Security Incidents mailing list archives
Re: Script I haven't seen? Or human directed?
From: "Scott C. Kennedy" <sck () infosyscorp com>
Date: Thu, 07 Nov 2002 10:07:14 -0800
It's a perl script called IIS_PROMISC by Alexandre de Abreu availabel at http://online.securityfocus.com/tools/2060
And mentioned in http://lists.insecure.org/incidents/2001/Jul/0014.html Scott Keith T. Morgan wrote:
We recieved several "code red" style probes for cmd.exe and the like. The probes used the typical method of searching for all default IIS +execute permissioned directories. However, some of the details of the GET requests, I haven't seen before today. Here's an example GET. http://216.12.96.114/scripts/boo.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C.%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+echo+MinhaNossaSenhoraDoPerpetuoSocorro I haven't seen requests for a boo.bat. I also haven't seen this particular echo command that was common to all of the requests for cmd.exe. Every one of them attempted to echo "MinhaNossaSenhoraDoPerpetuoSocorro" Some new script? Has anyone else seen these? ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
-- Scott C. Kennedy Lead Security Architect/ Director of Security Infosys Corporation Work: (877) 772-2347 PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE27C1102 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service.For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Script I haven't seen? Or human directed? Keith T. Morgan (Nov 07)
- RE: Script I haven't seen? Or human directed? James C Slora Jr (Nov 07)
- Re: Script I haven't seen? Or human directed? Scott C. Kennedy (Nov 07)
- <Possible follow-ups>
- Re: Script I haven't seen? Or human directed? Stephen Friedl (Nov 07)