Hello, I ran this plugin and received the following:
DETAILS:
> One or more copies of the Windows command interpreter were found, it
> can be used to execute arbitrary commands on this server through the
> web.
>
>
>
> Details:
> cmd.exe - /logfiles/cmd.exe
> cmd.exe - /logfiles/root.exe
> cmd.exe - /logfiles/bin.exe
> cmd.exe - /logfiles/shell.exe
> cmd.exe - /logfiles/hack.exe
> cmd.exe - /logfiles/1.exe
> cmd.exe - /logfiles/2.exe
> cmd.exe - /logfiles/3.exe
> cmd.exe - /logfiles/4.exe
> cmd.exe - /logfiles/stromake.exe
> cmd.exe - /logfiles/superlol.exe
> cmd.exe - /logfiles/cmd1.exe
> cmd.exe - /scripts/cmd.exe
> cmd.exe - /scripts/root.exe
> cmd.exe - /scripts/bin.exe
> cmd.exe - /scripts/shell.exe
> cmd.exe - /scripts/hack.exe
> cmd.exe - /scripts/1.exe
> cmd.exe - /scripts/2.exe
> cmd.exe - /scripts/3.exe
> cmd.exe - /scripts/4.exe
> cmd.exe - /scripts/stromake.exe
> cmd.exe - /scripts/superlol.exe
> cmd.exe - /scripts/cmd1.exe
However it turns out that this is a false positive because the plugin is
looking for the string "Windows" to signal a positive.
the "forbidden" page that is served up contained the following lines:
(it found "charset=Windows-1252")
....etc.....
<title>You are not authorized to view this page</title>
<meta HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252">
</head>
...etc.....
I modified the script to search for "Microsoft Corp." and it stopped reporting.
Hope this helps.
eliot
- Report Request Chuck Fullerton
- Re: Report Request Michael Katz
- RE: Report Request Chuck Fullerton
