PDA

View Full Version : Hacked?



spike
01-30-2002, 03:21 AM
Hi,

Can someone please look at the log file below and tell me exactly what is going on? This is the log file from an IIS 4.0 server.

-------------------------------------------------------------------------------

GET /scripts/root.exe /c+dir 404 604 72 2* 80 HTTP/*.0

GET /MSADC/root.exe /c+dir 404 604 70 20 80 HTTP/*.0
GET /c/winnt/system*2/cmd.exe /c+dir 404 604 80 20 80 HTTP/*.0
GET /msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system*2/cmd.exe /c+dir 500 0 *45 *0 80 HTTP/*.0


-------------------------------------------------------------------------------

these are just a few examples of the log entries.

Blacksheep
01-30-2002, 12:56 PM
Sigh... I do wish you would use the term "Cracked": http://www.pcwebopaedia.com/TERM/h/hacker.html

llS huh, hmmm... Looks suspicious to me. Do you have all MS security (oxymoron) patches installed? I do believe Gibson's got some stuff on llS exploits somewhere in his labyrinth: http://grc.com/default.htm

Fuzzyman
01-31-2002, 05:13 AM
:rolleyes:

I guess the problem is not one of terminology but of language - no matter how cracked someone has been, what they probably feel is hacked -- it just sounds right.

DATA
01-31-2002, 11:19 AM
HI,


cmd has exploits.

DATA
02-24-2002, 07:20 AM
HI,

MSADC IS Microsoft Active Directory Connector

CMD.EXE /C

CARRIES OUT the command specified in string and then terminate.

some * was trying to execute a command on ur system
more like looking at the directory
dir 404 604 80 20 80 HTTP/*.0
GET /msadc/..%5c../..%5c../..%

SEE THE directory and what ever.

it looks like the person did not know it was an iis server and tried all what he knew.

he was having a look at whats in ur computer.
now call it crack or hack or what ever u wish.

regards Data.