Re: pimpshiz / put i.txt

I have spoken to pimpshiz, and he DOES NOT use the RDS' sploit. He does use
a 0day, but I am unsure of it's nature. He has defaced all IIS/NT servers,
so that at least narrows it down. More logs would be nice though.

>From: Steve <Steve_at_SECURESOLUTIONS.ORG>
>Reply-To: Steve <Steve_at_SECURESOLUTIONS.ORG>
>To: INCIDENTS_at_SECURITYFOCUS.COM
>Subject: Re: pimpshiz / put i.txt
>Date: Thu, 5 Oct 2000 06:27:19 -0600
>
>I attemtped to contact Pimpshiz and got the following;
>
>"I will do an interview but I will not discuss my techniques or exploit."
>
>He has told media outlets that he has some 0day sploit that no one knows
>about. I would love to see more logs as I am starting to think that he is
>simply using the RDS exploit.
>
>For those of you who have been defaced by this, in my opinion, script
>kiddie, check www.wiretrip.net/rfp for the original advisory on the RDS
>exploit, there is a spot that talks about log entries to watch for.
>
>-Steve
>
>-----Original Message-----
>From: Jonathan Rickman
>To: INCIDENTS_at_SECURITYFOCUS.COM
>Sent: 10/4/00 7:07 PM
>Subject: Re: pimpshiz / put i.txt
>
>I seem to remember seeing one of his recent defacements mention that one
>could look for the file i.txt as well as several others once the main
>page
>was restored as proof that he still owned them. Don't quote me on that,
>but I'm pretty sure that's what it said. Check the attrition archives.
>
>you could just email pimpshiz and ask...he'll probably tell you.
>
>--
>Jonathan Rickman
>X Corps Security
>http://www.xcorps.net

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.
Received on Oct 06 2000