问题描述
我最近问了这个问题:尝试利用?
但是当我更多地检查日志时,我发现他们一直在做更多的事情,我觉得需要一个新问题来涵盖所有这些.
But as I checked the logs some more I found out that they've been doing some more stuff and I felt that it would need a new question to cover them all.
首先,我的日志有几万个今天的日志.每分钟肯定有几千个请求.
First of all, my log has a couple of thousant logs from today. There must've been a couple of thousand requests per minut.
问题 1:记录的 IP 是我们的主机 IP.他们怎么可能欺骗了这一点,或者黑客企图是通过受感染的计算机从他们的网络内部发起的?
Question 1:The logged IP was our hosts IP. How could they've spoofed this or did the hacking attempt come from inside their network via an infected computer?
问题 2:我记录了一个错误:
状态信息无效此页面可能已损坏.
这个记录的路径是:
OurURL/?ctl00$ctl00$ctrlheadermenu$ctrlsearchbox$btnsearch=sã¶k&ctl00$ctl00$cp
此外,我在堆栈跟踪中发现了这一点:
Also, I found this in the stack trace:
输入不是有效的 Base-64 字符串,因为它包含非 Base-64字符,两个以上的填充字符或非空格填充中的字符字符.
他们想用这个做什么?
问题 3:我还发现了对此页面的请求.他们试图在哪里列出我们的内容?
Question 3:I also found a request to this page. Where they trying to list our content?
OurURL/nessus=<!--#exec cmd="dir"-->
问题 4:还有一个请求 thirl,我发现这是一个 SQL 注入尝试.有没有办法检查他们做了什么?如果它成功了,它会做什么?
Question 4:There was also a request to thirl, which I found to be an attempted SQL-injection. Is there a way to check what they did? And what would it do if it was successful?
OurURL/webresource.axd?'%2bconvert(varchar%2c0x7b5d)%2b'=1
可能有几千个已记录的搜索和尝试过的网址不存在,但我无法在此处全部列出.
There's probably a couple of thousand logged searched and attempted urls that didn't exist but I can't list them all here.
推荐答案
答案 1:IP 地址可以被欺骗,但也有可能是受感染的内部计算机在执行此操作.
Answer 1: IP addresses can be spoofed, though it's also possible there's an infected internal computer doing this.
答案 2:如果这是一次攻击,那么攻击者似乎是在试图在您的 base64 解码器中找到漏洞.
Answer 2: It seems that if this is an attack, the attacker was trying to find vulnerabilities in your base64 decoder.
答案 3:是的,他们试图使用 dir 命令获取目录列表.
Answer 3: Yes, they were trying to get a directory listing with the dir command.
答案 4: 攻击者可能一直在尝试测试查询变量名称是否直接在 SQL 查询中使用,而没有进行清理.测试本身没有害处.
Answer 4: The attacker may have been trying to test if query variable names were used directly in SQL queries, without sanitisation. The test by itself does no harm.
这篇关于黑客尝试,他们试图做什么,我如何检查他们是否成功?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!