Welcome to WebmasterWorld Guest from 50.19.156.133

Forum Moderators: phranque

Message Too Old, No Replies

Random 404 Requests...

...what the heck were they thinking?

     

mivox

8:57 pm on Apr 11, 2001 (gmt 0)

WebmasterWorld Senior Member mivox is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Here are two incredibly random page requests that popped up in my 404 logs... anyone have *any* idea what these people were thinking?

/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir

/+37460+h+44

evinrude

12:26 am on Apr 12, 2001 (gmt 0)

10+ Year Member



Looks like an attempt to see if they could run cmd.exe on your server. In otherwords, a hack attempt. :) Isn't that special. At least the first one. The second one looks like output of a query.

In the first attempt, it looks like they were trying to run the application cmd.exe to get a listing of your directory. An example and explination can be found here:
[securiteam.com...]
and here:
[packetstorm.securify.com...]

--Edited to add--
Probably a better site:
[securityfocus.com...]

Explains the UNICODE errors in more detail.

mivox

12:41 am on Apr 12, 2001 (gmt 0)

WebmasterWorld Senior Member mivox is a WebmasterWorld Top Contributor of All Time 10+ Year Member



In the first attempt, it looks like they were trying to run the application cmd.exe

LOL... How sweet. I figured it was *something* like that, with the .exe suffix and all, but what are the odds of an .exe anything being installed on a Linux webserver? ;)

evinrude

12:45 am on Apr 12, 2001 (gmt 0)

10+ Year Member



Heh, probably just some script-kiddie tryin' to run it on whatever server s/he could find. :) Wouldn't be hard to write somethin' that scanned for webservers in an address block and tried various exploits.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month