Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IIS web server hacked..any tips?

from [Sam Evans] Network Security [Permanent Link]
Subject: Re: IIS web server hacked..any tips?
Date: Wed, 15 Dec 2004 12:34:09 -0700 
Could the individual have used a privileged account which would have
allowed them to drop the files in the location you found them in? 
Brute forcing accounts through FTP is fairly non evasive (if you have
security event logging disabled / nothing moitoring it and no lockout
restrictions).

Out of curiosity, what is/was the owner set to on the files you found?
 That should be a good clue as to how they got there.

-Sam


On Wed, 15 Dec 2004 08:23:40 -0800, Francesco <francesco@blackcoil.com> wrote:

I have a Windows 2003 Server running IIS 6, SQL Server 2000, MailEnable,
and ASP.NET 1.1.  WWW and FTP are enabled, but restricted by IP.  FTP is
additionally protected by authentication.

Yesterday someone managed to access the server and dump 8GB of DVD files
into a deeply nested folder in a backup directory, for sharing I
presume.  The payload folder was NOT within the available folders given
access to FTP users.  Someone was able to "see" the entire D drive and
figure out a hidden enough location at their whimsy.

I thought the server was fairly well locked down, but apparently not.
What is the usual method of intrusion for "warez" attacks like these?

Francesco
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IIS web server hacked..any tips?, Gary Nichols
Next by Date:  RE: IIS web server hacked..any tips?, Christopher Day
Previous by Thread:  RE: IIS web server hacked..any tips?, Curt Purdy
Next by Thread:  RE: IIS web server hacked..any tips?, Christopher Day
Indexes:  [Date] [Thread] [Top] [All Lists]