pravdepodobne pokus o hack...

Pondělí Leden 15 16:15:38 CET 2001

To je nejspis skenovaci programek http://www.nessus.org/

> Sent: Monday, January 15, 2001 3:48 PM
>
> Dobry den,
> v logu serveru jsem nasel pokusy o pristup do adresare cgi-bin na
> nasledujici scripty:
> ...
> cgi-bin/view-source
> cgi-bin/php-cgi
> cgi-bin/handler
> cgi-bin/test-cgi
> cgi-bin/nph-test-cgi
> cgi-bin/phf                 <- tohle je myslim uz vousate :-)
> cgi-bin/phf.pp
> cgi-bin/phf.cgi
> cgi-bin/websendmail
> cgi-bin/environ.cgi
> cgi-bin/php.cgi
> cgi-bin/php
> cgi-bin/perl.exe
> cgi-bin/wwwboard.pl
> cgi-bin/www-sql
> cgi-bin/view-source
> cgi-bin/AT-admin.cgi
> cgi-bin/wwwadmin.pl
> cgi-bin/formmail.pl
> cgi-bin/sendform.cgi
> cgi-bin/maillist.pl
> iisadmpwd/achg.htr
> iisadmpwd/aexp.htr
> iisadmpwd/anot.htr
> msadc/Samples/SELECTOR/showcode.asp
> _AuthChangeUrl
> ....../autoexec.bat
> scripts/fpcount.exe
> scripts/cgimail.exe
> scripts/tools/newdsn.exe
> scripts/tools/getdrvs.exe
> cgi-bin/bnbform.cgi
> cgi-bin/survey.cgi
> domcfg.nsf/
> cgi-bin/count.cgi
> cgi-bin/guestbook.cgi
> cgi-bin/aglimpse
> cgi-bin/finger
> cgi-bin/jj
> cgi-bin/man.sh
> cgi-bin/webdist.cgi
> cgi-bin/wrap.cgi
> cgi-bin/handler.cgi
> cgi-bin/day5datacopier.cgi
> cgi-bin/day5datanotifier.cgi
> cgi-bin/pfdisplay.cgi
> perl/files.pl
> scripts/convert.bas
> cgi-bin/dumpenv.pl
> cgi-bin/upload.pl
> session/adminlogin
> cgi-bin/campas
> cgi-bin/textcounter.pl
> cgi-bin/view-source
> cgi-bin/webgais
> cgi-bin/htmlscript
> cgi-win/uploader.exe
> cgi-dos/args.cmd
> cgi-dos/args.bat
> cgi-bin/faxsurvey
> _vti_pvt/users.pwd
> _vti_pvt/administrators.pwd
> _vti_pvt/shtml.dll
> _vti_pvt/shtml.exe
> __vti_inf.html
> cfdocs/expelval/openfile.cfm
> cfdocs/expelval/exprcalc.cfm
> cfdocs/expelval/displayopenedfile.cfm
> cfdocs/expelval/sendmail.cfm
> search97.vts
> AdvWorks/equipment/catalog_type.asp
> ASPSamp/AdvWorks/equipment/catalog_type.asp
> cgi-bin/filemail.pl
> cgi-bin/info2www
> cgi-bin/finger
> cgi-bin/AnyForm2
> cgi-bin/classifieds.cgi
> carbo.dll
> cgi-bin/fpexplore.exe
> cgi-bin/whois_raw.cgi
> scripts/counter.exe
> cgi-bin/responder.cgi
> cgi-bin/wguest.exe
> cgi-bin/rguest.exe
> scripts/no-such-file.pl
> scripts/iisadmin/ism.dll
> samples/search/queryhit.htm
> scripts/samples/search/webhits.exe
> domcfg.nsf/
> cgi-shl/win-c-sample.exe
> default.asp::$DATA
> server logfile
> cgi-bin/tigvote.cgi
> cgi-bin/webutils.pl
> blabla.idc
> blabla.idq
> blabla.ida
> blabla.idw
> msadc/msadcs.dll
> global.asa+.htr
> db/spn.mdb
> null.htw
> _vti_pvt/service.pwd
> samples/search/queryhit.htm
> data/db_asp_content.mdb
> adredir.asp
> redirect.asp
> cgi-bin/cached_feed.cgi
> password.txt
> scripts/..ŔŻ../winnt/system32/cmd.exe
> default.asp/a.exe/..ŔŻ../winnt/system32/cmd.exe
> scripts/..Áś../winnt/system32/cmd.exe
> default.asp~
> index.asp~
> index.php~
> index.php3~
> scripts/counter.exe
> adsamples/config/site.csc
> admin/auth.adduser.html
> stationmanager/lariat/server/config/stnmng.cfg
> cfdocs/exampleapp/docs/sourcewindow.cfm
> scripts/iisadmin/ism.dll
> W3SVC/1/ROOT/_vti_bin/_vti_adm
> W3SVC/
> iisadmin/
> _vti_bin/shtml.exe
> cgi-bin/bnbform.cgi
> default.asp
> default.asp.old
> default.old
> index.php.old
> index.asp.old
> index.old
> index.as_
> index.ph_
> index.php_
> default.as_
> index.php3.old
> cgi-bin/aglimpse
> cgi/
> cgi-bin/AT-generate.cgi
> secure/.htaccess
> secure/.wwwacl
> perl/files.pl
> inc/
> index.php
> index.php3
> default.asp
> global.asa?+.h
> ...
> Posilam to jako zajimavost, treba se to bude nekomu hodit. Cele to
> probehlo asi behem 10 sekund,
> takze na to ten clovicek mel asi nejaky scriptik.
> Adresa ze ktere to slo je 212.71.128.29 -> www.webzdarma.cz <-
>
> Duda
>