Security Incidents mailing list archives
Re: IIS Directory traversal vulnerability
From: Lee Evans <lee () vital co uk>
Date: Thu, 26 Jul 2001 09:25:27 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Firstly, thank you all for your advice. I have spent the last day or so pulling my system and it's logs apart, but I am not particularly an expert in this field, this is what seems to be happening: 1) the attacker accesses cmd.exe, and runs 'dir' on all the drives. 2) the attacker copies cmd.exe to /scripts/winshell.exe (although he never seems to access this winshell.exe 3) the attacker uses cmd.exe to ftp hd.exe & dr.exe onto the box 4) the attacker accesses hd.exe, which seems to take arguments of files to be deleted. 5) hd.exe deletes data from harddrive 6) the lamer's AOL account disconnects, and we never here from him again :) I will endeavour to post the IIS logs shortly. Many thanks for any further advice. Regards Lee - -- Lee Evans Vital Online Ltd This message is intended only for the use of the person(s) ("The intended recipient(s)") to whom it is addressed. It may contain information which is privileged and confidential within the meaning of applicable law. If you are not the intended recipient, please contact the sender as soon as possible. The views expressed in this communication may not necessarily be the views held by Vital Online Ltd. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7X9P6htUFQXeFbZYRAuY9AJ4izKvsh2XOJlRcFIpALjB1WmkQKwCeLTyN Fhs+W4tA0ahjMH7Iws4dEZw= =frq9 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- IIS Directory traversal vulnerability Lee Evans (Jul 25)
- Re: IIS Directory traversal vulnerability Joe Smith (Jul 25)
- Re: IIS Directory traversal vulnerability Jordan K Wiens (Jul 25)
- Re: IIS Directory traversal vulnerability Jon Zobrist (Jul 25)
- RE: IIS Directory traversal vulnerability Bryan Allerdice (Jul 25)
- Re: IIS Directory traversal vulnerability Lee Evans (Jul 26)
- <Possible follow-ups>
- Re: IIS Directory traversal vulnerability Reverend Lola (Jul 25)
- Re: IIS Directory traversal vulnerability Joe Smith (Jul 25)