|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Joshua Dodds (jdodds
bevelander.nl)Date: Fri May 11 2001 - 04:04:31 CDT
>
>It's out there. I've seen logs indicating the attacker put a "root.exe" file
>on the IIS5 host and then were able to issue a command to run this file via
>the overflow. I don't have any more specific information on the contents of
>the root.exe file or the exact script used, etc. at this time.
root.exe is just cmd.exe copied to root.exe! doh!
-jd
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]