Security Incidents mailing list archives

Re: Win2k hack attempt

From: Nexus <nexus () PATROL I-WAY CO UK>
Date: Sun, 31 Dec 2000 14:08:07 -0000

Looks a lot like RFP's RDS exploit, using the msadc2.pl script or very similar.
Details of that are at http://www.wiretrip.net/rfp/p/doc.asp?id=1&iface=2
Even if it is not, it is obviously a classic 'echo we are leet > index.htm' style
lame defacement, so chances are  they are not particularly skilled.

Regards,
            JJ
  ----- Original Message ----- 
  From: Guy Geva 
  To: INCIDENTS () SECURITYFOCUS COM 
  Sent: Saturday, December 30, 2000 10:52 AM
  Subject: Win2k hack attempt

  Hi list,

  Please give your opinion its a bit wierd...
  Hacking attempt on my win2k server, please try to tell me what is wrong with my
  system what is the hacking method taken ? and any other useful information will be great.
  I patched myself with all the patches available.

  the log is attached.

Current thread:

Win2k hack attempt Guy Geva (Dec 30)
- Re: Win2k hack attempt Blake R. Swopes (Dec 30)
- Re: Win2k hack attempt Nexus (Dec 31)