Security Incidents mailing list archives
Re: pimpshiz / put i.txt
From: Jason Witty <jason () WITTYS COM>
Date: Fri, 6 Oct 2000 05:47:09 -0500
I may be going out on a limb here, but the 'exploit' PimpShitz is using looks more like a simple HTTP PUT instead of an HTTP GET. A friend of mine just got hit last week (I havn't seen the logs, but he described them), and the i.txt file was placed into a directory, via a standard HTTP PUT (wrong permissions on the directory). So his little '0-Day 3xp01t' is probably nothing more than Netscape HTML Editor's publish function or Front Page for that matter. Just my two.... Jason At 12:08 AM 10/6/00 GMT, Tony Turk wrote:
I have spoken to pimpshiz, and he DOES NOT use the RDS' sploit. He does use a 0day, but I am unsure of it's nature. He has defaced all IIS/NT servers, so that at least narrows it down. More logs would be nice though.From: Steve <Steve () SECURESOLUTIONS ORG> Reply-To: Steve <Steve () SECURESOLUTIONS ORG> To: INCIDENTS () SECURITYFOCUS COM Subject: Re: pimpshiz / put i.txt Date: Thu, 5 Oct 2000 06:27:19 -0600 I attemtped to contact Pimpshiz and got the following; "I will do an interview but I will not discuss my techniques or exploit." He has told media outlets that he has some 0day sploit that no one knows about. I would love to see more logs as I am starting to think that he is simply using the RDS exploit. For those of you who have been defaced by this, in my opinion, script kiddie, check www.wiretrip.net/rfp for the original advisory on the RDS exploit, there is a spot that talks about log entries to watch for. -Steve -----Original Message----- From: Jonathan Rickman To: INCIDENTS () SECURITYFOCUS COM Sent: 10/4/00 7:07 PM Subject: Re: pimpshiz / put i.txt I seem to remember seeing one of his recent defacements mention that one could look for the file i.txt as well as several others once the main page was restored as proof that he still owned them. Don't quote me on that, but I'm pretty sure that's what it said. Check the attrition archives. you could just email pimpshiz and ask...he'll probably tell you. -- Jonathan Rickman X Corps Security http://www.xcorps.net_________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
Current thread:
- pimpshiz / put i.txt Rewt, Kit (Oct 04)
- Re: pimpshiz / put i.txt Jonathan Rickman (Oct 04)
- <Possible follow-ups>
- Re: pimpshiz / put i.txt Steve (Oct 05)
- Re: pimpshiz / put i.txt Larimer, Jon (ISSAtlanta) (Oct 05)
- Re: pimpshiz / put i.txt Tony Turk (Oct 06)
- Re: pimpshiz / put i.txt Jason Witty (Oct 06)
- Re: pimpshiz / put i.txt Steve (Oct 10)
- Re: pimpshiz / put i.txt Jason Witty (Oct 06)
- Re: pimpshiz / put i.txt Cashdollar, Larry (Oct 10)
- Re: pimpshiz / put i.txt Abe Getchell (Oct 11)