Solution --> Help, hacker left files that I can't delete.

From: Brian Cidern (brian.cidern@noemail.please)
Date: 11/08/02


From: "Brian Cidern" <brian.cidern@noemail.please>
Date: Fri, 8 Nov 2002 09:53:36 -0800


I've had something like this happen to before.
Command line FTP exposes this little hole in Win2k that
allows you to use illegal characters if file/folder names.
I don't know how it effects other OS's.

While in an FTP session and you have Write permissions,
you can issue: mkd "com1/ ."

This will create a directory that Windows will see
as "com1". But when you try to do anything to it, you are
prevented from doing so, because the actual name of the
directory is "com1/ ." and this makes Windows choke on it.

To delete this, you can do a couple things. If you can't
change permissions on it, try renaming it. To do that, use
the commandline wildcard "*". ie. RENAME com1* com1
Assuming it's the only folder that matches that pattern.

If, however, you have a problem of multiple (legitimate)
folders that fall within that pattern, you'll need to
trace through your FTP logs and look for the creation of
that folder. In the above example, you'll see: mkd com1/+.

Thus, exposing the pattern used to create the folder. Just
replace the "+" with a space and viola. But... You can't
rename the folder via Windows. You'll need to log in via
FTP and issue:
FTP:> CD "com1/ ."
FTP:> RM *
FTP:> CD ..
FTP:> RMDIR "com1/ ."

Hope this fixes ya up..
Brian

>-----Original Message-----
>Our SQL 2000 was hacked. The hacker dump about 8gig of
>data on our server. When we tried to delete the
>directories, folders and files we get an error message,
>access denied. I logged onto the SQL as the admin. Is
>there anyway I can reset the admin permission. Any way to
>delete these folders? What can I do to delete these
>folders?
>Any help would be great.
>They gaind access through our FTP server.
>Thank you.
>.
>



Relevant Pages

  • Re: cop from ftp site
    ... Basically once I'm in I want to go to a specific folder, ... there are a variety of qualifiers on the FTP command to allow FTP ... More recent versions of OpenVMS can also use the COPY/FTP command to ...
    (comp.os.vms)
  • Re: I cant connect to ftp server with ftp.exe
    ... mput and says the same. ... If I use promt after the command there's no message because it hangs in 150 ... I'm trying without success to send an access file into a ftp server folder. ...
    (microsoft.public.windowsxp.general)
  • Re: Drag and Drop Index .pub files into mapped FTP folder 2 cng we
    ... folder on my hard drive where I can direct the output on a consistent basis. ... when you upload to the web...and I know where to look when it is time to FTP ... website you saw, and viewed MY COMPUTER, the index_files folder, contained ... when I save the Publisher .pub file, ...
    (microsoft.public.publisher.webdesign)
  • Re: Cannot get Cerverus ftp server to work
    ... When i create a user Cerverus asks me for virtual root folder and i add ... Those seem to be permissions that the FTP server is allowing for its ... If the O/S is using the FAT32 file system that the FTP folder is created on, ...
    (comp.security.firewalls)
  • Re: hmt will not load in FTP client after proxy server problems.
    ... After you make the changes in your Publisher file on your computer, ... You say your FTP ... to upload the new html files to your site, and they should overwrite the old ... output to a folder on your computer, from which you will use the ftp client ...
    (microsoft.public.publisher.webdesign)