乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-05: 细节已通知厂商并且等待厂商处理中 2016-01-08: 厂商已经确认,细节仅向厂商公开 2016-01-18: 细节向核心白帽子及相关领域专家公开 2016-01-28: 细节向普通白帽子公开 2016-02-07: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
RT
地址http://**.**.**.**:7001/存在“Java 反序列化”漏洞
直接上传木马到服务器中
whoamifzybweb\administratornet user\\FZYBWEB 的用户帐户-------------------------------------------------------------------------------Administrator Guest SUPPORT_388945a0 test1 命令成功完成。net view服务器名称 注释-------------------------------------------------------------------------------\\FZRSJ-880C4ABC8 \\FZYB \\FZYB_SERVER001 \\FZYBDATA \\FZYBWEB \\HP-10001VJGVMNB \\HP-10902Q \\XXZX-16888 命令成功完成。net share共享名 资源 注释-------------------------------------------------------------------------------IPC$ 远程 IPC ADMIN$ C:\WINDOWS 远程管理 C$ C:\ 默认共享 命令成功完成。net start已经启动以下 Windows 服务: Application Experience Lookup Service Automatic Updates Client Service for NetWare COM+ Event System Computer Browser Cryptographic Services DCOM Server Process Launcher DHCP Client Distributed Link Tracking Client Distributed Transaction Coordinator DNS Client Error Reporting Service Event Log Help and Support IPSEC Services Logical Disk Manager Network Connections Network Location Awareness (NLA) OracleDBConsoleorclweb OracleOraDb10g_home1iSQL*Plus OracleOraDb10g_home1TNSListener OracleServiceORCLWEB Plug and Play Print Spooler Protected Storage QQPCMgr RTP Service Remote Access Connection Manager Remote Procedure Call (RPC) Remote Registry Secondary Logon Security Accounts Manager Server Shell Hardware Detection System Event Notification Task Scheduler TCP/IP NetBIOS Helper Telephony Terminal Services Windows Management Instrumentation Windows Time Wireless Configuration Workstation WPS Office Cloud Service命令成功完成。netstat -anoActive Connections Proto Local Address Foreign Address State PID TCP **.**.**.**:135 **.**.**.**:0 LISTENING 760 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1028 **.**.**.**:0 LISTENING 480 TCP **.**.**.**:1033 **.**.**.**:0 LISTENING 1548 TCP **.**.**.**:1158 **.**.**.**:0 LISTENING 6080 TCP **.**.**.**:1521 **.**.**.**:0 LISTENING 1504 TCP **.**.**.**:2163 **.**.**.**:0 LISTENING 2660 TCP **.**.**.**:3938 **.**.**.**:0 LISTENING 8892 TCP **.**.**.**:5520 **.**.**.**:0 LISTENING 6080 TCP **.**.**.**:5560 **.**.**.**:0 LISTENING 1512 TCP **.**.**.**:5580 **.**.**.**:0 LISTENING 1512 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1480 **.**.**.**:1521 ESTABLISHED 6080 TCP **.**.**.**:1482 **.**.**.**:1521 ESTABLISHED 6080 TCP **.**.**.**:1483 **.**.**.**:1521 ESTABLISHED 6080 TCP **.**.**.**:1484 **.**.**.**:1521 ESTABLISHED 6080 TCP **.**.**.**:1521 **.**.**.**:1480 ESTABLISHED 1504 TCP **.**.**.**:1521 **.**.**.**:1482 ESTABLISHED 1504 TCP **.**.**.**:1521 **.**.**.**:1483 ESTABLISHED 1504 TCP **.**.**.**:1521 **.**.**.**:1484 ESTABLISHED 1504 TCP **.**.**.**:1521 **.**.**.**:3056 ESTABLISHED 1504 TCP **.**.**.**:1521 **.**.**.**:4314 ESTABLISHED 1504 TCP **.**.**.**:1521 **.**.**.**:4315 ESTABLISHED 1504 TCP **.**.**.**:3056 **.**.**.**:1521 ESTABLISHED 4628 TCP **.**.**.**:3594 **.**.**.**:1158 TIME_WAIT 0 TCP **.**.**.**:3597 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3598 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3599 **.**.**.**:1158 TIME_WAIT 0 TCP **.**.**.**:3601 **.**.**.**:1521 TIME_WAIT 0 TCP **.**.**.**:3603 **.**.**.**:1158 TIME_WAIT 0 TCP **.**.**.**:3606 **.**.**.**:1158 TIME_WAIT 0 TCP **.**.**.**:3938 **.**.**.**:3595 TIME_WAIT 0 TCP **.**.**.**:3938 **.**.**.**:3600 TIME_WAIT 0 TCP **.**.**.**:3938 **.**.**.**:3604 TIME_WAIT 0 TCP **.**.**.**:3938 **.**.**.**:3607 TIME_WAIT 0 TCP **.**.**.**:3938 **.**.**.**:3608 TIME_WAIT 0 TCP **.**.**.**:4314 **.**.**.**:1521 ESTABLISHED 8892 TCP **.**.**.**:4315 **.**.**.**:1521 ESTABLISHED 8892 TCP **.**.**.**:4847 **.**.**.**:80 CLOSE_WAIT 10316 TCP **.**.**.**:7001 **.**.**.**:0 LISTENING 4628 TCP **.**.**.**:7001 **.**.**.**:36373 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:36484 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:36496 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:44936 TIME_WAIT 0 TCP **.**.**.**:7001 **.**.**.**:45010 TIME_WAIT 0 TCP **.**.**.**:7001 **.**.**.**:54550 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54551 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54552 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54554 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54555 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54556 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54557 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54558 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54559 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54560 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54561 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54562 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54974 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54975 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54976 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54977 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54979 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54980 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54981 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54982 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54983 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54984 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54985 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54986 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54987 ESTABLISHED 4628 TCP **.**.**.**:7001 **.**.**.**:54988 ESTABLISHED 4628 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1521 **.**.**.**:51284 ESTABLISHED 1504 TCP **.**.**.**:2448 **.**.**.**:21 CLOSE_WAIT 2144 TCP **.**.**.**:3057 **.**.**.**:1521 ESTABLISHED 1548 TCP **.**.**.**:3602 **.**.**.**:139 TIME_WAIT 0 TCP **.**.**.**:1030 **.**.**.**:0 LISTENING 1504 TCP **.**.**.**:1034 **.**.**.**:1521 ESTABLISHED 1548 TCP **.**.**.**:1521 **.**.**.**:1034 ESTABLISHED 1504 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 UDP **.**.**.**:445 *:* 4 UDP **.**.**.**:500 *:* 480 UDP **.**.**.**:1026 *:* 860 UDP **.**.**.**:1176 *:* 860 UDP **.**.**.**:1177 *:* 860 UDP **.**.**.**:1178 *:* 860 UDP **.**.**.**:1631 *:* 7284 UDP **.**.**.**:2011 *:* 2144 UDP **.**.**.**:4500 *:* 480 UDP **.**.**.**:123 *:* 876 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:123 *:* 876 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:123 *:* 876 UDP **.**.**.**:1055 *:* 876 UDP **.**.**.**:123 *:* 876 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4tasklist /svc映像名称 PID 服务 ========================= ======== ============================================System Idle Process 0 暂缺 System 4 暂缺 smss.exe 344 暂缺 csrss.exe 396 暂缺 winlogon.exe 420 暂缺 services.exe 468 Eventlog, PlugPlay lsass.exe 480 PolicyAgent, ProtectedStorage, SamSs svchost.exe 652 DcomLaunch svchost.exe 760 RpcSs svchost.exe 860 Dhcp, Dnscache svchost.exe 876 LmHosts, NWCWorkstation, W32Time svchost.exe 892 AeLookupSvc, Browser, CryptSvc, dmserver, EventSystem, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, ShellHWDetection, TrkWks, winmgmt, wuauserv, WZCSVC spoolsv.exe 1280 Spooler msdtc.exe 1304 MSDTC svchost.exe 1420 ERSvc nmesrvc.exe 1452 OracleDBConsoleorclweb isqlplussvc.exe 1468 OracleOraDb10g_home1iSQL*Plus TNSLSNR.EXE 1504 OracleOraDb10g_home1TNSListener java.exe 1512 暂缺 oracle.exe 1548 OracleServiceORCLWEB svchost.exe 1608 RemoteRegistry cmd.exe 1992 暂缺 perl.exe 2032 暂缺 wmiprvse.exe 2212 暂缺 svchost.exe 2660 TermService svchost.exe 3168 TapiSrv java.exe 6080 暂缺 csrss.exe 2416 暂缺 winlogon.exe 2068 暂缺 rdpclip.exe 5408 暂缺 explorer.exe 2144 暂缺 ctfmon.exe 6012 暂缺 conime.exe 1872 暂缺 wpscloudsvr.exe 1008 wpscloudsvr cmd.exe 1104 暂缺 java.exe 4628 暂缺 logon.scr 5112 暂缺 emagent.exe 8892 暂缺 QMAutoClean.exe 8228 暂缺 QQPCRTP.exe 7284 QQPCRTP wpscenter.exe 10316 暂缺 wmiprvse.exe 10888 暂缺 tasklist.exe 11648 暂缺 ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : fzybweb Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter 本地连接 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) Physical Address. . . . . . . . . : 00-21-5E-C7-E0-3E DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : **.**.**.** DNS Servers . . . . . . . . . . . : **.**.**.** **.**.**.**Ethernet adapter 本地连接: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #2 Physical Address. . . . . . . . . : 00-21-5E-C7-E0-3C DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : Ethernet adapter 本地连接 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : IBM USB Remote NDIS Network Device Physical Address. . . . . . . . . : 02-21-5E-CB-DA-2F DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : systeminfo主机名: FZYBWEBOS 名称: Microsoft(R) Windows(R) Server 2003, Enterprise EditionOS 版本: 5.2.3790 Service Pack 2 Build 3790OS 制造商: Microsoft CorporationOS 配置: 独立服务器OS 构件类型: Multiprocessor Free注册的所有人: fzybweb注册的组织: 产品 ID: 69813-640-9722366-45907初始安装日期: 2015-1-29, 16:05:41系统启动时间: 55 天 15 小时 16 分 51 秒系统制造商: IBM系统型号: System x3650 M2 -[7947I01]-系统类型: X86-based PC处理器: 安装了 4 个处理器。 [01]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2000 Mhz [02]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2000 Mhz [03]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2000 Mhz [04]: x86 Family 6 Model 26 Stepping 5 GenuineIntel ~2000 MhzBIOS 版本: IBM - 0Windows 目录: C:\WINDOWS系统目录: C:\WINDOWS\system32启动设备: \Device\HarddiskVolume1系统区域设置: zh-cn;中文(中国)输入法区域设置: 暂缺时区: (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐物理内存总量: 8,181 MB可用的物理内存: 5,529 MB页面文件: 最大值: 10,022 MB页面文件: 可用: 7,552 MB页面文件: 使用中: 2,470 MB页面文件位置: C:\pagefile.sys域: WORKGROUP登录服务器: \\FZYBWEB修补程序: 安装了 394 个修补程序。 [01]: File 1 [02]: File 1 [03]: File 1 [04]: File 1 [05]: File 1 [06]: File 1 [07]: File 1 [08]: File 1 [09]: File 1 [10]: File 1 [11]: File 1 [12]: File 1 [13]: File 1 [14]: File 1 [15]: File 1 [16]: File 1 [17]: File 1 [18]: File 1 [19]: File 1 [20]: File 1 [21]: File 1 [22]: File 1 [23]: File 1 [24]: File 1 [25]: File 1 [26]: File 1 [27]: File 1 [28]: File 1 [29]: File 1 [30]: File 1 [31]: File 1 [32]: File 1 [33]: File 1 [34]: File 1 [35]: File 1 [36]: File 1 [37]: File 1 [38]: File 1 [39]: File 1 [40]: File 1 [41]: File 1 [42]: File 1 [43]: File 1 [44]: File 1 [45]: File 1 [46]: File 1 [47]: File 1 [48]: File 1 [49]: File 1 [50]: File 1 [51]: File 1 [52]: File 1 [53]: File 1 [54]: File 1 [55]: File 1 [56]: File 1 [57]: File 1 [58]: File 1 [59]: File 1 [60]: File 1 [61]: File 1 [62]: File 1 [63]: File 1 [64]: File 1 [65]: File 1 [66]: File 1 [67]: File 1 [68]: File 1 [69]: File 1 [70]: File 1 [71]: File 1 [72]: File 1 [73]: File 1 [74]: File 1 [75]: File 1 [76]: File 1 [77]: File 1 [78]: File 1 [79]: File 1 [80]: File 1 [81]: File 1 [82]: File 1 [83]: File 1 [84]: File 1 [85]: File 1 [86]: File 1 [87]: File 1 [88]: File 1 [89]: File 1 [90]: File 1 [91]: File 1 [92]: File 1 [93]: File 1 [94]: File 1 [95]: File 1 [96]: File 1 [97]: File 1 [98]: File 1 [99]: File 1 [100]: File 1 [101]: File 1 [102]: File 1 [103]: File 1 [104]: File 1 [105]: File 1 [106]: File 1 [107]: File 1 [108]: File 1 [109]: File 1 [110]: File 1 [111]: File 1 [112]: File 1 [113]: File 1 [114]: File 1 [115]: File 1 [116]: File 1 [117]: File 1 [118]: File 1 [119]: File 1 [120]: File 1 [121]: File 1 [122]: File 1 [123]: File 1 [124]: File 1 [125]: File 1 [126]: File 1 [127]: File 1 [128]: File 1 [129]: File 1 [130]: File 1 [131]: File 1 [132]: File 1 [133]: File 1 [134]: File 1 [135]: File 1 [136]: File 1 [137]: File 1 [138]: File 1 [139]: File 1 [140]: File 1 [141]: File 1 [142]: File 1 [143]: File 1 [144]: File 1 [145]: File 1 [146]: File 1 [147]: File 1 [148]: File 1 [149]: File 1 [150]: File 1 [151]: File 1 [152]: File 1 [153]: File 1 [154]: File 1 [155]: File 1 [156]: File 1 [157]: File 1 [158]: File 1 [159]: File 1 [160]: File 1 [161]: File 1 [162]: File 1 [163]: File 1 [164]: File 1 [165]: File 1 [166]: File 1 [167]: File 1 [168]: File 1 [169]: File 1 [170]: File 1 [171]: File 1 [172]: File 1 [173]: File 1 [174]: File 1 [175]: File 1 [176]: File 1 [177]: File 1 [178]: File 1 [179]: File 1 [180]: File 1 [181]: File 1 [182]: File 1 [183]: File 1 [184]: File 1 [185]: File 1 [186]: File 1 [187]: File 1 [188]: File 1 [189]: File 1 [190]: File 1 [191]: Q147222 [192]: KB2656358 - QFE [193]: KB2656376-v2 - QFE [194]: KB2833949 - QFE [195]: KB2894845 - QFE [196]: KB2898860 - QFE [197]: KB2901115 - QFE [198]: KB2931352 - QFE [199]: KB2972207 - QFE [200]: KB2978114 - QFE [201]: KB933854 - QFE [202]: KB979907 - QFE [203]: KB975558_WM8 [204]: KB925398_WMP64 [205]: KB2564958 - Update [206]: KB2115168 - Update [207]: KB2229593 - Update [208]: KB2296011 - Update [209]: KB2345886 - Update [210]: KB2347290 - Update [211]: KB2378111 - Update [212]: KB2387149 - Update [213]: KB2419635 - Update [214]: KB2423089 - Update [215]: KB2440591 - Update [216]: KB2443105 - Update [217]: KB2476490 - Update [218]: KB2478960 - Update [219]: KB2478971 - Update [220]: KB2485663 - Update [221]: KB2506212 - Update [222]: KB2508429 - Update [223]: KB2510587 - Update [224]: KB2535512 - Update [225]: KB2536276-v2 - Update [226]: KB2544893-v2 - Update [227]: KB2566454 - Update [228]: KB2570947 - Update [229]: KB2584146 - Update [230]: KB2598479 - Update [231]: KB2603381 - Update [232]: KB2620712 - Update [233]: KB2638806 - Update [234]: KB2653956 - Update [235]: KB2655992 - Update [236]: KB2656358 - Update [237]: KB2656376-v2 - Update [238]: KB2659262 - Update [239]: KB2685939 - Update [240]: KB2691442 - Update [241]: KB2698365 - Update [242]: KB2705219-v2 - Update [243]: KB2712808 - Update [244]: KB2727528 - Update [245]: KB2731847-v2 - Update [246]: KB2753842-v2 - Update [247]: KB2758857 - Update [248]: KB2770660 - Update [249]: KB2780091 - Update [250]: KB2807986 - U网卡: 安装了 3 个 NIC。 [01]: IBM USB Remote NDIS Network Device 连接名: 本地连接 3 启用 DHCP: 是 DHCP 服务器: **.**.**.** IP 地址 [01]: **.**.**.** [02]: Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) 连接名: 本地连接 2 启用 DHCP: 否 IP 地址 [01]: **.**.**.** [03]: Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) 连接名: 本地连接 启用 DHCP: 否 IP 地址 [01]: **.**.**.**
加强安全意识
危害等级:高
漏洞Rank:12
确认时间:2016-01-08 18:51
CNVD确认并复现所述情况,已经转由CNCERT下发给江西分中心,由其后续协调网站管理单位处置.
暂无
