Re: IIS Hack Attempt

Jeff Giuliano Mon, 19 Nov 2001 09:35:43 -0800

That's Nimda:

http://www.cert.org/advisories/CA-2001-26.html


-Jeff

Ryan Ratkiewicz wrote:
> 
> Can someone help me decipher this?
> 
> 11:30:48 207.217.205.149 GET /scripts/root.exe 404
> 11:30:48 207.217.205.149 GET /MSADC/root.exe 404
> 11:30:49 207.217.205.149 GET /c/winnt/system32/cmd.exe 404
> 11:30:49 207.217.205.149 GET /d/winnt/system32/cmd.exe 404
> 11:30:49 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500
> 11:30:49 207.217.205.149 GET
> /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
> 11:30:50 207.217.205.149 GET
> /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe 404
> 11:30:50 207.217.205.149 GET
> /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe
> 500
> 11:30:50 207.217.205.149 GET /scripts/..Á../winnt/system32/cmd.exe 500
> 11:30:50 207.217.205.149 GET /scripts/winnt/system32/cmd.exe 404
> 11:30:51 207.217.205.149 GET /winnt/system32/cmd.exe 404
> 11:30:51 207.217.205.149 GET /winnt/system32/cmd.exe 404
> 11:30:51 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500
> 11:30:51 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500
> 11:30:52 207.217.205.149 GET /scripts/..%5c../winnt/system32/cmd.exe 500
> 11:30:52 207.217.205.149 GET /scripts/..%2f../winnt/system32/cmd.exe 500
> 
> Thanks.
> 
>

Re: IIS Hack Attempt

Reply via email to