Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IIS web server hacked..any tips?

from [Roger McLaren] Network Security [Permanent Link]
Subject: Re: IIS web server hacked..any tips?
Date: Wed, 15 Dec 2004 13:32:23 -0800 
Francesco,

Any of the software you listed could be used to gain access to your
server.  Even the MailEnable software has had remotely exploitable
buffer overflows. You did not mention software versions, or if the
server was firewalled. If there is no firewall it could be a simple
password guessing attack. The compromise of a windows account with admin
rights or a SQL account with sufficient privilege would do it.

If you have enabled auditing go over the logs carefully to look for any
clues. Then wipe the machine and re-build it (or restore from a known
clean backup) and make sure you change ALL the passwords - you never
know what they did while they were there.

Roger R. McLaren
Systems Support Analyst
Information Technology Services
Ventura County Superintendent of Schools 


"Francesco" <francesco@blackcoil.com> 12/15/2004 8:23:40 AM >>>

I have a Windows 2003 Server running IIS 6, SQL Server 2000,
MailEnable,
and ASP.NET 1.1.  WWW and FTP are enabled, but restricted by IP.  FTP
is
additionally protected by authentication.

Yesterday someone managed to access the server and dump 8GB of DVD
files
into a deeply nested folder in a backup directory, for sharing I
presume.  The payload folder was NOT within the available folders
given
access to FTP users.  Someone was able to "see" the entire D drive and
figure out a hidden enough location at their whimsy.

I thought the server was fairly well locked down, but apparently not.
What is the usual method of intrusion for "warez" attacks like these?

Francesco
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IIS web server hacked..any tips?, Tim Igoe
Next by Date:  Re: IIS web server hacked..any tips?, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Previous by Thread:  RE: IIS web server hacked..any tips?, Gary Nichols
Next by Thread:  RE: IIS web server hacked..any tips?, Adrian Marsden
Indexes:  [Date] [Thread] [Top] [All Lists]