Security Basics mailing list archives
re: got hit with iiscrack, trying to learn how it was done
From: H C <keydet89 () yahoo com>
Date: Fri, 8 Nov 2002 04:19:05 -0800 (PST)
Jeff,
how did the cmd file get there in the first place,
and
how was it executed?
Did you happen to check your IIS logs? I've looked again, and there isn't anyplace in your post where you mention doing this? It's kind of late now, but if I were you, I would have preserved the MAC times on the CMD file, and then compared that to the IIS logs of about the same date.
b) i think that the iis priv escalation vuln is what allows the iiscrack.dll/httpodbc.dll backdoor to do its stuff (control the pc) but is that vuln also the
hole that allowed the hacker to get that cmd file on
there, which in turn started the ftp session? I am definitely missing something here!
Maybe just your IIS logs. Regarding your anti-virus question...who knows? You really haven't provided complete information in your post, and any answers you receive will most likely be speculation. I'd suggest to you that some training might be appropriate: http://www.megamind.org/TRAIN/forwin2000.html If the dates and locations of the listed training aren't convenient, let me know. HTH __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2
Current thread:
- got hit with iiscrack, trying to learn how it was done jeffrey mergler (Nov 07)
- <Possible follow-ups>
- re: got hit with iiscrack, trying to learn how it was done H C (Nov 09)