reflections…

Well my sweetie is sick and stayed home tonight. I met an old friend at Barnes & Nobles for Tea. We talked for hours. Ran into a old highschool friend while there. Saw heartofchrome and his little woman wandering around. Didnt get a chance to really say hi. Now i’m sitting in an empty house waiting for thewendilady to show up so we can chat.

and todays qoute..

And this evenings culmination of Denny’s excitement;

unknown person says “chipmunk63084! Who’s a pretty pretty princess?”

chipmunk63084 responds “nuitaran! nuitaran is a pretty pretty princess!”

nuitaran responds by blushing and covering his face with his hand.

Well good night all… time to go cuddle with the little woman. 🙂

fool…

As some of you may have heard the nt4 srever that nhstar worked on for on of his clients got rooted.
So we looked around and

Session Start: Mon Nov 24 23:33:36 2003
Session Ident: Bellman
* Logging Bellman to ‘logs\Bellman..log’
-Azzn> so how did you get this lovely little bot onto my server?
-Bellman> do what?
-Azzn> You did a god job of breaking my srever, just wanted to know how you got in 🙂
-Bellman> what?
-Azzn> the bot on my nt server. has bellman in it, and the ip for this irc srever, and the channel that i joined
-Bellman> which bot?
-Azzn> lemme check think its h.exe
-Azzn> cvchost.dll is a log gfile, sent a message to your username here on this irc server
-Azzn> firedaemon possibly
-Azzn> has its own ftp srevice… serv-uftp
-Azzn> port 52525 and locla only 43958
-Bellman> ok then kill it
-Bellman> im sorry
-Azzn> It crashed the server… how did you get it in there?
-Azzn> would like ot make sure that something similar doesnt happen again
-Bellman> dude its program that does it
-Bellman> i dont know how it just does it
-Bellman> if i knew how it got in i would tell you so you can secure your machine
-Azzn> its Micro$haft… secure? lol
-Belman> yea nt has many vulnerabiltys
-Azzn> whats the name of the program, and where can i find a copy?
-Belman> thats what it targets
-Bellman> ohh i cant give that out
-Azzn> I have your screen name, I have the IP of this server, I have the whois Database entry information… I would prefer to get a copy for myself, then hand this all over to a lawenforcement agency.
-Azzn> I even have a log of everyone logged into this IRC server, and this conversation… play nice now. 🙂
-Bellman> youwant me to send You copys of the root kit
-Azzn> yes
-Azzn> please 🙂
-Azzn> or where to get it. 🙂
-Bellman> see the problem is your nt pass word is weak
-Azzn> yeah yeah it was.
-Bellman> http://***********.com/
-Bellman> its freeware
-Azzn> If it was from there, why would you say you can’t give it out?
-Bellman> man i dont know who You are
-Azzn> If I was law enforcement this would be called entrapment. Which i am not. Im just a friend of the admin on the box you rooted, and botted.
-Bellman> true
-Bellman> if it had a pass other than administror it would have been ok
-Bellman> or user
-Azzn> so it doesnt use a buffer over flow then… interesting.
-Azzn> there an easy way to nuke it off the system? Any back doors it leaves? (btw i dont think the password was “administrator” or “user”
-Azzn> so whats the name of the sploit?
-Bellman> yea it only uses like 4 easy”stupid” passwords
-Bellman> i dont know the name
-Bellman> im not a windows server guru
-Azzn> whats the name of the proggy you used to bruteforce in then (the one that uses like 4 easy “stupid” passwds?
-Azzn> the url you gave me has one called Nt server password exploit by [m3th0d] but its a dead link
-Bellman> all the progs are there on that site
-Bellman> ok man you got all the info
-Bellman> see ya
-Azzn> Thanks for the help. see yah
Session Close: Tue Nov 25 00:00:00 2003

from the Status window…
-barfly.-SERVERNAME>.com- *** You are permanently banned from -SERVERNAME>(no reason)

Yeah fucking right… Like I dont have access to 2.5 million other machines that have differnet IP addresses and can log in any time i want to. Nice try. heh. (Note: the server name has been removed, and the one httplink was blotted out)