Zipped Site Content File Download Scans

Seeing various probing web requests that appear to be scanning the internet for zip, tar, or gz files that likely contain the full website content. If an attacker finds a file like this on your website, they can download it and it may contain critical configuration files that contain credentials in plain text, actual source code they can analyze, or various configuration settings that they can take advantage of. Make sure you don't have these files, or anything similar, on your site and if so, remove them.

HEAD /www.tar HTTP/1.1
HEAD /www.tar.gz HTTP/1.1
HEAD /www.zip HTTP/1.1
HEAD /public_html.tar HTTP/1.1
HEAD /public_html.tar.gz HTTP/1.1
HEAD /public_html.zip HTTP/1.1
HEAD /www.mysite.com.tar HTTP/1.1
HEAD /www.mysite.com.tar.gz HTTP/1.1
HEAD /www.mysite.com.zip HTTP/1.1



More about neonprimetime

• neonprimetime pastebin
• neonprimetime virustotal
• @neonprimetime twitter
• neonprimetime reddit

Top Blogs of all-time

1. pagerank botnet sql injection walk-thru
2. DOM XSS 101 Walk-Through
3. php injection ali.txt walk-thru

Top Github Contributions

1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

Look at Zip Files without Opening

If you don't feel comfortable opening a zip file, you can use Didier's zipdump.py tool to inspect the zip safely. The command are simple.


1.) SHOW FILES IN ZIP
  zipdump.py test.zip
2.) EXTRACT A SINGLE FILE
  zipdump.py -f test.zip folder1/file1.txt
3.) VIEW ZIP CONTENTS IN MCAFEE QUARANTINE WITHOUT WRITING TO DISK
  punbup.py -f abc.bup | zipdump.py -
4.) VIEW SINGLE FILE IN ZIP IN MCAFEE QUARANTINE WITHOUT WRITING TO DISK
  punbup.py -f abc.bup | zipdump.py -a -


Have fun.

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.