Log
Results 1 to 9 of 9

Thread: Log

  1. #1
    Banned
    Join Date
    May 2002
    Posts
    64

    Exclamation Log

    I just got that book hackers Challenge and im on the french connection. I figured out what the hacker did but i dont know how it works. Now check out this log


    03/03/2001 4:01 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
    GET /scripts/../../winnt/system32/cmd.exe / /c+dir+d: \ 200 747 484 31
    www.victim.com Mozilla/4.0+(compamible; +MSIE+5.0; +Windows+98)



    Now correct me if im wrong but what the hacker did was remotely open the cmd.exe program and got a remote shell. HOW THE HELL?

  2. #2
    Cross browser scripting. I believe is what you call it. See the {GET} some people don't setup there webservers right so you can execute commands, and **** from a web browser. There are alot of Tutorials on it. One good piece of advise for webservers is change the C:/ letter to like f:\ or somthin that way stupid scripts like that won't work.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    this only works on iis 4 and earlier and personal web server, they call it the doubledot exploit. he put himself in a directory that allows executables to run (scripts) then double dotted up to c:, into winnt/system32 and did a dir

    in iis4/5 the same could be done using unicode:

    GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\

    and their are patches that have been out for quit some time for both.


    i correct myself, personal web server dosnt have /scripts, but the double dot allows downloading of named files.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  4. #4
    yeah that's it

  5. #5
    Banned
    Join Date
    May 2002
    Posts
    64
    so this attack was totally based on a browser?

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    this attack was based on M$ stupidity. a browser was used to exploit it.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Banned
    Join Date
    May 2002
    Posts
    64
    So the only way to execute this attack is via browser? or is there some lame script kiddie tool to do it for those losers?

  8. #8
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    There are always script kiddie tools. There are tools to attempt the attack on hundreads of machines at a time. That is actually how some of the mass defacements worked last year.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  9. #9
    Banned
    Join Date
    May 2002
    Posts
    64
    so like distributed cross browser scripting attack tools?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •