乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-23: 细节已通知厂商并且等待厂商处理中 2015-03-27: 厂商已经确认,细节仅向厂商公开 2015-04-06: 细节向核心白帽子及相关领域专家公开 2015-04-16: 细节向普通白帽子公开 2015-04-26: 细节向实习白帽子公开 2015-05-11: 细节向公众公开
RT~
http://202.96.74.3:8081/loginAction.action
uid=502(dhcp) gid=501(pin) ?=501(pin) ??=unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023
Active Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:51789 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN - tcp 0 0 202.96.74.3:22 103.41.124.121:55181 ESTABLISHED - tcp 0 0 202.96.74.3:22 103.41.124.115:52093 ESTABLISHED - tcp 0 0 202.96.74.3:22 182.100.67.113:54314 ESTABLISHED - tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 18373/java tcp 0 0 ::ffff:127.0.0.1:8006 :::* LISTEN - tcp 0 0 :::8009 :::* LISTEN 18373/java tcp 0 0 :::8010 :::* LISTEN - tcp 0 0 :::8011 :::* LISTEN - tcp 0 0 ::ffff:202.96.74.3:8012 :::* LISTEN 4166/java tcp 0 0 ::ffff:127.0.0.1:8015 :::* LISTEN - tcp 0 0 :::111 :::* LISTEN - tcp 0 0 :::8080 :::* LISTEN - tcp 0 0 :::8081 :::* LISTEN 18373/java tcp 0 0 ::ffff:202.96.74.3:9011 :::* LISTEN 4166/java tcp 0 0 :::56597 :::* LISTEN - tcp 0 0 :::22 :::* LISTEN - tcp 0 0 ::1:631 :::* LISTEN - tcp 0 0 ::1:25 :::* LISTEN - tcp 0 0 :::8090 :::* LISTEN -
Active Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:51789 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN - tcp 0 1 202.96.74.3:60286 107.160.159.92:46463 SYN_SENT - tcp 0 0 202.96.74.3:22 182.100.67.113:44473 ESTABLISHED - tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 18373/java tcp 0 0 ::ffff:127.0.0.1:8006 :::* LISTEN - tcp 0 0 :::8009 :::* LISTEN 18373/java tcp 0 0 :::8010 :::* LISTEN - tcp 0 0 :::8011 :::* LISTEN - tcp 0 0 ::ffff:202.96.74.3:8012 :::* LISTEN 4166/java tcp 0 0 ::ffff:127.0.0.1:8015 :::* LISTEN - tcp 0 0 :::111 :::* LISTEN - tcp 0 0 :::8080 :::* LISTEN - tcp 0 0 :::8081 :::* LISTEN 18373/java tcp 0 0 ::ffff:202.96.74.3:9011 :::* LISTEN 4166/java tcp 0 0 :::56597 :::* LISTEN - tcp 0 0 :::22 :::* LISTEN - tcp 0 0 ::1:631 :::* LISTEN - tcp 0 0 ::1:25 :::* LISTEN - tcp 0 0 :::8090 :::* LISTEN -
Active Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:51789 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN - tcp 0 0 202.96.74.3:22 42.121.111.24:15282 ESTABLISHED - tcp 0 1 202.96.74.3:44491 107.160.159.92:46463 SYN_SENT - tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN 18373/java tcp 0 0 ::ffff:127.0.0.1:8006 :::* LISTEN - tcp 0 0 :::8009 :::* LISTEN 18373/java tcp 0 0 :::8010 :::* LISTEN - tcp 0 0 :::8011 :::* LISTEN - tcp 0 0 ::ffff:202.96.74.3:8012 :::* LISTEN 4166/java tcp 0 0 ::ffff:127.0.0.1:8015 :::* LISTEN - tcp 0 0 :::111 :::* LISTEN - tcp 0 0 :::8080 :::* LISTEN - tcp 0 0 :::8081 :::* LISTEN 18373/java tcp 0 0 ::ffff:202.96.74.3:9011 :::* LISTEN 4166/java tcp 0 0 :::56597 :::* LISTEN - tcp 0 0 :::22 :::* LISTEN - tcp 0 0 ::1:631 :::* LISTEN - tcp 0 0 ::1:25 :::* LISTEN - tcp 0 0 :::8090 :::* LISTEN -
发现如下可以ip,都是链接的ssh的22端口,美国的这最可疑,所有链接都是晚上22-23点的时间段:107.160.159.92:46463 --> 本站主数据:美国, 参考数据一:ARIN182.100.67.113:44473 --> 本站主数据:江西省新余市 电信, 参考数据一:江西省 电信42.121.111.24:15282 --> 本站主数据:浙江省杭州市 阿里云计算有限公司 阿里巴巴, 参考数据一:浙江省杭州市 阿里软件有限公司107.160.159.92:46463 --> 本站主数据:美国, 参考数据一:ARIN103.41.124.121:55181 --> 本站主数据:香港特别行政区, 参考数据一:APNIC103.41.124.115:52093 --> 本站主数据:香港特别行政区,参考数据一:APNIC
硬盘空间还是蛮大的,???? ?? ?? ?? ??%% ???/dev/mapper/VolGroup-lv_root 50G 21G 26G 45% /tmpfs 127G 804K 127G 1% /dev/shm/dev/sda1 485M 40M 420M 9% /boot/dev/mapper/VolGroup-lv_home 3.8T 3.2G 3.6T 1% /home
四块HBA卡,使用了NFS-+-[0000:70]-+-00.0-[71-75]--+-00.0-[72-74]-- | | \-00.1-[75]-- | +-01.0-[79-7b]-- | +-02.0-[87]-- | +-03.0-[84-86]--+-00.0 QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA | | \-00.1 QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA | +-04.0-[88]-- | +-05.0-[89]-- | +-06.0-[8a]-- | +-07.0-[76-78]--+-00.0 QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA | | \-00.1 QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA | +-08.0-[8b]-- | +-09.0-[8c]-- | +-0a.0-[8d]-- | \-14.0 Intel Corporation 5520/5500/X58 I/O Hub System Management Registers \-[0000:00]-+-00.0 Intel Corporation 5520/5500/X58 I/O Hub to ESI Port +-01.0-[0e-10]-- +-02.0-[14]-- +-03.0-[04]--+-00.0 NetXen Incorporated NX3031 Multifunction 1/10-Gigabit Server Adapter | +-00.1 NetXen Incorporated NX3031 Multifunction 1/10-Gigabit Server Adapter | +-00.2 NetXen Incorporated NX3031 Multifunction 1/10-Gigabit Server Adapter | \-00.3 NetXen Incorporated NX3031 Multifunction 1/10-Gigabit Server Adapter +-04.0-[15]-- +-05.0-[11-13]-- +-06.0-[16]-- +-07.0-[0b-0d]-- +-08.0-[17]-- +-09.0-[08-0a]-- +-0a.0-[05-07]-- +-14.0 Intel Corporation 5520/5500/X58 I/O Hub System Management Registers +-1c.0-[03]----00.0 Hewlett-Packard Company Smart Array G6 controllers +-1c.4-[02]--+-00.0 Hewlett-Packard Company Integrated Lights-Out Standard Slave Instrumentation & System Support | +-00.2 Hewlett-Packard Company Integrated Lights-Out Standard Management Processor Support and Messaging | \-00.4 Hewlett-Packard Company Integrated Lights-Out Standard Virtual USB Controller +-1d.0 Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #1 +-1d.1 Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #2 +-1d.2 Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #3 +-1d.3 Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #6 +-1d.7 Intel Corporation 82801JI (ICH10 Family) USB2 EHCI Controller #1 +-1e.0-[01]----03.0 Advanced Micro Devices [AMD] nee ATI ES1000 +-1f.0 Intel Corporation 82801JIB (ICH10) LPC Interface Controller \-1f.2 Intel Corporation 82801JI (ICH10 Family) 4 port SATA IDE Controller #1
====================================================================================================================================eth0 Link encap:Ethernet HWaddr D8:9D:67:77:79:C4 inet addr:202.96.74.3 Bcast:202.96.74.31 Mask:255.255.255.224 inet6 addr: fe80::da9d:67ff:fe77:79c4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:39175926 errors:0 dropped:0 overruns:0 frame:0 TX packets:30504733 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7603077388 (7.0 GiB) TX bytes:5867632669 (5.4 GiB) Interrupt:88 eth1 Link encap:Ethernet HWaddr D8:9D:67:77:79:C5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:92 eth2 Link encap:Ethernet HWaddr D8:9D:67:77:79:C6 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:96 eth3 Link encap:Ethernet HWaddr D8:9D:67:77:79:C7 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:100 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:191051048 errors:0 dropped:0 overruns:0 frame:0 TX packets:191051048 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9978430086 (9.2 GiB) TX bytes:9978430086 (9.2 GiB)
还有一台数据库机器,Oracle对外开放了1521端口202.96.74.2:1521
1.升级2.查查内网是不是被渗透了吧~
危害等级:中
漏洞Rank:8
确认时间:2015-03-27 13:54
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给辽宁分中心,由辽宁分中心后续协调网站管理单位处置。
暂无
