Trolling for IIS holes

Way back in 1999, I had the responsibility of administering an IIS web server. It was a nightmare. This particular server was on a military base, and as you might expect, we were very sensitive to security. I remember constantly applying patches to fix holes…NTBugtraq was my constant companion. This morning I had a flash-back while looking at my 404 logs.

Code 404 Not Found Requests

    Hits Sessions     Bytes sent | URL
--------------------------------------------------------------------------------------------------
       2        0            464 | /scripts/..%5c../winnt/system32/cmd.exe
       1        0            265 | /msadc/..%5c../..%5c../..%5c/..^^\../..^^\../..^^\../winnt/
                                       system32/cmd.exe
       1        0            218 | /c/winnt/system32/cmd.exe
       1        0            208 | /MSADC/root.exe
       1        0            218 | /d/winnt/system32/cmd.exe
       1        0            231 | /scripts/..^
       1        1            210 | /scripts/root.exe
       1        0            249 | /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
       1        0            249 | /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe
       1        0            232 | /scripts/..%2f../winnt/system32/cmd.exe
       1        0            231 | /scripts/..^^Ü../winnt/system32/cmd.exe
       1        0            231 | /scripts/..^^\../winnt/system32/cmd.exe

July 08th 2004 Posted to Technology

Comments are closed.