Security Incidents mailing list archives
RE: We Are Past Your Firewall...
From: "Corey Snipes" <corey.snipes () xor com>
Date: Tue, 5 Feb 2002 14:38:48 -0700
An NT/2K machine that has been compromised with the "root.exe" could be made to send this message to another box (or to itself), using a fairly straightforward url in a browser: http://[host]/scripts/root.exe?/net+send+localhost+hello+dave I believe something along those lines will do it. - Corey Snipes Programmer, XOR Inc.
-----Original Message----- From: raymond simon [mailto:desperate_straights () yahoo com] Sent: Tuesday, February 05, 2002 1:55 PM To: incidents () securityfocus com Subject: We Are Past Your Firewall... A friend of a friend sent a screenprint of a popup he received when connecting to a network share. The text reads (Sanitized): Messenger Service Message from MACHINE1 to MACHINE2 at TIME We are past your firewall and can see you are on as your administrator. Are you concerned? (I would be) Anyone recognize this? __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- We Are Past Your Firewall... raymond simon (Feb 05)
- RE: We Are Past Your Firewall... Corey Snipes (Feb 05)
- Re: We Are Past Your Firewall...Thanks for the responses raymond simon (Feb 06)
- <Possible follow-ups>
- RE: We Are Past Your Firewall... McCammon, Keith (Feb 05)