Need help, can't delete hacker's folders
Results 1 to 8 of 8

Thread: Need help, can't delete hacker's folders

  1. #1
    Junior Member
    Join Date
    Aug 2001
    Posts
    3

    Angry Need help, can't delete hacker's folders

    Hello,

    I juste found out that somebody without the proper permissions created 2 folders in the root of my ftp server ( i am running IIS 5.0 ). The folders are named com1 and com2.

    Problem is, I can't delete the folders because i don't seem to have the rights even tought I am the admin. I can't even select the folders. When I click on one of them, explorer crashes..

    It looks like the best solution would be to format and reinstall ...

    Any suggestions ?

    Thank you
    Share on Google+

  2. #2
    Junior Member
    Join Date
    Aug 2001
    Posts
    7

    Try taking ownership?

    Have you tried taking ownership of the directories, and then you can delete them after that. Even if you're admin, if you havent been given permissions to the files/folders, you wont be able to delete them unless you are able to take ownership and then assign perms to yourself.

    Good luck.
    Ricker
    <% response.right \"sometimes\" %>
    Share on Google+

  3. #3
    Junior Member
    Join Date
    Sep 2001
    Posts
    10
    Hi, if exploere crashes when u select it, it could be a sign of the old extended ascii filename.

    it can only be removed through dos becuase windows doesn't support the same ascii table. its usualy ascii key 254 or 255 , dependant on the keyboard set.

    try it. in dos try to CD into the folder and put alt + 254/255 on the end of the filename.

    Its an old trick that used to be done. this is the only thing that i can think it could possibly be other than permissions.
    Share on Google+

  4. #4
    Junior Member
    Join Date
    Aug 2001
    Posts
    7

    Good thought...

    Yeah, I didn't even think about that. I've seen people, usually programmers, make temp files with "_____.___" for filenames... it reports that in windows, but in dos its actually listed as alt+255 a bunch of times, with a dot in the middle...

    Good thinking, and yes, windows won't know what to do with that file, so you'll have to do it in a dos mode or just boot to a dos disk and do it that way.
    Ricker
    <% response.right \"sometimes\" %>
    Share on Google+

  5. #5
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    I had put up a bit of information on the alt-255 character in This thread.
    [HvC]Terr: L33T Technical Proficiency
    Share on Google+

  6. #6
    Junior Member
    Join Date
    Aug 2001
    Posts
    3

    Question

    Thanks for the help

    I think you guys are on the right track. There is a strange character at the end of each directory name and each file extension.

    However, it does not seem to be the 255 ascii code.

    Fortunately, i have informations in the IIS log that might be usefull. I have found this in one of my logs

    23:57:31 <ip address>[45]RNTO flt-cfz.002+./+./ 250
    23:57:39 <ip address>[45]RNFR flt-cfz.003 350
    23:57:39 <ip address>[45]RNTO flt-cfz.003+./+./ 250
    23:57:47 <ip address>[45]RNFR flt-cfz.004 350
    23:57:47 <ip address>[45]RNTO flt-cfz.004+./+./ 250
    23:57:56 <ip address>[45]RNFR flt-cfz.005 350
    23:57:56 <ip address>[45]RNTO flt-cfz.005+./+./ 250

    It looks like every file are renamed with an extra character at the end. It's the " +./+./ " part that I can't figure out. What does that mean ?

    Thank you
    Share on Google+

  7. #7
    Junior Member
    Join Date
    Aug 2001
    Posts
    3
    I think I just answered my own question. The files were renamed with the following names:

    flt-cfz.001 ./ ./
    flt-cfz.002 ./ ./
    flt-cfz.003 ./ ./

    But the slashes do not show up in the directory listing. So you can't access the files unless you know how many slashes were inserted.

    How is that possible ? This is not a valid name in windows so how come it works ?
    Share on Google+

  8. #8
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007

    Question Uhm

    Well, I haven't seen that before. The closest thing I can think of it HTML (and DOS, and *nix, when you get down to it) notation for relative directories, which doesn't quite seem to make sense in that context.

    (I.E. With two periods meaning the prev directory, and one period meaning th ecurrent directory, so http://blah.com/dir1/dir2/../ is the same as http://blah.com/dir1/ )
    [HvC]Terr: L33T Technical Proficiency
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides