2001 i686 unknown
[root@www sbin]# strings httpd | grep "Apache/"
<ADDRESS>Apache/1.3.27 Server at <A HREF="mailto:
<ADDRESS>Apache/1.3.27 Server at 
Apache/1.3.20
Apache/1.3.27 (Unix)

Ooops! forgot to change ALL the instances! Can you say chunked?

Oh and your treasured animal pr0n is long gone. We used your own wiping tools to make sure you can't recover it. Pity.

HALL sooooo owns your asses, and has for a long time. My guess is HALL will have you in the palm of her hand for months if not years. Better wipe and reload becuase your r00ted a bunch of different ways. Of course the only more annoying thing is that it is a pain in the butt keeping script kiddies off your system. I can see why you don't try anymore.

No vanity email for reporters to email us on hotmail.com or hushmail.com, both are rather owned, hehehe, prolly said too much.... (yes you animal rights abusing bastard at ciso@hushmail.com, we know who you are and your stupid sellout security company and the dumbass wannabies you hire all suck) we are simply Hacking for AnimaLs Lives, and don't need brian mcwilliams writing to us.

*christine*

p.s.: attrition you're next.