On Mon, 09 Jun 2003 20:49:53 +0300 (EEST) LazCorp <[EMAIL PROTECTED]> wrote:
> цитирам Stefan Gurdev <[EMAIL PROTECTED]>: > > > Vurzan sum kum City Lan mreja. Prez nqkolko dni edin ot hostovete v > > mrejata neshto si igrae s men. Eto log faila na apache-to: > > > > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET ///quote.html > HTTP/1.0" > > 404 272 "-" "-" > > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET > > /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd% > 00 > > HTTP/1.0" 404 279 "-" "-" > > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "HEAD /cgi-bin/dcboard.cgi > > HTTP/1.0" 404 0 "-" "-" > > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET > > /cgi-bin/nph-maillist.pl HTTP/1.0" 404 283 "-" "-" > > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET > > /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd% > 00&action=view&matchview=1 > > HTTP/1.0" 404 280 "-" "-" > > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET > > /cgi-bin/ustorekeeper.pl? > command=goto&file=../../../../../../../../../../etc/passwd > > HTTP/1.0" 404 283 "-" "-" > > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "HEAD /cgi-bin/ikonboard/ > > HTTP/1.0" 404 0 "-" "-" > > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /foldoc/ HTTP/1.0" > 404 > > 0 "-" "-" > > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /cgi-bin/adcycle/ > > HTTP/1.0" 404 0 "-" "-" > > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "GET > > /cgi-bin/store.cgi?StartID=../etc/passwd%00.html HTTP/1.0" 404 277 "-" > > "-" > > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /cgi- > bin/bbs_forum.cgi > > HTTP/1.0" 404 0 "-" "-" > > > > > > Predpolagam hosta 192.168.1.3 e zarazen s nqkakuv virus, no vse pak > nqkoi > > imal li e podoen problem s tova neshto. Vuzmojno li e tova da e exploit > > ili neshto ot tozi sort!!! > > > > Blagodarq predvaritelno!!! > > > > P.S: Znam che nivoto v tozi mail group e mnogo visoko. Tozi posting moje > > bi ne e za tuk, pisah v nqkoi forumi no taka i ne poluchih kompetenten > > otgovor! > > > > S uvajenie, Stefan! > > > > /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00 > /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd% > 00&action=view&matchview=1 > /cgi-bin/ustorekeeper.pl? > command=goto&file=../../../../../../../../../../etc/passwd > > Potrebitelq ot tozi host se opitwa da hakne Apache-to ti > Nqma kakwo da se symnqwash w towa!!! > Prawi opiti s s powecheto izwestni bygowe na Apache. > ../../../../../../../../../../../../ - s towa se podsiurqwa che shte > otide w glawnata papka / > posle utiwa e /etc/passwd i se opitwa da iwede parolite ti /etc/passwd? paroli? horata ot godini polzvat shadow prijateliu. > chesno kazano towa e edin ot nai naludnichawite nachini za hakwane... naludnichav? tova bi bilo standarten brute force. Nishto naludnichavo njama.dumb e dumata ;-) za > da ti dekriptira pass (oswen ako ti ne si slojil nqkoq smeshna parola) > ili da izpolzwa baza danni ot kriptirani pasowe i da srywnqwa..mislq che > wseki znae za tezi programki :) > mislq che ako si slagash dobri stabilni pasowe na mashinata nqma da > imash nikakwi problemi nito da se pritesnqwash ot podobni nachinaniq. Spored men *trjabva* da se pritesnjavame/te ... problemite s directory traversing ne vodjat samo do "naludnichavo crackvane". "One shell eq one root" Po-dobre si drysh up-to-date apache-to, otkolkoto da: > i wse pak mojesh da adnesh edno prawilo wyw firewall-a si da dropish > zaqwkite ot tozi kompiutar :))))) IP-tata se menjat, skanirashtite ne izchezvat...reshavaite po-principno neshtata plz. P.S: ne vjarvam da e virus ;-) > Играй и спечели Автомобилен Салон София 2003 - http://auto.dir.bg Otkoga mechtaja da go spechelja toja celijat salon ;-))) > ------------------------------------------------------------------- > Направи си адрес в mail.bG - http://mail.bg/new/ > > ============================================================================ > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora > To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > ============================================================================ -- "Life is short - pray hard." Man is certainly stark mad: He cannot make a flea, yet he makes gods by the dozens. - Montaigne -------------------------------------------------------- Public PGP key at: http://www.fadata.bg/pgp/micropgp.asc --------------------------------------------------------
pgp00000.pgp
Description: PGP signature