Security Incidents mailing list archives
Re: Some details in a recent NT hack we encountered
From: Gossi The Dog <gossi () OWNED LAB6 COM>
Date: Wed, 28 Feb 2001 21:48:23 +0000
On Sat, 24 Feb 2001, Ron Grove wrote:
Hello, Just wanted to share some of the footprints of a hack that we had on a
<snip> Ok, three points here. First off, the IIS unicode exploit does not give you SYSTEM or Administrator privs. So how are they getting those (they'll need them to make those dirs and set permissions etc). Secondly, what program is generating those WinLogon logs? Not seen that before at all, very interesting. Thirdly, could this be a worm? If it is, erm, eek. Regards, Gossi.
Current thread:
- Some details in a recent NT hack we encountered Ron Grove (Feb 24)
- Re: Some details in a recent NT hack we encountered Gossi The Dog (Feb 24)
- <Possible follow-ups>
- Re: Some details in a recent NT hack we encountered Matt Scarborough (Feb 25)
- Re: Some details in a recent NT hack we encountered Gossi The Dog (Feb 26)
- Re: Some details in a recent NT hack we encountered Matt Scarborough (Feb 25)
- Re: Some details in a recent NT hack we encountered Ron Grove (Feb 25)
- Re: Some details in a recent NT hack we encountered Matt Scarborough (Feb 26)
- Re: Some details in a recent NT hack we encountered Matt Scarborough (Feb 27)
- Re: Some details in a recent NT hack we encountered Gossi The Dog (Feb 28)