OMG Is this a logfile of me being hacked on IIS

Printable View

Show 40 post(s) from this thread on one page

June 4th, 2005, 12:23 AM
chsh

Quote:

Originally posted here by Tiger Shark
Treanglin: You're fine... get used to them.... Learn to look for the returned error code, (403, 404, 500 etc.). If the error code is above 400 then nothing bad happened except, possibly, some information gathering.

If I'm not mistaken, were there not worms that when successful at exploiting a target box would throw 500 in the return code (those that for instance, caused an IIS restart)?

Unless you get 400, 403, or 404, I would investigate a bit.

As for the user-agent field, ignore it. They can be crafted to look however the crafter wants them to, and are thus unreliable.
June 4th, 2005, 12:53 AM
RoadClosed

Quote:

No respect for common courtesy anymore.

fingerpints on the door bell gore? If I answer and you have gloves on I shoot you on site. :D
June 4th, 2005, 01:09 AM
gore

I wear skeleton gloves. So it wouldn't look out of the ordinary. Besides, I wait till winter. Then I can use my coat. You wouldn't get **** for DNA traces left of me as I know how not to leave a thing ;) I can get you out of the house if you have something I want bad enough, I've called people and said I was the manager at a video store and that I had his son on camera stealing gay pron. He left the house and went there even though I didn't go to his house.
June 4th, 2005, 01:29 AM
Tedob1

breifly looking at it i'd say the kiddie that attempted this is really wasting his/her time. the proggie/script that was run looks for vulns that have been long patched in iis4/5, like a front page BoF and backdoors and renamed versions of cmd.exe that would be placed by a unicode directory transversal attack. this vuln was fixed years ago. the perp needs some sense slapped into him.

there are servers out there that are open to these attacks but if this kid had any sense he would have eliminated the iis6 servers and consentrated on the 4's and 5's where these vulnerabilities might be found.....not a clue!
June 5th, 2005, 12:48 AM
skiddieleet

Quote:

Originally posted here by RoadClosed
fingerpints on the door bell gore? If I answer and you have gloves on I shoot you on site. :D

but if there's somebody home he doesn't rob them. So you put the gloves on after you determine there's nobody home and wipe the doorbell :).
June 5th, 2005, 03:18 AM
gore

Not enough. You can whipe it but someone with the right tools could trace it. I'd use my coat to ring it. In a lot of clothingof course to make it hard for dogs to pick up on my scent.
June 5th, 2005, 04:16 AM
treanglin

Thank you all of you guys for helping out. I shutdown the service because I didn't need it and I've decided to start using Snort. I've learned quite a bit from this expericence and you all have contributed significantly toward that learning.
June 5th, 2005, 05:37 AM
wildred

Seems like Gore *may* have done some B n E stuff before :) Scary
Or maybe too much CSI Miami lol
June 5th, 2005, 04:40 PM
gore

I don't watch TV.
June 5th, 2005, 07:24 PM
unhappy

Not to rain on your parade... based on your profile I conclude that you are not maddox, therefore you might wanna replace his face in your avatar. just a suggestion...

http://maddox.xmission.com/

as far as your logs go...

It's a good thing you learned from this, but it's nothing new... just a batch job of cgi attacks

Show 40 post(s) from this thread on one page