Thread: Log
-
June 4th, 2002, 03:02 AM
#1
Log
I just got that book hackers Challenge and im on the french connection. I figured out what the hacker did but i dont know how it works. Now check out this log
03/03/2001 4:01 chewie.hacker.fr W3SVC1 WWW-2K WWW-2K.victim.com 80
GET /scripts/../../winnt/system32/cmd.exe / /c+dir+d: \ 200 747 484 31
www.victim.com Mozilla/4.0+(compamible; +MSIE+5.0; +Windows+98)
Now correct me if im wrong but what the hacker did was remotely open the cmd.exe program and got a remote shell. HOW THE HELL?
-
June 4th, 2002, 03:26 AM
#2
Cross browser scripting. I believe is what you call it. See the {GET} some people don't setup there webservers right so you can execute commands, and **** from a web browser. There are alot of Tutorials on it. One good piece of advise for webservers is change the C:/ letter to like f:\ or somthin that way stupid scripts like that won't work.
-
June 4th, 2002, 03:31 AM
#3
this only works on iis 4 and earlier and personal web server, they call it the doubledot exploit. he put himself in a directory that allows executables to run (scripts) then double dotted up to c:, into winnt/system32 and did a dir
in iis4/5 the same could be done using unicode:
GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\
and their are patches that have been out for quit some time for both.
i correct myself, personal web server dosnt have /scripts, but the double dot allows downloading of named files.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
June 4th, 2002, 03:37 AM
#4
-
June 4th, 2002, 03:37 AM
#5
so this attack was totally based on a browser?
-
June 4th, 2002, 03:42 AM
#6
this attack was based on M$ stupidity. a browser was used to exploit it.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
June 4th, 2002, 05:00 AM
#7
So the only way to execute this attack is via browser? or is there some lame script kiddie tool to do it for those losers?
-
June 4th, 2002, 03:27 PM
#8
There are always script kiddie tools. There are tools to attempt the attack on hundreads of machines at a time. That is actually how some of the mass defacements worked last year.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
June 4th, 2002, 05:17 PM
#9
so like distributed cross browser scripting attack tools?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|