Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
The typical try it all approch (web logs)
Posted by: id
Date: September 21, 2006 07:40PM

I'm sure most webmaster see this all the time, but it might be educational to some of you that might not regularly see attacks.

See them here:
http://sla.ckers.org/files/213.208.177.18.txt

bonus points if you can name the tool used.

In the end it was the ospf types he was looking for...guess we all hax for different reasons...

-id

Options: ReplyQuote
Re: The typical try it all approch (web logs)
Posted by: WhiteAcid
Date: September 21, 2006 08:04PM

While I get that too, you get a crap load more.
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\\
Who the hell is still vulnerable to that?

I have no idea what tool was used, how would I know? The UA doesn't say much and no way do I know the tools by what files they scan for.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: The typical try it all approch (web logs)
Posted by: rsnake
Date: October 03, 2006 05:19PM

If you're looking for today's random hacking attempt failure check this out:

http://ha.ckers.org/files/dos.txt

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: The typical try it all approch (web logs)
Posted by: jungsonn
Date: November 13, 2006 05:53AM

@whiteAcid

Often i get many of these attempts, i looked them up and found that most of them are still from a virus back in 2002 (yes still actively scanning from other infected servers) pretty harmless most of them, but it's still out there and not dead.

Options: ReplyQuote
Re: The typical try it all approch (web logs)
Posted by: rsnake
Date: November 13, 2006 10:13AM

A number of times friends (non security types) have asked me to take a look at their server or their friend's server for issues. It's not uncommon for me to do a quick nmap and find about 10 more open ports than there should be. They had left the server on for years and never patched it. Those servers were just so laiden with rootkits and issues of all sorts, it was ridiculous. "Time to re-install."

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: The typical try it all approch (web logs)
Posted by: jungsonn
Date: November 13, 2006 11:01AM

I'm happy that i'm not running servers for anyone, my own site is a pure virtual account (2 accounts different hosts), and has nothing on it other then my html/php site and some test folders with alot of crap, and that's the way i want it to stay. If one wanna deface/hack something, i care less. i just spit on my hoster, and i go switch DNS and i'm back.

I had a hosting company once, but's a pure headache to maintain. :-}

Options: ReplyQuote


Sorry, only registered users may post in this forum.