记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

万达某产品公众管理平台Getshell至站点沦陷

2014-02-21 22:10

沦陷站点:万达大歌星微信公众管理平台http://222.222.121.167/


由于验证码缺陷可爆破进入系统admin管理员用户,此处不表

 
微信管理平台嘛就有管理功能,稍微贴两张图


菜单管理


粉丝统计


可帮忙运营旗下微信账号呢,设置业务互动流程环节内容!数据未动哦


任意文件上传getshell


大歌星就在里面呀

命令执行


[/data1/workspace/tomcat-6.0.37/webapps/ROOT/images/upload/knowledgeBase/]$ id

uid=0(root) gid=0(root) groups=0(root)





[/data1/workspace/tomcat-6.0.37/webapps/ROOT/images/upload/knowledgeBase/]$ ifconfig

em1 Link encap:Ethernet HWaddr 90:B1:1C:45:94:97

inet addr:10.77.131.12 Bcast:10.77.131.255 Mask:255.255.255.0

inet6 addr: fe80::92b1:1cff:fe45:9497/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:126775219 errors:0 dropped:1 overruns:0 frame:165

TX packets:141442999 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:11262360533 (10.4 GiB) TX bytes:13617809937 (12.6 GiB)

Interrupt:16



em2 Link encap:Ethernet HWaddr 90:B1:1C:45:94:98

inet addr:222.222.121.167 Bcast:222.222.121.255 Mask:255.255.255.0

inet6 addr: fe80::92b1:1cff:fe45:9498/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:218861101 errors:0 dropped:0 overruns:0 frame:0

TX packets:33309686 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:16119265275 (15.0 GiB) TX bytes:14034877342 (13.0 GiB)

Interrupt:17



lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:16436 Metric:1

RX packets:127928346 errors:0 dropped:0 overruns:0 frame:0

TX packets:127928346 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:0

RX bytes:50237812233 (46.7 GiB) TX bytes:50237812233 (46.7 GiB)


内往外iP



root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

games:x:12:100:games:/usr/games:/sbin/nologin

gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

nobody:x:99:99:Nobody:/:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

ntp:x:38:38::/etc/ntp:/sbin/nologin

saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin

postfix:x:89:89::/var/spool/postfix:/sbin/nologin

avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin

sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin

tcpdump:x:72:72::/:/sbin/nologin

sre:x:504:505::/home/sre:/bin/bash

wddssa:x:505:506::/home/wddssa:/bin/bash

nagios:x:498:499::/var/spool/nagios:/sbin/nologin

puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin

nrpe:x:497:498:NRPE user for the NRPE service:/var/run/nrpe:/sbin/nologin

apache:x:48:48:Apache:/var/www:/sbin/nologin

zabbix:x:496:497:Zabbix Monitoring System:/var/lib/zabbix:/sbin/nologin

mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash

memcached:x:495:496:Memcached daemon:/var/run/memcached:/sbin/nologin


修复方案:
据说上次给了一个给你们了,一起表示一下吧-0-

知识来源: www.2cto.com/Article/201402/280275.html

阅读:90960 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“万达某产品公众管理平台Getshell至站点沦陷”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云