mailing list archives
re: got hit with iiscrack, trying to learn how it was done
From: H C <keydet89 () yahoo com>
Date: Fri, 8 Nov 2002 04:19:05 -0800 (PST)
how did the cmd file get there in the first place,
how was it executed?
Did you happen to check your IIS logs? I've looked
again, and there isn't anyplace in your post where you
mention doing this? It's kind of late now, but if I
were you, I would have preserved the MAC times on the
CMD file, and then compared that to the IIS logs of
about the same date.
b) i think that the iis priv escalation vuln is what
allows the iiscrack.dll/httpodbc.dll backdoor to do
its stuff (control the pc) but is that vuln also the
hole that allowed the hacker to get that cmd file on
there, which in turn started the ftp session? I am
definitely missing something here!
Maybe just your IIS logs.
Regarding your anti-virus question...who knows? You
really haven't provided complete information in your
post, and any answers you receive will most likely be
I'd suggest to you that some training might be
If the dates and locations of the listed training
aren't convenient, let me know.
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos