NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Incidents> 2001-04

From: antoine Bour (antoine.bourPAR.SITA.INT)
Date: Mon Apr 23 2001 - 03:18:21 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi
I thing that this file is a copy of cmd.exe.
The methodology used by kids to deface NT web sites is to use the unicode
exploit, to do a copy of cmd.exe in the directory scripts or other
executable directory before defacing the site. So even you patch the unicode
bug, they can continue defacing your site.
regards

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTSSECURITYFOCUS.COM]On
Behalf Of Ovanes Manucharyan
Sent: vendredi 20 avril 2001 09:39
To: INCIDENTSSECURITYFOCUS.COM
Subject: shell.exe

Anyone know what this program does..

Is there such a backdoor? It was found on a hacked Windows NT machine.

Ovanes

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]