Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IIS Access Logs Parser failed because of 'utf8' codec #111

Open
congtrung2k1 opened this issue Aug 31, 2023 · 2 comments
Open

IIS Access Logs Parser failed because of 'utf8' codec #111

congtrung2k1 opened this issue Aug 31, 2023 · 2 comments

Comments

@congtrung2k1
Copy link

congtrung2k1 commented Aug 31, 2023
edited
Loading

When I parse the IIS Access Logs, the error appears and says:

[-] [Error] IIS Access Logs Parser: 'utf8' codec can't decode byte 0xc0 in position 2: invalid start byte - Line No. 68
 
Here is the access log content, which is attacked by LFI attack:

2023-08-23 00:00:00 172.27.2.17 GET /DependencyHandler.axd/8eeace64d63c39921d09c839c5a63e89/4/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afwindows/win.ini - 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 404 11 0 187
2023-08-23 00:00:00 172.27.2.17 GET /DesktopModules/Admin/languages/images/nusoap - 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 404 0 2 187
2023-08-23 00:00:00 172.27.2.17 GET /DesktopModules/Admin/console/scripts/player - 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 404 0 2 187
2023-08-23 00:00:00 172.27.2.17 POST /Default.aspx TabId=85&language=vi-VN 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 200 0 0 203
2023-08-23 00:00:00 172.27.2.17 GET /Portals/_default/Skins/Assets/css/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd - 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 404 11 0 187
2023-08-23 00:00:00 172.27.2.17 POST /Default.aspx TabId=85&language=vi-VN&returnurl=%2fru-ru%2fsasscascdsd 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 200 0 0 187
2023-08-23 00:00:00 172.27.2.17 POST /Default.aspx TabId=85&language=vi-VN&returnurl=%2fvi-vn%2fdong-hanh-ho-tro-kh-kho-khan 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 200 0 0 187
2023-08-23 00:00:00 172.27.2.17 POST /Default.aspx TabId=85&language=vi-VN&returnurl=%2fru-ru%2fsasscascdsd%22%7c%7csleep(27*1000)*mhozpj%7c%7c%22 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 200 0 0 203
2023-08-23 00:00:00 172.27.2.17 POST /Default.aspx TabId=85&language=vi-VN&returnurl=%2fru-ru%2fsasscascdsd 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 200 0 0 203
2023-08-23 00:00:00 172.27.2.17 GET /DependencyHandler.axd/0fcf5b709d7750f2b8456f96a256411f/4/À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯À®À®À¯/etc/passwd - 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 404 0 0 202
2023-08-23 00:00:00 172.27.2.17 POST /Default.aspx TabId=85&language=ru-RU 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 200 0 0 203
2023-08-23 00:00:00 172.27.2.17 POST /Default.aspx TabId=85&language=ru-RU&returnurl=%2fru-ru%2fsasscascdsd 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 200 0 0 187
2023-08-23 00:00:01 172.27.2.17 GET /DesktopModules/Admin/languages/images/docs - 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 404 0 2 187
2023-08-23 00:00:01 172.27.2.17 GET /Default.aspx TabId=85&language=ru-RU 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 200 0 0 187
2023-08-23 00:00:01 172.27.2.17 GET /Default.aspx tabid=85&error=An+unexpected+error+has+occurred&content=0 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 200 0 0 187
2023-08-23 00:00:01 172.27.2.17 GET /Portals/_default/Skins/Assets/css/..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯..À¯/etc/passwd - 443 - 5.253.43.24 User-Agent:+Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+360SE) - 404 0 0 187

Have any suggestions for fixing this bug?
@congtrung2k1 congtrung2k1 changed the title IIS Access Logs Parser failed because of IIS Access Logs Parser failed because of 'utf8' codec Aug 31, 2023
@salehmuhaysin
Copy link
Collaborator

hello
not sure what is the problem because i tried to copy and paste the logs you provided but works
image

could you share the same file or the part of logs that failed as a file, maybe with text log it did not copy the failed command 0xc0

@IUSecHCMIU
Copy link

hello not sure what is the problem because i tried to copy and paste the logs you provided but works image

could you share the same file or the part of logs that failed as a file, maybe with text log it did not copy the failed command 0xc0

Here is it:
u_ex230719.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@salehmuhaysin @congtrung2k1 @IUSecHCMIU