Promote Responsible E-Commerce: Fight Spam! (Cracked by Vortex)

Cracked by Vortex

Just say no!
Promote Responsible E-Commerce: Say No to Spam! (especially spam for dodgy aphrodisiacs...)

[ What, Where, When, Why, Who, How, More Gibberish ]

What

Another (lame) web defacement.

Where

63.104.128.72
aaasearchenginetechniques.com
gordonpgill.com
otcstockletter.com
thesolidusgroup.com
successtopia.com
syberschool.org
web-bizonline.com
Probably some others, maybe a few less... The DNS/HTTP conf files are such a mess I don't know what's where!

When

During a moment of boredom, and spam-induced anger.

Why

Recieved this unsolicited commercial e-mail for sexual stimulants several times... (another magic cure-all: cures limpdick, PMS, obesity, terminal cancer, the death of Elvis, etc. etc. I dunno about you, but I wouldn't want to put anything "EXPLOSIVE" near anything "SEXUAL" of mine...). The system hosting the offending page was revealed to be a moderately sized spamhaus, where complaining to the administrator would be pointless as it's most likely them that gave Mr. A Watson (webmaster of said dodgy pharmacuticals site) the information and tools required to start selling his dubious wares to people who don't give a fuck (precisely, he was most likely targetting those who can't give a fuck ;) ). So, after a quick probe, (...I started to investigate the system... ;) No, seriously...) I realised cracking it would allow me to have a much greater impact on the shit spilling out of this system than mailing upstream providers, etc. (do they ever actually do anything?).

Useful Links

Info on Spam: Boycotting spam e-mail promotes responsible online commerce.
CAUCE: Join the fight against spam.
Happy Hacker: Learn to track e-mail headers, report spammers to their ISP's and have them thrown off

Who

I'm Vortex, a minor who lives overseas, with no access to credit cards (unless you count the ones I snarfed from this place ;) [*]). Therefore not even remotely related to the crap you tried to flog to me ("carefully targeted list", my arse...). Spam (bulk marketing, cyberpromotion, whatever you want to call it), I believe, is a major contributor to the unwanted commercialisation of many parts of the Internet, and general mistrust of e-commerce due to the fact that most spam is selling snake oil, if it's selling anything at all and not planning to run off with your money.

[*] - Actually, if you're stupid enough to have paid money to these people already, relax, all the CC info is sent to a remote server to which I had no access during the course of this crack.

How

BIND 8.2.1 "NXT" buffer overflow exploit, using ADM's adm-nxt.c (nb. that link is the unfixed exploit. figure out the required patch yourself!) exploit. Access was trivial, involving compiling a canned script and executing it.

Admins; Your nameserver was out of date, and vulnerable to a publically known security flaw which enabled me to trivially gain root access to your system. It's good policy to keep up to date with major security issues, patching and upgrading when new versions of software are released (especially network daemons!). Your system is based on Redhat Linux 6.1, which is at least 6 months out of date and thus has many security holes - if I hadn't got in through DNS, there were several other possible avenues of attack I could have followed. Cricket Liu's whitepaper on "Securing BIND" is well worth a read; if you'd disabled forwarding on your server that would've stopped me in my tracks.

I've not actually damaged anything - just hop through /home/*/ and mv public_html.bak/ public_html/, and all tracks of myself are gone. Hopefully I've managed to piss you off though, and hopefully prevent people from sending you money; if you don't cover your costs you won't bother with spam mail again... Good!

I have upgraded your DNS server to a secure release in order to prevent a repeat attack from another (possibly more malicious) disgruntled user, however, it's up to you to obtain the latest version of Redhat and upgrade. Possibly consider Slackware Linux, or even OpenBSD, if security is important to you (I'm assuming it's not at the moment ;) ). Also, stop spamming for the reasons detailed above. If I recieve any more of your rubbish then I will not be a happy bunny... and my rm -rf fingers might start twitching... (actually, might be a good idea to order some of your cure-all pr0npills for that as they seem to cure everything else :P )

More Gibberish

"I can relate to this": Friday's userfriendly cartoon (above)
This is not hacking, it's cracking. Hacking is legal, fun and productive. Cracking isn't.
Finally, what would a script kiddie defacement be without giving "pr0ps" to my "cr3w", heh. So *waves* to Anne (who'll probably never see this, heh. Hope the hols are going well though), Andy (congrats on the new job mate), Lab Six, the #pde guys and girls (esp. Astraea, Squinky, Hypo, Raven, Tub n'Astro), Proteus, Mel, Rune, Sez (raaaaaa!), Si, cuBe, and various places and people on EFnet (who will *definitely* never find out about this if I can help it, lest I be laughed out of the chans ;) ). Save Napster! Oh, and hi everyone who (ab)uses my system (URL won't be given here for obvious reasons :) ). OBEY. CONSUME.

Urgh, I feel dirty now, too close to this spamsource, or for descending into the depths of the k-l33t scr1pt k1dd13? Who knows?

Well, goodnight from me (Shit, it's starting to get light again!)... V.