Home page logo
/

basics logo Security Basics mailing list archives

re: got hit with iiscrack, trying to learn how it was done
From: H C <keydet89 () yahoo com>
Date: Fri, 8 Nov 2002 04:19:05 -0800 (PST)

Jeff,

how did the cmd file get there in the first place,
and 
how was it executed?

Did you happen to check your IIS logs?  I've looked
again, and there isn't anyplace in your post where you
mention doing this?  It's kind of late now, but if I
were you, I would have preserved the MAC times on the
CMD file, and then compared that to the IIS logs of
about the same date.

b) i think that the iis priv escalation vuln is what
allows the iiscrack.dll/httpodbc.dll backdoor to do 
its stuff (control the pc) but is that vuln also the

hole that allowed the hacker to get that cmd file on

there, which in turn started the ftp session?  I am 
definitely missing something here!

Maybe just your IIS logs.

Regarding your anti-virus question...who knows?  You
really haven't provided complete information in your
post, and any answers you receive will most likely be
speculation.  

I'd suggest to you that some training might be
appropriate:

http://www.megamind.org/TRAIN/forwin2000.html

If the dates and locations of the listed training
aren't convenient, let me know.

HTH

 



__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]