Networking and NT Security Issues


                        :::::::::   ::::::::  :::::::::  ::::::::::

                        :+:    :+: :+:    :+: :+:    :+: :+:

                        +:+    +:+ +:+        +:+    +:+ +:+

                        +#++:++#+  +#++:++#++ +#++:++#:  :#::+::#

                        +#+    +#+        +#+ +#+    +#+ +#+

                        #+#    #+# #+#    #+# #+#    #+# #+#

                        #########   ########  ###    ### ###



              	             http://blacksun.box.sk

                           _____________________________

    ______________________I          Topic:             I_____________________

   \                      I                             I                    /

    \     HTML by:        I     Networking and NT       I   Written by:     /

    >                     I      Security Issues        I                  <

   /      Martin L.       I_____________________________I   <log-file>      \

  /___________________________>                    <_________________________\

<Cypher> ============== Networking and NT Security Issues =================
<Cypher> first things first, so i'll start with a little story about NetBIOS, oki?
<m0ded> k go
<Cypher> as probably most of u know NetBIOS (aka Network Input/Output System) was originally developed to be
<Cypher> an API (app programming interface)
<Cypher> for the client (software) to be able to use and access resources of the LAN
<Cypher> actually, NetBIOS is the interface for accessing networking services
<Cypher> its a software (layer) to connect a network system with the hardware
<Cypher> computers on a NetBIOS-compatible LAN talk to each other by establishing a session, a NetBIOS session, or by
<Cypher> datagrams or broadcasting methods
<Cypher> questions so far?
 no
<QX-Mat> .
<m0ded> go on
<Freezer> nope
<Cypher> ok
<Cypher> there is a thing in NT called the IPC
*** DR_CooL has joined #bsrf
<Cypher> which is an "InterProcess Communication"
<Cypher> used for Server-to-Server communications
<Cypher> this is actually a default NT share
*** TTT has joined #bsrf
<Cypher> hey DR_CooL, TTT
<m0ded> a hidden NT share?
<Olaf> Hi TTT
<TTT> Hi, cypher!
<Cypher> m0ded, yes kinda
<TTT> You already started?
*** elad sets mode: +m
*** elad sets mode: +v Cypher
<elad> now lecture.
<Cypher> :)
*** elad sets mode: +o Cypher
*** ChanServ sets mode: -o Cypher
<Cypher> so
<Cypher> anyhow, the IPC is a hidden NT share, as m0ded sayed
*** elad sets mode: -m
<DR_CooL> that's better
<Cypher> a malicious ;-) user could connect to it
<Cypher> and gather information about the system
<Cypher> this is done by an NT command (yep, microsoft gave us that)
<Cypher> the NBTSTAT command
<Cypher> it establishes a NULL Session (no credentials required) to the targer system
<Cypher> target
<Cypher> its syntax is simple (from the prompt of course):
<Cypher> nbtstat -a 123.123.123.123
<Cypher> nbtstat -a <IP>
*** _sniper_on_moon- has joined #bsrf
<Cypher> by using this command u'll get the ....wait... let me quote this
<DR_CooL> and what indormation does it give ?
<Cypher> "NetBIOS Remote Machine Name Table"
<Cypher> this is actually the first step to gathering information the remote machine
<Cypher> and, btw, i didn't mention this before, but info gathering is about 60% (if not more) of the job
*** FrEEkY[cooking] is now known as FrEEkY
<Cypher> now lets try to establish that NUll session
<Cypher> there is another "kewl" command
<Cypher> the "net" command
 net use
<m0ded> use is a parameter
<Cypher> yep
<Cypher> it has many useful features (read the manual) but we'll mostly focus on "net use" and "net view"
<Cypher> net view lets us see the
<Cypher> shares on the machine (depending on its security policy of course)
<Cypher> net view \\IP_ADDRESS might get us ether the shares or the "Access is denied" msg
<Cypher> if it gives us the shares, then...well... this part is done
<Cypher> but if not
<Cypher> we will try the next thing:
<Cypher> net use \\IP_ADDRESS\ipc$ "" /user:""
<Cypher> which means, connect to the IPC share (ipc$ - the default share) with a "" (blank) password
<Cypher> and with the "" (blank) user name
<TTT> and now?
<Cypher> as i said, the IPC needs no credentials
<Cypher> if we get the "The Command completed successfully" msg
<Cypher> then we have established the null session and now we can get that list of shares
<Cypher> meaning issue the "net view \\IP" command
<Cypher> so, actually the list of shares is usually unavailable until u establish the null session
<Cypher> questions?
<m0ded> yeah
 can you establish a null session any other way?
<m0ded> what u mean a null session?
*** TTT has joined #bsrf
<_zach->; where no credntilas are required
<_zach->; from you
*** Esamurai has joined #bsrf
<Cypher> Sub, the null session can be established by the built-in "net use" command or any other "null session establishment" tools (there are plenty)
<_zach->; to conenct
<FrEEkY> I have an addition
<_zach->; to the target
<Cypher> m0ded, null session
<Cypher> right zach
<_zach->; :)
<Cypher> m0ded answer = zach
<FrEEkY> if you turn your filesharing on and then after your in you turn it off, it can get the neccesary files on your computer to mask you as a part of the network
<Cypher> its a connection throught the IPC share
<_zach->; w00t
 so, what packets would you have to send to establish a null session, if you were coding an exploit for instance?
<Cypher> Sub, i haven't actually tryed "raw" connection to ipc yet...
<tcg> whats an ipc share
<Cypher> tcg, its a default (hidden) NT share (one of them, at least)
<QX-Mat> Can we carry on?
<Cypher> QX-Mat, of course
*** DR_CooL has quit IRC (Ping timeout)
*** _sniper_on_moon- is now known as sniper
<TTT> Has anyone a log from beginning of the lesson?
<m0ded> yes me
 me
<FrEEkY> I do
<Cypher> lets now move to a bit different direction - securing NT
<tcg> why nt got that?
<TTT> okay
<Cypher> tcg, inner communications
*** Samcon has joined #bsrf
<Cypher> now, the basic steps/checklist
<tcg> what is it good for?
<Cypher> to "start" securing an NT machine
<FrEEkY> securing an NT machine, orignall idea
<QX-Mat> )
<Cypher> first thing, and the obvious one
<Cypher> is Passwords
<Cypher> (duh) ;)
<Cypher> unfortunatly, many admins neglect password policies, for some reason
<dr3x> min_password_length = 12 :)
<tcg> but I can't telnet an nt box
<tcg> so who cares
<Cypher> putting passwords, such as "john" on a "john" user account
 tcg: there is a telnetd for NT
<Cypher> dr3x, good, but can the "dumb" user remember it?
<tcg> password guessing is out of fashion
<elad> tcg; you can install some ssh server and ssh to it, yeah :)
<dr3x> nope
<elad> why would a sane person want to use telnet? :)
<tcg> haha
*** sniper has quit IRC (Ping timeout)
<TTT> you can do interesting things with telnet, which you can't do with ssh
<FrEEkY> tcg: you can get into NBTSTAT in a whole other way, to get info on the computer so you can access it better with telnet
<elad> hahahha!
<elad> ok lets let cypher go on with his lecture
<Olaf> whith telnet we can do everything!!!
<Cypher> good idea, elad...
<QX-Mat> Olaf: true!
<Cypher> shall we continue??
 yes
<m0ded> yeah
<Slayer[reading_eating]> yes
<m0ded> <Cypher> putting passwords, such as "john" on a "john" user account
<tcg> say
<Cypher> so obviously, the admin has to put proper password policies, which include (mostly):
<tcg> a password that is like the username isn't good right?
<Cypher> tcg, yeah :)
<Cypher> password age:
<tcg> ??
<Cypher> the amount of time the password remains valid
<Cypher> this is sometimes not set, or disabled on some accounts
<FrEEkY> I've never thought of microsoft passwords as being a problem
<Cypher> causing one password to last "a lifetime"
<Cypher> so its better to put a password age as something about 30 days
<tcg> all these stuff are right both for nt4 and win2k?
<Cypher> tcg, yes
<tcg> my password is complex. its my username backwards. :)
<tcg> and nt3.51?
<Olaf> I'm using a secure unix which acepts guest!!!!
<_zach->; ./dns Olaf
<_zach->; lol
<m0ded> heh
<elad> like
<Slayer[reading_eating]> :)
<elad> shut the fuck up and let him get to the questions part
<elad> or i will rape your mothers
<tcg> hahaha
<elad> to death
<Cypher> besides the password also has to be good, meaning a combination of letters, symbols, and numbers
<tcg> again, I love your stylw
<tcg> style, rather
<Samcon> :)
<tcg> man
<tcg> noone guess passwords today
<Cypher> that's it for passwords
<TTT> There is a simple way to get a good password:
<Cypher> questions? (elad?)
<TTT> Take a phrase you remember always
<TTT> e.g.
<elad> yeah
*** Rockin_lad has joined #bsrf
<TTT> The Matrix is a great Movie
*** _zach- has quit IRC (Quit: yyhythythtnnt)
<elad> who is the real slim shady?
<TTT> then take every first letter
<TTT> and put it together
<Cypher> elad, u?! ;)
<TTT> so you got a good "base" for a password
<TTT> and you remember it always
<elad> tmiagm is a bad password
<Samcon> this has a real connection to the lecture
<TTT> as I said, it is a base
<m0ded> aaa is worse
<Rockin_lad> Hello room
<Rockin_lad> am I late ?
 yes
<m0ded> yeah u are
<Cypher> anyhow, if there are no more questions, lets continue
<Cypher> hey rockin_lad, a bit, yes
<Rockin_lad> oh shit
<QX-Mat> I have a question
<Slayer[reading_eating]> me too
<Rockin_lad> damn analog dialups
<Cypher> shoot, QX-Mat, Slayer
<QX-Mat> When calculating user ages under NT, what is the age set from (enum_xxxx_xxxx etc)
<elad> ok i'm out
<tcg> ;\
*** _sniper- has joined #bsrf
*** _sniper- is now known as sniper
<Slayer[reading_eating]> the only way to crack the share pass is brute force?
<Cypher> QX-Mat, user age? i'm not following....
*** SpiderMan has joined #bsrf
 i gotta go
<TTT> Hi, spider!
<QX-Mat> Never mind
<SpiderMan> hi
 cya all
<Cypher> Slayer, no, u could also try a dictionary attack
*** Sub has quit IRC (Quit: gone)
<QX-Mat> I say later with more info
<SpiderMan> wow there are a lot of people here, is there a lecture?
<m0ded> yeah god damniut
<TTT> jep, spider
<Samcon> yep
<m0ded> shut up
<Cypher> lets continue
<TTT> NT-Security
<Slayer[reading_eating]> yeah i now is there any other way then guess attacks
<Cypher> next issue - Permissions
<Rockin_lad> bye
<Cypher> organize them! there is no purpose of giving everyone access to all directories...
*** Olaf has quit IRC (Ping timeout)
<Cypher> keep users to their home dirs, and don't let them browse away
<m0ded> Read-Only
<Rockin_lad> registry maybe ?!
<Rockin_lad> take the encryped password and decrypt it , would that work ?
<Slayer[reading_eating]> i guess no
<Cypher> Rockin_lad, u cannot decrypt passwords
<Cypher> they use assimetric functions - one-way
<tcg> 1 way encryption
<tcg> ;\
<tcg> bbl
<Cypher> next - The Administrator account
<Rockin_lad> no , I just guessd , I think they have programs for that
<Cypher> Rockin_lad, they do something else
<Cypher> not decryption
<Cypher> which is, sadly, a built-in NT account u have no way of deleting. but u can rename it.....
<Cypher> now, what good will a rename do?
<tcg> people wont guess it ;\
<Cypher> and the default password is <blank>, btw....
<dr3x> evil script kiddies wont know what account to h4x0r
<Cypher> right :) although this sound to simple, most ppl first try the Administrator:<blank> and Guest:Guest combinations
*** Slayer[reading_eating] is now known as Slayer
*** sanke has joined #bsrf
<dr3x> I know i do!
<Cypher> so that rename will stop most script kiddies
<dr3x> (oops)
<Cypher> hehe :)
<sanke> Hey Qx
<Cypher> which just seek the net for "test-my-kEwL-haX0r-skilZ" purposes and have no intention for your system, specifically
*** snider has joined #bsrf
*** sniper has quit IRC (Ping timeout)
<snider> [19:37] [snider PING reply]: 41secs ............shit
<Cypher> so a fair solution is to rename that account and password it.
<Cypher> then create another account, named Administrator, but with absolutely NO permittions
<dr3x> honey pot?
<Cypher> that's another anti-script-kiddie countermeasure
<TTT> dr3x, no
<Cypher> dr3x, kinda yeah :)
<dr3x> cant you set the Administrator account to set off all sorts of alarms?
<TTT> A honeypot would act more aggressive, does it?
<Rockin_lad> correct me if I'm wrong , but aint the pass file supposed to somewhere under HKWEY_LOCAL_MACHINE/SAM OR SOMETHING ?
<dr3x> thatd make sense
<Cypher> besides, u could audit and see when someone tryes to access that account.... and KILL KILL KILL :)
<dr3x> yeah,
<Cypher> dr3x, u can write on-logon scripts
<Cypher> rockin_lad, yes
<Cypher> we'll get to that
<Rockin_lad> k
*** _zach- has joined #bsrf
<Cypher> of and btw, u also should set a real good password: something like - "try_and_hax0r_me_u_dumbas" ;-) so he won't have it easy
<Cypher> getting your "zero permittions" account also :)
<dr3x> hehehe
<Cypher> question time
<QX-Mat> me
*** tcg has quit IRC (Quit: ircII EPIC4-0.9.1 -- Accept no limitations)
<QX-Mat> Back with that thing earlier
<QX-Mat> For example:
<QX-Mat> # Win32-NT :)
<QX-Mat> use Win32::NetAdmin;
<QX-Mat> UserGetAttributes("", $_, $password, $passwordAge, $privilege, $homeDir, $comment, $flags, $scriptPath)
<QX-Mat>
<QX-Mat> The user/password age is a number, but this number is not the seconds since the passwords was
<QX-Mat> activated, but the seconds (or days/minuets?) from 1980 sometime untill the password was created
<QX-Mat> plus the actual age.
<QX-Mat> Ex: 1980 to today is 20 years + say 1 since the user made their password, then you do
<QX-Mat> (((((21*365)+5)*24)*60)*60), but I'm
<QX-Mat> not sure of the exact date in 1980?
*** ZipIt has joined #bsrf
<Cypher> are u asking what password age is measured in? days i believe....
<QX-Mat> yes, but from?
<Cypher> its the time since the password was set
<Cypher> or changed, of course
<QX-Mat> That's not how it works out of.... and I did read it was set from a data in the 80's
*** wallk has joined #bsrf
<Cypher> perhaps in nt3.51? or did u read about nt4/5?
<QX-Mat> same, user attributes are the same...
*** ZipIt has quit IRC (Killed (NickServ (GHOST command used by wallk)))
*** wallk is now known as zipit
<QX-Mat> it was because of Nt 3.51 though
*** zipit is now known as ZipIt
<Cypher> i'll check that out, can't give u a full answer now
<QX-Mat> ok
<Cypher> its a novice lecture, after all :)
<ZipIt> Hello all#
<Cypher> lets continue then
<Cypher> hey ZipIt
<Cypher> next issue of the day is - Lockout and Audit policies
<Rockin_lad> will be covering , Microfosf Exchange ?
<Cypher> if there is a thing users hate is complex passwords and lockouts
<Cypher> no
<Rockin_lad> oh , okay then
<Cypher> but as an admin, u _must_ set a complex passwords and a lockout policy
<Rockin_lad> lockout ?!
<Cypher> (therefor being hated by the users) :)
<Rockin_lad> he he
<Cypher> Lockout means that the system locks up after a certain number
<ZipIt> But what a user wants is not always the best thing...
<Cypher> of invalid login attempts
*** sanke has quit IRC (Ping timeout)
<Rockin_lad> oh I see ,
<Samcon> screw the users
<Cypher> ZipIt, absolutelly correct!
*** Olaf has joined #bsrf
<Cypher> i recommend setting the invalid attemps to 3 or 5, and the lockout time to about 10 minutes (or more, if u desire)
<Cypher> that's actually the time in which the user cannot try any logins
<Cypher> (also an anti-script-kiddie countermeasure)
*** _quato_ has joined #bsrf
<Cypher> if he tryes 3 or even 5 attemps and then looses connection he'll just (usually) backaway
<_quato_> greetings
<ZipIt> Cypher - What about Auditing failed attemps
<ZipIt> ?
<Cypher> getting to it now :)
<ZipIt> soz
<Cypher> Auditing is another _very_ important issue in sec.
<_caps> was just reading the logs.., about setting a "lifetime" for passwords, that isn't a real good idea if you are running a big network that has to be dynamic
<Cypher> its help u see all those invalid logins or ever successfull ones
<_caps> users can't always check for new passwords
<Cypher> _caps, but imagine someone gets one "unlimited" password.....
<QX-Mat> my neighbors on BBC2
<Cypher> save that to the questions time (soon to be) plz
*** Sub has joined #bsrf
<ZipIt> But if there's 1 thing Admin's hate... and thats "wading" through MB's of Audit logs
<Cypher> Auditing lets u monitor all sorts of security related activity on your machine/network
<_quato_> greetings Samcon
<_caps> okay :) was just reading logs and thought i'll note on that.
<Cypher> ZipIt, normal admins, just hate logs :)
<ZipIt> lol
<Cypher> but they use and read them, anyhow :)
<_zach->; some..
<_zach->; :)
<Cypher> so the conclusion is - read your logs!!! don't underestimate the great power of the written word! ;-)
<Samcon> ?
<Cypher> now - before i move to NTFS - questions
*** sniper has joined #bsrf
*** sniper has quit IRC (Quit: plec la mama acasa !!! :))))
*** snider has quit IRC (Ping timeout)
<Cypher> anyone?
<QX-Mat> With Win32::EventLog, you can make perl cypher though to check for "naughty" things
*** DigitalFallout has joined #bsrf
*** Samcon has quit IRC (Quit: Women, You can't dig them and you can't dig them a grave)
<QX-Mat> Handy to track down what the school admin did wrong
<QX-Mat> ;)
<Cypher> QX-Mat, there are many log analyzers out there
*** blindman`s_vision has joined #bsrf
<Cypher> getting one would usually be a good idea
*** snider has joined #bsrf
<DigitalFallout> Hey all
<ZipIt> What types of information do you (personally) audit...
<Rockin_lad> me
<Rockin_lad> but I think I'll ask it later , it may ne out of subject
<QX-Mat> regex will meet your needs though
<Cypher> hey blindman`s_vision, wb snider
<Cypher> hey DF
*** sanke has joined #bsrf
<snider> stupid servers
<blindman`s_vision> hey Cypher
<snider> lecture still on?
<QX-Mat> go....
<Cypher> ZipIt, usually i audit logon attemps (failure/success)
<Cypher> permittion changes
<QX-Mat> We're all ears
*** Olaf has quit IRC (Ping timeout)
<Cypher> etc.
<DigitalFallout> Can anybosy read the board?
<Cypher> snider, yes
<Cypher> lets continue
<Cypher> NTFS is the flag file system of Microsoft, so it would be a pity not to use it (they tried so hard :))
<Cypher> if you're using NT => use NT File System
<TTT> no, DF
<Cypher> especially if you're running a server
<Cypher> i think i don't need to explain the pros and cons of NTFS, right?
<Cypher> or should i?
<ZipIt> spare us
<m0ded> do it
<_quato_> nope
<ZipIt> !
<DigitalFallout> GO for it
<sanke> yes
<blindman`s_vision> do it
<Cypher> NO - 2 | YES - 4
<Cypher> ok ok :)
<m0ded> yes do it ;p
<ZipIt> damn
<Cypher> NTFS .vs. FAT
<DigitalFallout> God bless demoracy
<Cypher> ZipIt, that's the request :)
<Cypher> hehe
<_quato_> ya right
<ZipIt> Make it so... :(
<Cypher> the biggest advantage of NTFS is its permittions control
*** Rockin_lad has quit IRC (Ping timeout)
<_caps> what does NTFS .vs. FAT has to do with a lecture about security :>
<Cypher> which is the most important part of the permittion management in a multi-user system (obviously)
<ZipIt> caps - "permission control"
<Cypher> _caps, of course (the part i'm talking about). besides i'll be happy to tell about any other subject u ask :) (if i know it)
<Cypher> permission!
<Cypher> damn, why noone corrected me?
*** Sub has quit IRC (Quit: ...)
<m0ded> heh
<Cypher> i kept saying "permittion " shame on me!
<_caps> uhm, okay.. go on :> i'm not much informed on this topic.
<_caps> heh, your forgiven
<ZipIt> Cos were all nice... and besides it's piss funny!
<Cypher> anyhow, set the permissions for the directories and assign proper rights to your users
<Cypher> and NTFS gives u that
<Cypher> also, NTFS 5.0 (in win2k) has a Quota control
<Cypher> letting u set space quotas for users on the disk
<_quato_> Quota control????
<Cypher> also, a useful feature - use it
<ZipIt> User directory space
<Cypher> _quato_, yes, u could limit users in disk space
*** Raven has joined #bsrf
*** ChanServ sets mode: +oa Raven Raven
<m0ded> hey Raven
<Raven> hey ho
<Raven> sorry i'm late
<DigitalFallout> Hello
<Cypher> heya Raven
<dr3x> my school needs that...somebody downloaded 3 gigs of mp3s and i couldnt save my english report
<Raven> just here to moderate
<_quato_> hail raven
<dr3x> Hi Raven
<Raven> (it rhymes)
<Slayer> hi Raven
<Cypher> Raven, we are having lecture+questions structure
<ZipIt> here we go again... another page full of hi's... damn yr popular ;))
<Cypher> so u could +m on the lecture and -m on the questions, if u want
<m0ded> yeah good idea
*** Raven sets mode: +o Cypher
*** ChanServ sets mode: -o Cypher
<QX-Mat> Has it worked yet?
<Raven> hmm, secureops
<Raven> gimme a sec
<Cypher> k
<QX-Mat> Now?
*** Raven sets mode: +o Cypher
<QX-Mat> Nope
<Raven> good
<m0ded> +m
<QX-Mat> ooh
<Raven> did you start yet?
<Cypher> Raven, an hour ago :)
<m0ded> yeah
<Raven> oops
<Raven> :-)
<Raven> are you in a break now or something?
<ZipIt> zzzz
<Rockin_lad> yeah I was late too
<m0ded> set mode +m and lets continue..
<Raven> or am i interrupting you?
<_quato_> back to NTFS ...
<Rockin_lad> damn oh damn analog dialups
<Rockin_lad> okay NTFS
<dr3x> yeah, on with the lecture
<Cypher> k, lets move on then
<Cypher> question time :)
<Cypher> (was)
<Cypher> _quato_ do u have any NTFS questions? i was thinking of moving next
<Cypher> another step to basic NT security is Audits
<Cypher> try to break into your own system!
<Raven> absolutely
<Rockin_lad> how ?
<_quato_> no questions....
<Cypher> it will: 1. make u a better person ;-) and 2. make your system a better system ;-)
<_quato_> how secure is NTFS
<_quato_> ??
<snider> <_quato_> no questions....
<Cypher> quato, pretty secure
<_quato_> encryption??
<Raven> the problem is that security holes arise from software itself
<Raven> and not the file system
<Raven> (usually)
<Cypher> _much_more_ then all the other microsoft file systems
<Cypher> quato, of course
<_quato_> w2k - Kerberos
<Cypher> encryption, compression, permissions, the whole pack
<Cypher> Raven, yep... that's one of the probs
*** Noon_Ghunna has joined #bsrf
<Cypher> quato, also (but that's in win2k)
<Raven> and we all know that microsoft isn't exactly security concious
<QX-Mat> zzz
<Cypher> Raven, Ce La Vi ;-)
<Cypher> so, i was talking, Audits
<Raven> they never do proper beta testing
<Raven> :-)
<DigitalFallout> Gee where have I heard that before.....
<_caps> well, thing about microsoft products is that evntually you can't secure something even if you want to :P
<Cypher> there are great third-party software to test your shields
<Cypher> the Security Scanners
<Samcon> this is really strange cuse bill gates is a (retired?) hacker
<Rockin_lad> Red Button is one of those
<_caps> hacker? billy? ;>
<m0ded> he was
<Cypher> Red button is to establish null sessions, no?
<Samcon> sure, they kicked him out of his university for that
<Cypher> eEye Retina (port scanner, but a good one), the ISS Internet Scanner, the ISS RealSecure, WebTrends Sec Scanner, and more....
<Rockin_lad> I dont know , I tried it , didnt work :)
<Samcon> i think it was harvard
<Slayer> i think its for getting admin
<Cypher> Rockin_lad, u cannot always establish null sessions (then it would be just too easy)
<Slayer> dont know if it works
<Rockin_lad> oh
*** FrEEkY has quit IRC (Ping timeout)
*** Samcon is now known as Samcon_watchin_flubber
<Cypher> so, in conclusion, we had a NetBIOS intro, the IPC share and Null Session, and the steps to secure NT station - questions?
<DigitalFallout> (I was late) Did you cover local security?
<Cypher> someone asked about passwords (the SAM, enryption, etc) - should i explain on it?
<m0ded> yeah
<QX-Mat> Terry Parchett invented paged memory on his BBC clone
<Rockin_lad> oh yes
<Rockin_lad> plz
<QX-Mat> he was a hacker too
<Cypher> DF, local security? securing a machine from the admin? ;-))
<DigitalFallout> :) No from people with access to the server
<Cypher> DF, yes
<Cypher> we discussed permissions
<Cypher> NT uses an assymetric encryption algorithm (so does UNIX, btw) to encrypt the passwords
<DigitalFallout> Ok
<Rockin_lad> what I really was woundering about , is how to break into NT senmail version ?
<m0ded> witch is?
<DigitalFallout> I'l review the log when it is posted
*** Raven has quit IRC (Quit: Cypher, you're on your own now. Good luck. :-))
<Cypher> and it stores the hash (the encrypted password) in the SAM
<QX-Mat> Unix's is unirotational
<Cypher> SAM = part of the registry
<Rockin_lad> or otherwise what soever
<Cypher> and, despite "roomors", the password cannot be decrypted
<Cypher> it can only be cracked
<Rockin_lad> used to store information about users
<Rockin_lad> and domains
<Rockin_lad> oh
<Rockin_lad> brute force ?
<Cypher> there are two common methods:
<Cypher> 1. Dictionary Attack
<Cypher> meaning, to get a word, encrypt it, and compare to the hash
<Cypher> same => this is the password, not => move to next word in the dictionary
<Cypher> and number 2 is Brute Forcing
<Rockin_lad> wont that take alot of time ?
<Cypher> which just generates those words
<Rockin_lad> But brut ferce is very stupid
<Cypher> yep, it'll probably take time
<Cypher> yep again
<Slayer> sometimes its the only way
<Rockin_lad> there must be an interior bug
<Cypher> that's why its is necessary to gather information first, so u won't have to brute force it
<Cypher> sometimes, u could social engeneer it out of the admin/user ;-)
<Cypher> Rockin_lad, in assymetric algorithms?
<DigitalFallout> That is a VERRY hard thing to do
<Rockin_lad> so , can I have question now ?
<Cypher> nope. its pure mathematics, no bugs there :-))
<Cypher> shoot
<Rockin_lad> yeah exactly
<Cypher> DF, what is?
<DigitalFallout> SE the admin
<Cypher> oh, that... well, u'll be surprised (especially on large networks/companies)
<Rockin_lad> so , you've got this ISP runing by NT so how can you log in , or in another word break in , or cant you ?
<DigitalFallout> True
<Cypher> u can take a tour to the offices
<DigitalFallout> it has happened
<DigitalFallout> However it is easier to talk to IE, an intern
<Cypher> stand in the middle and yell "hey! i forgot the system password again, what is it?"
<Rockin_lad> lol
<Cypher> and u can hear a "the_password" response some times
<Cypher> :)
<snider> i know, im the guy that yells
<Cypher> hehehe
<DigitalFallout> Good one
<Rockin_lad> Cypher , what gopher ?
<Cypher> so, first thing - gather information! its more then 60% of the deal
<Cypher> gother?
<Cypher> gather maybe?
<snider> gopher is a 10 year old service
<Rockin_lad> no Gopher
<m0ded> yeah,,
<snider> like a really old BBS
<m0ded> poor gopher..
<Rockin_lad> what does it do ?
<Cypher> of, the Gopher service :)
<Cypher> snider told already
<Cypher> i don't believe anyone uses it anymore, though
<Cypher> wait, i'll look up a formal definition :)
<snider> me neither, poor thing
<Rockin_lad> oh
*** rek has joined #bsrf
<rek> hey
<Cypher> hi rek
<_quato_> hey
<TTT> hi, Rekaerf!
<TTT> long time not seen!
<_quato_> Cypher whats network latency
<Rockin_lad> its when your analog dialup is fuck up
<Rockin_lad> fucked up
<Cypher> :)
<Rockin_lad> like mine
<Noon_Ghunna> Cypher! where are the nt passwd hashes are stored! if they are in sam file, where can i find it in NT.
<Cypher> its when the network is terribly late :)
<Rockin_lad> regisrty
<Cypher> Noon_Ghunna, in the SAM, in the registry, BUT
<Cypher> u cannot access it cause NT locks it (atleast one smart thing :))
<Cypher> BUT (again)
<Rockin_lad> check SECURITY while you're there too
*** ZipIt has quit IRC (Ping timeout)
<Cypher> u can access the SAM_ file, which is the backup file (made by the admin, especially for you)
<Cypher> it is not locked
<Noon_Ghunna> hey is SAM a file or its some information in registery
<Cypher> and located in the repair dir in winnt
<Cypher> Noon_Ghunna, registry is a file
<Cypher> of some sort
<Cypher> anyhow, it is stored on the disk
<Noon_Ghunna> never found the registry file in win98
<Cypher> in the system32\config directory
<m0ded> what SAM stands for?
<Cypher> cause win98 sucZ :)
<dr3x> Security Access Manager
<DigitalFallout> run->REGEDIT
<TTT> it is not a file
<QX-Mat> ooh
<Rockin_lad> Hive
<Cypher> Security_A_M..... ;-) forgot
<m0ded> <dr3x> Security Access Manager
<QX-Mat> umm, can I say something NT user related?
*** sanke has left #bsrf
<TTT> the registry is based on many files
<Cypher> right
<Noon_Ghunna> i know regedit but isn't thee a file on which the registry stores its backup! if there is one where in NT
<Cypher> TTT, of course, but we were talking about the SAM (a part of it)
<TTT> oh, alright
<Rockin_lad> USER.DAT SYSTEM.DAT mybee ?
<QX-Mat> umm, can I say something NT user related?
<Cypher> yes
<Cypher> i thing
<Cypher> QX-Mat, i think.....
<QX-Mat> I've put a couple of NT CGI's up for you too gander at. None of them are complete. But they demo remote user admin via perl.... http://www.q-m.net/outofsite/cgis/list.cgi
<Cypher> Just Do It :)
<Cypher> kewl
<Cypher> so, if there are no more questions, i guess we can call it a day/lecture :-)
<DigitalFallout> Ummmm let me think
<DigitalFallout> Did you go over print access?
<m0ded> time for NT exploits and IIS?
<Cypher> m0ded, right!
<Noon_Ghunna> who will send me the log :|
<m0ded> cool]
<Rockin_lad> yes eys yeas
<Slayer> yeah
<Rockin_lad> ecploit
<Cypher> DF, no :) (and not scanner access also :))
<Rockin_lad> exploit rules
<Cypher> i think its time for a brake
<DigitalFallout> you might want to cover how to secire printers
<Slayer> exploits and IIS
<Cypher> Have a Brake have a KitKat :)
<m0ded> hehe
<Rockin_lad> okay
<Slayer> pls
<dr3x> when the next lecture?
<Rockin_lad> let the man rest

<Cypher> shall we continue?
<m0ded> yeah
<aragorn> yes!
<m0ded> END OF BREAK
<m0ded> p;
<m0ded> ;p
<DigitalFallout> YOur call
<Slayer> yes lets get toexploits and IIS pls
<aragorn> right
<m0ded> IIS the best part
<The_Duke247> hmm
<The_Duke247> is that the time already ?
<m0ded> i was waiting for it
<QX-Mat> It said it was avalible twice on signup, but then on the confirmation email, it turned around! Kill BT!
<Noon_Ghunna> Cypher! is ntfaq worth to download?
<snider> duke: NT security lecure if you didnt know
<The_Duke247> oh really ?
<The_Duke247> errr ok then
<The_Duke247> *shuts up*
<Cypher> NTfaq? sure, y not
<snider> hehe
<DigitalFallout> Well unfortunatly I must depart. I'l have a gander at the logs later
<The_Duke247> can i comment on it or not ?
<Cypher> later DF
<DigitalFallout> Cya
<QX-Mat> Oh, and if any of you didn't know, I survied my hostpital Op!
*** DigitalFallout has left #bsrf
<The_Duke247> cos i know quite a bit on NT, and proxy server hence... ISAPI filters etc..
<Cypher> QX-Mat, that's interesting, especially cause we're talking to u
<The_Duke247> so whos lecturing anyway ?
<Cypher> The_Duke247, u can comment?
<Cypher> we don't know...
*** _quato_ has left #bsrf
*** Cypher sets mode: +v The_Duke247
<QX-Mat> The ISAPI is a little... ahem.... muddled.
<m0ded> shut up
<m0ded> Cypher start
<aragorn> lets go
<Cypher> that was: [Cypher] The_Duke247, u can comment!
<The_Duke247> lol
<Cypher> lets
*** Rockin_lad has quit IRC (Ping timeout)
<Cypher> so IIS, what is it, actually?
<The_Duke247> don't have a mic my friend, thanks for privs anyway
<m0ded> a webserver
<The_Duke247> IIS ?
<The_Duke247> Internet Information Server
<m0ded> good boy
<The_Duke247> packaged as part of Windows 2000
<Cypher> good, i was waiting for someone to type that
<The_Duke247> or the back office set
<Cypher> :)
<The_Duke247> IIS 4.0 with win2k
<The_Duke247> IIS 5.0 released
<m0ded> ok ok
<The_Duke247> with various holes already found
<Cypher> its the Microsoft Server pack
<The_Duke247> :)
<QX-Mat> TOTP is on....
<The_Duke247> yep
<Cypher> The_Duke247, we got it :)
<snider> duke : you can comment, not just satrt talking on and on and on and on
<The_Duke247> lol
<The_Duke247> ok then
<snider> heh
<Cypher> and as all microsoft products
<m0ded> snider right
<Cypher> IIS has bugs
<QX-Mat> !!!!!!
<m0ded> especially 4.0
<Cypher> and bugs and bugs and bugs and bugs and bugs and bugs and bugs and bugs
*** syfilis84 has joined #bsrf
<Cypher> and holes and holes and holes and holes
<Cypher> well, u got the picture :)
*** syfilis84 has left #bsrf
<The_Duke247> *sticks hand in the air saying" me me me me me me"*
<QX-Mat> :>
<Slayer> so how do u exploit them:9
<Noon_Ghunna> ISS know for aspz!
<Slayer> )
<Cypher> Slayer, nah, we just look at them :)
<blindman`s_vision> can someone tell me what this is?
<blindman`s_vision> Apache/1.2.0 PHP/FI-2.0b11 on BSD/OS
<Cypher> The_Duke247, what is it?
<Slayer> arhh
<m0ded> blindman we're in a lecture
<The_Duke247> header from web server
*** Cypher sets mode: +m
<The_Duke247> HTTP 1.1
<Cypher> sorry :)
<The_Duke247> no cigar huh?
*** Rockin_lad has joined #bsrf
<Cypher> i'll -m it at the question part
<m0ded> Cypher devoice The_Duke!
#BSRF Cannot send to channel (channel is moderated, you do not have a voice)
<Cypher> so, IIS is fuuulll of probs and bugs
<Cypher> just waiting to be exploited
<Cypher> by.... well... various ppl
<The_Duke247> yep
<Cypher> the 4.0 version had plenty of them (5.0 less)
<Cypher> or better to say, not yet discovered ;-)
<The_Duke247> because it hasn't been around as long you could say
<The_Duke247> lol exactly
<Cypher> many of the holes were in the /scripts directory
<Cypher> it would give u to execute stuff
*** rattle_and_hum has joined #bsrf
<Cypher> for example
<Cypher> the *.bat is assosiated with the cmd.exe application
<Cypher> (command prompt)
<Cypher> so a malicious hax0r could
<The_Duke247> lol@hax0r
<Cypher> execute something by using the following string:
<Cypher> domain/scripts/yadayadayada.bat?&command1+?&command2+?&..........
<Cypher> and it will be executed as batch commands
*** Cypher sets mode: -m
<Cypher> go go go :)
<m0ded> hehe
<Slayer> yeah
<snider> lol
<dr3x> It would run in system context (root)?
*** Cypher sets mode: +v snider
<m0ded> plx devoice The_Duke when u have +m
<Slayer> cypher u are the man
<Cypher> m0ded, fine
<The_Duke247> whhhy ?
<m0ded> he keeps talking
<The_Duke247> what ?
<Cypher> any questions/comments/corrections/suggestion/yada_yada_yada?
<Cypher> The_Duke247, nm it now
<dr3x> Would the batch run with root privs?
<Cypher> dr3x, it will run with system privs
<The_Duke247> shouldn't the question be would it run without ?
<Cypher> no, it wouldn't
<Cypher> the ? delivers the params
<dr3x> k
<m0ded> its something like phf
<The_Duke247> no, ? was part of my own question
*** syfilis84 has joined #bsrf
<The_Duke247> not syntax lol
<Cypher> but (hate to disappoint ya) it was fixed and patched by Billy :)
*** syfilis84 has left #bsrf
<snider> ouch, nice nick.. syfilis
<Slayer> grr
<Cypher> let me now explain what exactly happens and why
<Cypher> (in that issue)
<Cypher> so it goes like das: /scripts/lalala.bat?&dir+c:\+?&time
<Noon_Ghunna> cypher u reading some book? :)
<QX-Mat> hey, keep him away!
<Cypher> then the following occurs
<Cypher> Noon_Ghunna, i made notes to myself earlier :)
<Cypher> i can't remember everything :)
<QX-Mat> I hear that syfilis.... oh god I had sex ed only last week!
<Cypher> so
<The_Duke247> gotta run... my errr bath is overflowing?
<The_Duke247> :)
<The_Duke247> ciao boys and girls
<Cypher> later
<m0ded> bye
<m0ded> go on
<Cypher> i'm continuing
*** Cypher sets mode: -v The_Duke247
*** aragorn has quit IRC (Quit: Leaving)
*** The_Duke247 has quit IRC (Quit: Leaving)
<Cypher> the first thing is the browser asks u to save the doc or view it with a viewer
*** head__ has joined #bsrf
<Cypher> then it starts a download session
<m0ded> downloading what?
<Cypher> the file
<Cypher> e.g. "Save or Open"
<Cypher> u know
<Cypher> lalalal.bat
<m0ded> yeah
<QX-Mat> I can type with my nose! Look. .s
<Cypher> u click "cancel" but it never termintes cause u used the "time" command :)
<QX-Mat> h;lkl:
<snider> hmm, maybe +m would help
*** Cypher sets mode: +m
<Cypher> oh, and _nothing_ is logged on the server
<Cypher> cause it was never terminated
<Cypher> the only way is to check ALL the security logs
<Cypher> which is a veeery long thing on a large network
<Cypher> and we know, that admins hate logs ;-)
<Cypher> that's their default state of mind
<Cypher> so, in conclution, the hax0r (e.g. script kiddie) could excute his milicions code like das
*** zzorro has joined #bsrf
<Cypher> and of course there is no *.bat files in the /scripts dir, but windows mapped it
*** Rockin_lad has quit IRC (Ping timeout)
<Cypher> so it "gotta" use it :)
*** zzorro has left #bsrf
<Cypher> that ends it for this exploit
*** Cypher sets mode: -m
<Cypher> q?
<m0ded> nope
<snider> yes
*** drednought has joined #bsrf
<Cypher> shoot snid
<snider> is input validation and wrong file permissions all there is to ISS vulns?
<snider> IIS*
<Cypher> hey drednought. we're having a lecture here, you're welcome to join in
*** zzorro has joined #bsrf
<zzorro> olá
<Cypher> snider, nah, its just plain old stupidity also :)
<Cypher> hey zzorro
<zzorro> io
<zzorro> dd tc?
<drednought> thanks
<snider> what about bufferoverflows in IIS?
<snider> or other stuff alike
<Cypher> but we don't want that now, do we?
<Slayer> yes
<snider> okay
<Slayer> lol
<Cypher> next thing on the chapter - FrontPage-Server Extentions-based IIS holes
<snider> wee
<snider> :)
<Cypher> Frontpage is one hell of a program when it comes to security.... ;-)
<head__> Cypher: sure is true ;)
<Cypher> it has something like ZERO security features
<Cypher> not to mention, its a lousy editor :)
<m0ded> yup
<snider> and Frontpage-server is also an IIS webserver app?
<Noon_Ghunna> Frontpage is one hell of a program when it comes to security <--- and web page making too :)
<Cypher> its a server extention
<Cypher> [Cypher] not to mention, its a lousy editor :)
*** zzorro has quit IRC (Quit: Leaving)
<Cypher> FP has caused many problems to IIS
*** Rockin_lad has joined #bsrf
<Noon_Ghunna> Cypher! is FP a webserver too?
<m0ded> yeah
<Cypher> no, an extention (add-on)
<m0ded> no
<snider> no, he just said that
<m0ded> heh
<Cypher> lol@m0ded
<QX-Mat> FP Exploits..... we gonna be here for ever!
<snider> cypher, please go on :)'
<Cypher> FP "throws" all kind of dirs to your web, in the form of: _vti_xxx
<drednought> are you taking about local security problems or remote?
<Cypher> QX-Mat, just the basics
<Cypher> remote
<QX-Mat> ah
<Cypher> (now)
<Cypher> FP sometimes get so stupid it actually _shows_ you its _own_ password file... imagine that....
<snider> passwords to do what=
<zar> Did i make it for the lecture??????
<snider> ?
<Rockin_lad> hey zar , wuz up ?
<Cypher> for example, if directory browsing is allowed, and proper permission not set (not NTFS for example)
<zar> just woke up :)
<Cypher> the user could get the file list of the dir
<Cypher> a known password file: domain/_vti_pvt/service.pwd
<Cypher> it is encrypted of course
*** QX-Mat is now known as QX
<zar> @#$%ing daylight savings time
<Cypher> (FP is not _that_ dumb)
<Cypher> but with standard DES
<snider> hehe
<snider> what are the passwords used for?
<Cypher> which will make no prob usually
<Cypher> snider, u don't know what to do with passwords?? man..... :-)
*** han has joined #bsrf
<QX> the passwords are creted using the crypt() command
<snider> no i mean, are they access passwords for the NT system?
<QX> no
<Cypher> no
<Cypher> web ones
<Cypher> another exploit (in case u find anony ftp writable and fp extentions, of course)
<Cypher> u could upload a file to the _vti_bin dir
<QX> cos it's public!
<Cypher> and issue the following: domain/_vti_bin/your_file
<snider> im still baffled about this "web passwords" thing..
<Cypher> and the server will be glad to execute your malicious file :)
*** han has quit IRC (Quit: Leaving)
<Rockin_lad> wow , what a bug unfortunatley I'm still learnin ASP
<m0ded> Cypher the dir _vti_bin always exist through ftp?
<Rockin_lad> :)
<Cypher> snider, FP extentions has a password protection system for your web (FP is also a web manager)
<QX> mkfs_dos....
<dr3x> what kind of files can be executed in _vti_bin?
<Cypher> m0ded, depends on the permissions
<Cypher> we are not talking on how to get it ther
<Cypher> e
<Cypher> i'm saying that it'll be executed
<snider> okay, and by web manager you mean that you can upload through it?
<Cypher> dr3x, executable ones :)
<QX> Simple mime post
<Cypher> snider, it manages your site. the permissions, uploads, safety, passwords (e.g. permissions), etc.
<Cypher> when u have the password
<m0ded> u can deface it
<Cypher> u just go to your local (argh)
<Cypher> copy of FP
<Cypher> and logon
<Cypher> to the remote site
*** SteeLe has joined #bsrf
<QX> SAVE THIS MAN: http://www.elfqrin.com/elfcam.jpg
<m0ded> hehe
<snider> ahh i see..
<Cypher> hey SteeLe
<Cypher> you're a bit late for the lecture
<SteeLe> hi
<SteeLe> what lecture?
<Cypher> but no biggy, just two hours :)
<m0ded> heh
<m0ded> NT Security
<zar> lol
<SteeLe> aaahh the NT Security lecture
<SteeLe> I just remembered about it
<m0ded> yeah, remember?
<m0ded> ;p
*** SteeLe has quit IRC (Quit: 7th Sphere v3.0 © 1997 7th Sphere Enterprises)
<Cypher> hehe
<Cypher> he went to his time machine :)
<m0ded> he left us
*** Megram has joined #bsrf
<m0ded> go on Cypher
<Cypher> i wanted to have a little war game at the end, but unfortunatly i had no chance to set up my other box. so it'll be at some other occations.
*** SteeLe has joined #bsrf
<Cypher> m0ded, actually that's all i had planned to discuss
<Cypher> perfect 2 hours :)
<m0ded> yeah
<snider> damn, its over now?
<Cypher> any suggestions?
<Slayer> yeah it was cool
<Slayer> especially the last part
<SteeLe> have you gotten to the point as to where NT Sucks?
<Noon_Ghunna> when will we see a proper tutorial of this lecture :)
<Cypher> now, some feedback - how was it? (don't kill me right away :))
<m0ded> IIS and NetBIOS the best parts
<Cypher> Noon_Ghunna, as soon as i'll get the time to write them (the log will be published, thought)
<m0ded> Cypher u want the logs?
<zar> I would have made it in time but didnt get the right time cuz of gay daylight savings....
<Noon_Ghunna> IIS and NetBIOS the best parts <---- :( i missed em
<QX> Ahh it was very good! Not many typos! (no doubt it has all been typed up before hand!)
<Cypher> before hand?
<zar> lol QX
<Cypher> u mean notes?
*** QX is now known as QX-Mat
<Cypher> i had a topic list (the one at BSRF) and a syntax list (the bla.bat?) thingies
<Cypher> so i wouldn't forget
<Cypher> more feedback! mooooreee! mooorreeee!!
<Noon_Ghunna> so whose mailing the log ?
<dr3x> good job Cypher, you should lecture again soon
<Noon_Ghunna> 6Hey 1(14watch out1)6 for the mice14 Cypher 6!1 ~~0,14(,,°°> 1 ~~0,14(,,°°>
<QX-Mat> As in a large word document that is well prepared, then pasted in.... the best way to do it I think
<m0ded> Cypher u want the logs or u' were logging?
<Noon_Ghunna> :)
<Cypher> haha
<Cypher> m0ded, i was, but send it anyways
*** QX-Mat is now known as _QX-Mat-
<m0ded> heh
<m0ded> email address
<_QX-Mat-> ah
letly when shitting down the PC
le_and_hum» ahm
«+snider» it has to be
«+snider» no wait
«rattle_and_hum» wat's realtime
«rattle_and_hum» as we change it?
[22:17] *** Quits: drednought (blow@PTlink-5115.eircom.net) (Quit: Leaving)
[Cypher] the registry can grow more then your RAM
«Rockin_lad» press on reset
[Cypher] rattle_and_hum, yes
«Rockin_lad» now I'm confuesd
[Cypher] realtime - in the action time
[Cypher] without delays
«QX-Mat» This is simple physics. You can't wipe a capsit memory chip... it has to discharge. Computers since the 286 phase, fill the ram with 0's when the power is turned off (this is like pico-amps, so a electrolitc capasitor is barly needed). After about 2 seconds the entire momory goes into a-stabliblity, and eventually fades to mother earth (or where ever destroyed electrons go... the gold in other words)
«+snider» the changes you make are made in the files, so when you reboot it will still load it correctly
«rattle_and_hum» hmmmm
[22:18] *** Joins: Hand_of_God (VoiD@213.228.116.PTlink-3092)
«rattle_and_hum» but u said that registry is in ram
«rattle_and_hum» u mean to say that every update is stored in hd too?
«Hand_of_God» hi!
[Cypher] yes
[Cypher] hey HoG
«Hand_of_God» hi Cypher
[Cypher] QX-Mat, that's all good.... but... i've just meant that you loose the RAM on shut down
«rattle_and_hum» that means, effectively registry is a binary that is loaded each time pc starts?
«Noon_Ghunna» i look likes do
[Cypher] i don't really know the inner operatios (thanx for the explanation, btw)
«Noon_Ghunna» it look likes do
«+snider» QX-Mat, you obviously have knowledge physics, but it doesnt matter now does it? point is, you cant read the memory if the computer is turned off anyways
«QX-Mat» Yes, but wiping is DIFFERENT. You do loose, but don't wipe
«Rockin_lad» RAM=RANDOM ACESS MEMORY
«m0ded» heh
«m0ded» correct ;p
«Rockin_lad» wiped out completly when shitting down the PC
[Cypher] QX-Mat, correct. but i can't access it after that, right?
«+snider» QX-Mat, nitpicking is for people who dont have better to say :)
«TTT» shitting down????
«TTT» *LOL
[Cypher] so for me (the dumb user) it is gone
[Cypher] that concludes our lecture. i hope it was as good for you as it was for me! ;-))
[Cypher] gonna get some f00d now
«rattle_and_hum» btw....QX-MAT: what do u mean by "...fill with 0's..."?
[Cypher] be back some time later
[22:20] *** Cypher is now known as Cypher[f00d]
«Rockin_lad» oh yes I enjoyed it , thanks alot cypher
«m0ded» cya later guys
«m0ded» cypher good job