Advertisement
Home
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Polls
Should Zone-H continue mirroring defacements? (floods will be purged)
 
Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
ZONE-H In Numbers
 News: 14559
 Advisories: 11
 Managers: 1
 Administrators: 1
 Operators: 3
 Super Administrators: 3
 Registered Users: 38263
 Downloadable Files: 3888
 Digital Attacks: 2981160
 Attacks On Hold: 917
 Online Users: 65
Syndicate
Visitors' Map
Highlight on most recent attacks
jiefanglu.gov.cn/zkn.txt by ZoRRoKiN       ytjj.gov.cn/zkn.txt by ZoRRoKiN       bislig.gov.ph by Ashiyane Digital Security Team       prefeiturajoseraydan.com.br by Fatal Error       semag.taquarussu.ms.gov.br by Fatal Error       pmsaltodolontra.com.br by Fatal Error       cmirituia.com.br by Fatal Error       pmriobrancodoivai.com.br by Fatal Error       prefeituraborrazopolis.com.br by Fatal Error       pmcurionopolis.com.br by Fatal Error       
Latest advisories
Latest on Digital Warfare
Latest on Geopolitics
The Microsoft France incident: IIS 6.0 bug or not? How it happened... and why PDF Print E-mail
User Rating: / 118
PoorBest 
Written by R. Preatoni - D. Werner   
Tuesday, 20 June 2006

After yesterday's incident where a Microsoft France website was hacked and defaced by a Turkish cracker going by the handle of TIThack, Zone-H investigated a bit and contacted the cracker and asked to detail the intrusion methodology [the cracker originally reported  a generic "web server intrusion"].

So, are we looking at a new win2k3 / IIS 6.0 0day exploit here?

The attacker revealed that he exploited a .net script 0day vulnerability after discovering that expert.microsoft.fr had installed and was running a vulnerable .net nuke script.

This hole allowed the attacker to gain the same rights as the script, and that was enough to to upload a FSO script, a kind of shell used by the attacker to create a new folder and upload the defacemernt. 

When asked what his motivation was, the cracker indicated that he was frustrated at a Microsoft XP upgrade that broke his system and hence was looking for revenge.

Who's fault is this? Clearly it is Microsoft's, who should have explicit rules about what software is allowed to be installed on corporate assets, especialy on a mission critical Internet facing servers. Obviously checks and balances across the corporate enterprise were not in effect here and we are sure this will result in a full audit of Microsoft's worldwide Internet presence. 

While this attack is not the feared 0day IIS 6.0 attack, we can not rule out that the large increase in win2k3 / iis6 attacks is due to an as yet unknown vector. Zone-h has always stressed that the most secure systems can be compromised because of unauthorised installation of non-approved software and web applications.


Comments Index (Total Messages: 7)
Script kiddie breaks own system LOL Written by Guest on 2006-06-20 16:20:06
DRacula3011 Written by Guest on 2006-06-20 17:30:06
Re: Script kiddie breaks own system LOL Written by Guest on 2006-06-24 09:16:50
Re:Script kiddie breaks own system LOL Written by Guest on 2006-06-25 01:22:36
oh no Written by Guest on 2006-06-20 16:17:38
Re: oh no Written by Guest on 2006-06-20 17:29:55
Re: Re: oh no Written by Guest on 2006-06-23 09:30:32

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!