乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-11: 细节已通知厂商并且等待厂商处理中 2015-12-15: 厂商已经确认,细节仅向厂商公开 2015-12-25: 细节向核心白帽子及相关领域专家公开 2016-01-04: 细节向普通白帽子公开 2016-01-14: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
http://**.**.**.**:9191/jybz/login.action存在Java反序列化漏洞执行命令漏洞
同时存在Jboss远程代码执行漏洞CVE:2013-4810
直接上传木马到服务器
net user
\\ 的用户帐户-------------------------------------------------------------------------------Administrator Guest SUPPORT_388945a0 命令运行完毕,但发生一个或多个错误。
net start
已经启动以下 Windows 服务: 360EntClientService Application Experience Lookup Service COM+ Event System COM+ System Application Cryptographic Services DCOM Server Process Launcher DHCP Client Distributed Transaction Coordinator DNS Client Event Log IPSEC Services Logical Disk Manager Network Connections Network Location Awareness (NLA) Plug and Play Print Spooler Protected Storage Remote Procedure Call (RPC) Security Accounts Manager Shell Hardware Detection SNMP Service System Event Notification Task Scheduler TCP/IP NetBIOS Helper Terminal Services VMware Tools Service VMware 物理磁盘助手服务 Windows Management Instrumentation Windows Time 主动防御命令成功完成。
netstat -ano
Active Connections Proto Local Address Foreign Address State PID TCP **.**.**.**:135 **.**.**.**:0 LISTENING 680 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1026 **.**.**.**:0 LISTENING 420 TCP **.**.**.**:1098 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:1099 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:1198 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:1199 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:1238 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:1239 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:1241 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:1251 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:1252 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:1254 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:1298 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:1299 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:3389 **.**.**.**:0 LISTENING 1628 TCP **.**.**.**:3878 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:3880 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:3882 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:4444 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:4445 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:4446 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:4544 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:4545 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:4644 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:4645 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:5446 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:6446 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:8009 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:8080 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:8083 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:8093 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:8109 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:8180 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:8183 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:8193 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:8209 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:8280 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:8283 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:8293 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1444 **.**.**.**:1098 TIME_WAIT 0 TCP **.**.**.**:1446 **.**.**.**:80 SYN_SENT 3356 TCP **.**.**.**:1573 **.**.**.**:21 CLOSE_WAIT 832 TCP **.**.**.**:2214 **.**.**.**:80 ESTABLISHED 3356 TCP **.**.**.**:3380 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3382 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3391 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3403 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3434 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3437 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3440 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3442 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3444 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3451 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3468 **.**.**.**:80 ESTABLISHED 5696 TCP **.**.**.**:3554 **.**.**.**:10390 CLOSE_WAIT 6004 TCP **.**.**.**:3624 **.**.**.**:80 ESTABLISHED 3356 TCP **.**.**.**:3656 **.**.**.**:80 ESTABLISHED 5696 TCP **.**.**.**:3873 **.**.**.**:0 LISTENING 6004 TCP **.**.**.**:3973 **.**.**.**:0 LISTENING 1088 TCP **.**.**.**:4073 **.**.**.**:0 LISTENING 14088 TCP **.**.**.**:8080 **.**.**.**:14771 TIME_WAIT 0 TCP **.**.**.**:8080 **.**.**.**:14791 TIME_WAIT 0 TCP **.**.**.**:8080 **.**.**.**:14845 ESTABLISHED 6004 UDP **.**.**.**:161 *:* 220 UDP **.**.**.**:445 *:* 4 UDP **.**.**.**:500 *:* 420 UDP **.**.**.**:1025 *:* 744 UDP **.**.**.**:1369 *:* 744 UDP **.**.**.**:1370 *:* 744 UDP **.**.**.**:1371 *:* 744 UDP **.**.**.**:1372 *:* 744 UDP **.**.**.**:1373 *:* 744 UDP **.**.**.**:1374 *:* 744 UDP **.**.**.**:3576 *:* 13424 UDP **.**.**.**:4500 *:* 420 UDP **.**.**.**:4543 *:* 744 UDP **.**.**.**:4859 *:* 744 UDP **.**.**.**:4861 *:* 744 UDP **.**.**.**:123 *:* 780 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:123 *:* 780 UDP **.**.**.**:1813 *:* 3356 UDP **.**.**.**:2660 *:* 5696
ipconfig /all
Windows IP Configuration Host Name . . . . . . . . . . . . : dpas-20 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter 本地连接: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-50-56-B0-34-18 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : **.**.**.** DNS Servers . . . . . . . . . . . : **.**.**.**
systeminfo
主机名: DPAS-20OS 名称: Microsoft(R) Windows(R) Server 2003, Enterprise EditionOS 版本: 5.2.3790 Service Pack 2 Build 3790OS 制造商: Microsoft CorporationOS 配置: 独立服务器OS 构件类型: Multiprocessor Free注册的所有人: jscz注册的组织: jscz产品 ID: 69813-652-2514592-45225初始安装日期: 2013-5-13, 11:11:00系统启动时间: 941 天 11 小时 38 分 34 秒系统制造商: VMware, Inc.系统型号: VMware Virtual Platform系统类型: X86-based PC处理器: 安装了 4 个处理器。 [01]: x86 Family 6 Model 26 Stepping 4 GenuineIntel ~1862 Mhz [02]: x86 Family 6 Model 26 Stepping 4 GenuineIntel ~1862 Mhz [03]: x86 Family 6 Model 26 Stepping 4 GenuineIntel ~1862 Mhz [04]: x86 Family 6 Model 26 Stepping 4 GenuineIntel ~1862 MhzBIOS 版本: INTEL - 6040000Windows 目录: C:\WINDOWS系统目录: C:\WINDOWS\system32启动设备: \Device\HarddiskVolume1系统区域设置: zh-cn;中文(中国)输入法区域设置: zh-cn;中文(中国)时区: (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐物理内存总量: 4,095 MB可用的物理内存: 1,504 MB页面文件: 最大值: 8,018 MB页面文件: 可用: 1,163 MB页面文件: 使用中: 6,855 MB页面文件位置: C:\pagefile.sys域: JSCZ登录服务器: \\DPAS-20修补程序: 安装了 458 个修补程序。 [01]: File 1 [02]: File 1 [03]: File 1 [04]: File 1 [05]: File 1 [06]: File 1 [07]: File 1 [08]: File 1 [09]: File 1 [10]: File 1 [11]: File 1 [12]: File 1 [13]: File 1 [14]: File 1 [15]: File 1 [16]: File 1 [17]: File 1 [18]: File 1 [19]: File 1 [20]: File 1 [21]: File 1 [22]: File 1 [23]: File 1 [24]: File 1 [25]: File 1 [26]: File 1 [27]: File 1 [28]: File 1 [29]: File 1 [30]: File 1 [31]: File 1 [32]: File 1 [33]: File 1 [34]: File 1 [35]: File 1 [36]: File 1 [37]: File 1 [38]: File 1 [39]: File 1 [40]: File 1 [41]: File 1 [42]: File 1 [43]: File 1 [44]: File 1 [45]: File 1 [46]: File 1 [47]: File 1 [48]: File 1 [49]: File 1 [50]: File 1 [51]: File 1 [52]: File 1 [53]: File 1 [54]: File 1 [55]: File 1 [56]: File 1 [57]: File 1 [58]: File 1 [59]: File 1 [60]: File 1 [61]: File 1 [62]: File 1 [63]: File 1 [64]: File 1 [65]: File 1 [66]: File 1 [67]: File 1 [68]: File 1 [69]: File 1 [70]: File 1 [71]: File 1 [72]: File 1 [73]: File 1 [74]: File 1 [75]: File 1 [76]: File 1 [77]: File 1 [78]: File 1 [79]: File 1 [80]: File 1 [81]: File 1 [82]: File 1 [83]: File 1 [84]: File 1 [85]: File 1 [86]: File 1 [87]: File 1 [88]: File 1 [89]: File 1 [90]: File 1 [91]: File 1 [92]: File 1 [93]: File 1 [94]: File 1 [95]: File 1 [96]: File 1 [97]: File 1 [98]: File 1 [99]: File 1 [100]: File 1 [101]: File 1 [102]: File 1 [103]: File 1 [104]: File 1 [105]: File 1 [106]: File 1 [107]: File 1 [108]: File 1 [109]: File 1 [110]: File 1 [111]: File 1 [112]: File 1 [113]: File 1 [114]: File 1 [115]: File 1 [116]: File 1 [117]: File 1 [118]: File 1 [119]: File 1 [120]: File 1 [121]: File 1 [122]: File 1 [123]: File 1 [124]: File 1 [125]: File 1 [126]: File 1 [127]: File 1 [128]: File 1 [129]: File 1 [130]: File 1 [131]: File 1 [132]: File 1 [133]: File 1 [134]: File 1 [135]: File 1 [136]: File 1 [137]: File 1 [138]: File 1 [139]: File 1 [140]: File 1 [141]: File 1 [142]: File 1 [143]: File 1 [144]: File 1 [145]: File 1 [146]: File 1 [147]: File 1 [148]: File 1 [149]: File 1 [150]: File 1 [151]: File 1 [152]: File 1 [153]: File 1 [154]: File 1 [155]: File 1 [156]: File 1 [157]: File 1 [158]: File 1 [159]: File 1 [160]: File 1 [161]: File 1 [162]: File 1 [163]: File 1 [164]: File 1 [165]: File 1 [166]: File 1 [167]: File 1 [168]: File 1 [169]: File 1 [170]: File 1 [171]: File 1 [172]: File 1 [173]: File 1 [174]: File 1 [175]: File 1 [176]: File 1 [177]: File 1 [178]: File 1 [179]: File 1 [180]: File 1 [181]: File 1 [182]: File 1 [183]: File 1 [184]: File 1 [185]: File 1 [186]: File 1 [187]: File 1 [188]: File 1 [189]: File 1 [190]: File 1 [191]: File 1 [192]: File 1 [193]: File 1 [194]: File 1 [195]: File 1 [196]: File 1 [197]: File 1 [198]: File 1 [199]: File 1 [200]: File 1 [201]: File 1 [202]: File 1 [203]: File 1 [204]: File 1 [205]: File 1 [206]: File 1 [207]: File 1 [208]: File 1 [209]: File 1 [210]: File 1 [211]: File 1 [212]: File 1 [213]: File 1 [214]: File 1 [215]: File 1 [216]: File 1 [217]: File 1 [218]: File 1 [219]: File 1 [220]: File 1 [221]: File 1 [222]: File 1 [223]: File 1 [224]: Q147222 [225]: KB2656358 - QFE [226]: KB2742604 - QFE [227]: KB2898860 - QFE [228]: KB2901115 - QFE [229]: KB2972207 - QFE [230]: KB3023211 - QFE [231]: KB3037572 - QFE [232]: KB933854 - QFE [233]: KB979907 - QFE [234]: KB975558_WM8 [235]: KB925398_WMP64 [236]: KB2564958 - Update [237]: KB2115168 - Update [238]: KB2229593 - Update [239]: KB2296011 - Update [240]: KB2347290 - Update [241]: KB2360937 - Update [242]: KB2378111 - Update [243]: KB2387149 - Update [244]: KB2419635 - Update [245]: KB2423089 - Update [246]: KB2440591 - Update [247]: KB2443105 - Update [248]: KB2476490 - Update [249]: KB2478960 - Update [250]: KB2478971 - Update [251]: KB2483185 - Update [252]: KB2485663 - Update [253]: KB2506212 - Update [254]: KB2507938 - Update [255]: KB2508429 - Update [256]: KB2509553 - Update [257]: KB2510587 - Update [258]: KB2535512 - Update [259]: KB2536276-v2 - Update [260]: KB2544893-v2 - Update [261]: KB2566454 - Update [262]: KB2570947 - Update [263]: KB2584146 - Update [264]: KB2598479 - Update [265]: KB2603381 - Update [266]: KB网卡: 安装了 1 个 NIC。 [01]: Intel(R) PRO/1000 MT Network Connection 连接名: 本地连接 启用 DHCP: 否 IP 地址 [01]: **.**.**.**
加强安全意识
危害等级:高
漏洞Rank:11
确认时间:2015-12-15 14:32
CNVD确认所述情况,已经转由CNCERT下发给上海分中心,由其后续协调网站管理单位处置。
暂无
