Solution --> Help, hacker left files that I can't delete.

From: Brian Cidern (brian.cidern@noemail.please)
Date: 11/08/02


From: "Brian Cidern" <brian.cidern@noemail.please>
Date: Fri, 8 Nov 2002 09:53:36 -0800


I've had something like this happen to before.
Command line FTP exposes this little hole in Win2k that
allows you to use illegal characters if file/folder names.
I don't know how it effects other OS's.

While in an FTP session and you have Write permissions,
you can issue: mkd "com1/ ."

This will create a directory that Windows will see
as "com1". But when you try to do anything to it, you are
prevented from doing so, because the actual name of the
directory is "com1/ ." and this makes Windows choke on it.

To delete this, you can do a couple things. If you can't
change permissions on it, try renaming it. To do that, use
the commandline wildcard "*". ie. RENAME com1* com1
Assuming it's the only folder that matches that pattern.

If, however, you have a problem of multiple (legitimate)
folders that fall within that pattern, you'll need to
trace through your FTP logs and look for the creation of
that folder. In the above example, you'll see: mkd com1/+.

Thus, exposing the pattern used to create the folder. Just
replace the "+" with a space and viola. But... You can't
rename the folder via Windows. You'll need to log in via
FTP and issue:
FTP:> CD "com1/ ."
FTP:> RM *
FTP:> CD ..
FTP:> RMDIR "com1/ ."

Hope this fixes ya up..
Brian

>-----Original Message-----
>Our SQL 2000 was hacked. The hacker dump about 8gig of
>data on our server. When we tried to delete the
>directories, folders and files we get an error message,
>access denied. I logged onto the SQL as the admin. Is
>there anyway I can reset the admin permission. Any way to
>delete these folders? What can I do to delete these
>folders?
>Any help would be great.
>They gaind access through our FTP server.
>Thank you.
>.
>