乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-15: 厂商已经确认,细节仅向厂商公开 2016-01-25: 细节向核心白帽子及相关领域专家公开 2016-02-04: 细节向普通白帽子公开 2016-02-14: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
地址http://**.**.**.**:7001/存在“Java 反序列化”漏洞
直接上传木马到服务器中
ESS_BE_20170303_99.lic用户名:EAV-0105228468密 码:4mfk36b5fd有效期:2017/02/17
whoamiwww\dellnet user\\WWW 的用户帐户-------------------------------------------------------------------------------ASPNET czjiis dell ftp Guest gx IUSR_CZJ IUSR_WWW IWAM_CZJ IWAM_WWW SUPPORT_388945a0 命令成功完成。net share共享名 资源 注释-------------------------------------------------------------------------------C$ C:\ 默认共享 F$ F:\ 默认共享 IPC$ 远程 IPC E$ E:\ 默认共享 D$ D:\ 默认共享 ADMIN$ C:\WINDOWS 远程管理 office 2000 E:\office 2000 SOFTWARE E:\SOFTWARE uploads F:\newxysczj\uploads wwwroot C:\Inetpub\wwwroot 命令成功完成。net view服务器名称 注释-------------------------------------------------------------------------------\\BGS-LULM \\CGK-SUN \\CGSERVER \\GKK-ZQY2 \\GKSERVER \\JCK-HCC1 JCK-HCC \\OWNER-PC \\RJKY \\WWW \\YSK-WL YSK-WL \\YSK-ZXZ YSK-ZXZ 命令成功完成。net start已经启动以下 Windows 服务: Application Experience Lookup Service Application Layer Gateway Service Automatic Updates Background Intelligent Transfer Service COM+ Event System Computer Browser Cryptographic Services DCOM Server Process Launcher DHCP Client Diskeeper Distributed Transaction Coordinator DNS Client ESET HTTP Server ESET Service Event Log FTP Publishing Service Help and Support HID Input Service HTTP SSL IIS Admin Service Logical Disk Manager MySQL Network Connections Network Location Awareness (NLA) Plug and Play Protected Storage Remote Access Connection Manager Remote Procedure Call (RPC) Security Accounts Manager Server Shell Hardware Detection SQL Server (MSSQLSERVER) SQL Server VSS Writer System Event Notification Task Scheduler TCP/IP NetBIOS Helper TeamViewer 8 Telephony Terminal Services Windows Audio Windows Firewall/Internet Connection Sharing (ICS) Windows Management Instrumentation Windows Time Workstation World Wide Web Publishing Service命令成功完成。netstat -anoActive Connections Proto Local Address Foreign Address State PID TCP **.**.**.**:21 **.**.**.**:0 LISTENING 1664 TCP **.**.**.**:80 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:135 **.**.**.**:0 LISTENING 704 TCP **.**.**.**:445 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1025 **.**.**.**:0 LISTENING 464 TCP **.**.**.**:1433 **.**.**.**:0 LISTENING 1192 TCP **.**.**.**:2886 **.**.**.**:0 LISTENING 1664 TCP **.**.**.**:3306 **.**.**.**:0 LISTENING 1280 TCP **.**.**.**:3389 **.**.**.**:0 LISTENING 2004 TCP **.**.**.**:8888 **.**.**.**:0 LISTENING 2128 TCP **.**.**.**:31038 **.**.**.**:0 LISTENING 964 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:2483 **.**.**.**:4606 ESTABLISHED 3444 TCP **.**.**.**:3521 **.**.**.**:4372 ESTABLISHED 3444 TCP **.**.**.**:3536 **.**.**.**:4587 ESTABLISHED 3444 TCP **.**.**.**:4328 **.**.**.**:1965 ESTABLISHED 3444 TCP **.**.**.**:4353 **.**.**.**:2205 ESTABLISHED 3444 TCP **.**.**.**:4470 **.**.**.**:139 TIME_WAIT 0 TCP **.**.**.**:4516 **.**.**.**:2771 ESTABLISHED 3444 TCP **.**.**.**:4628 **.**.**.**:3397 ESTABLISHED 3444 TCP **.**.**.**:4632 **.**.**.**:3401 ESTABLISHED 3444 TCP **.**.**.**:7001 **.**.**.**:0 LISTENING 3444 TCP **.**.**.**:135 **.**.**.**:4458 ESTABLISHED 704 TCP **.**.**.**:1025 **.**.**.**:4459 ESTABLISHED 464 TCP **.**.**.**:1030 **.**.**.**:0 LISTENING 2152 TCP **.**.**.**:1434 **.**.**.**:0 LISTENING 1192 TCP **.**.**.**:4458 **.**.**.**:135 ESTABLISHED 1192 TCP **.**.**.**:4459 **.**.**.**:1025 ESTABLISHED 1192 TCP **.**.**.**:5939 **.**.**.**:0 LISTENING 1348 TCP **.**.**.**:7001 **.**.**.**:0 LISTENING 3444 TCP **.**.**.**:30606 **.**.**.**:0 LISTENING 1024 TCP **.**.**.**:7001 **.**.**.**:0 LISTENING 3444 TCP **.**.**.**:7001 **.**.**.**:0 LISTENING 3444 TCP **.**.**.**:80 **.**.**.**:43855 TIME_WAIT 0 TCP **.**.**.**:80 **.**.**.**:43870 TIME_WAIT 0 TCP **.**.**.**:80 **.**.**.**:43879 TIME_WAIT 0 TCP **.**.**.**:80 **.**.**.**:43887 TIME_WAIT 0 TCP **.**.**.**:80 **.**.**.**:54100 ESTABLISHED 4 TCP **.**.**.**:139 **.**.**.**:0 LISTENING 4 TCP **.**.**.**:1433 **.**.**.**:4457 ESTABLISHED 1192 TCP **.**.**.**:3958 **.**.**.**:5938 ESTABLISHED 1348 TCP **.**.**.**:4457 **.**.**.**:1433 ESTABLISHED 2532 TCP **.**.**.**:4460 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4461 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4462 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4463 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4464 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4465 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4466 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4467 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4468 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4469 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4471 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4472 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4473 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:4474 **.**.**.**:1433 TIME_WAIT 0 TCP **.**.**.**:7001 **.**.**.**:0 LISTENING 3444 TCP **.**.**.**:7001 **.**.**.**:41076 ESTABLISHED 3444 TCP **.**.**.**:7001 **.**.**.**:41237 ESTABLISHED 3444 TCP **.**.**.**:7001 **.**.**.**:41260 ESTABLISHED 3444 TCP **.**.**.**:7001 **.**.**.**:41271 ESTABLISHED 3444 TCP **.**.**.**:7001 **.**.**.**:41272 ESTABLISHED 3444 TCP **.**.**.**:7001 **.**.**.**:41307 ESTABLISHED 3444 TCP **.**.**.**:7001 **.**.**.**:41308 ESTABLISHED 3444 TCP **.**.**.**:7001 **.**.**.**:41309 ESTABLISHED 3444 UDP **.**.**.**:445 *:* 4 UDP **.**.**.**:1091 *:* 3444 UDP **.**.**.**:3456 *:* 1664 UDP **.**.**.**:123 *:* 808 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4 UDP **.**.**.**:123 *:* 808 UDP **.**.**.**:3456 *:* 1664 UDP **.**.**.**:123 *:* 808 UDP **.**.**.**:123 *:* 808 UDP **.**.**.**:123 *:* 808 UDP **.**.**.**:137 *:* 4 UDP **.**.**.**:138 *:* 4ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : www Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter 本地连接 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2 Physical Address. . . . . . . . . : 00-13-72-F8-D6-3C DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : **.**.**.** DNS Servers . . . . . . . . . . . : **.**.**.** **.**.**.**Ethernet adapter 本地连接: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-13-72-F8-D6-3B DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : **.**.**.**systeminfo主机名: WWWOS 名称: Microsoft(R) Windows(R) Server 2003, Enterprise EditionOS 版本: 5.2.3790 Service Pack 2 Build 3790OS 制造商: Microsoft CorporationOS 配置: 独立服务器OS 构件类型: Multiprocessor Free注册的所有人: czj注册的组织: xy产品 ID: 69813-640-5194754-45267初始安装日期: 2008-5-17, 11:30:41系统启动时间: 39 天 1 小时 48 分 51 秒系统制造商: Dell Computer Corporation系统型号: PowerEdge 2800系统类型: X86-based PC处理器: 安装了 2 个处理器。 [01]: x86 Family 15 Model 4 Stepping 10 GenuineIntel ~2992 Mhz [02]: x86 Family 15 Model 4 Stepping 10 GenuineIntel ~2992 MhzBIOS 版本: DELL - 1Windows 目录: C:\WINDOWS系统目录: C:\WINDOWS\system32启动设备: \Device\HarddiskVolume2系统区域设置: zh-cn;中文(中国)输入法区域设置: zh-cn;中文(中国)时区: (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐物理内存总量: 5,119 MB可用的物理内存: 2,687 MB页面文件: 最大值: 5,458 MB页面文件: 可用: 2,716 MB页面文件: 使用中: 2,742 MB页面文件位置: d:\pagefile.sys域: XYCZJ登录服务器: \\WWW修补程序: 安装了 897 个修补程序。 [01]: File 1 [02]: File 1 [03]: File 1 [04]: File 1 [05]: File 1 [06]: File 1 [07]: File 1 [08]: File 1 [09]: File 1 [10]: File 1 [11]: File 1 [12]: File 1 [13]: File 1 [14]: File 1 [15]: File 1 [16]: File 1 [17]: File 1 [18]: File 1 [19]: File 1 [20]: File 1 [21]: File 1 [22]: File 1 [23]: File 1 [24]: File 1 [25]: File 1 [26]: File 1 [27]: File 1 [28]: File 1 [29]: File 1 [30]: File 1 [31]: File 1 [32]: File 1 [33]: File 1 [34]: File 1 [35]: File 1 [36]: File 1 [37]: File 1 [38]: File 1 [39]: File 1 [40]: File 1 [41]: File 1 [42]: File 1 [43]: File 1 [44]: File 1 [45]: File 1 [46]: File 1 [47]: File 1 [48]: File 1 [49]: File 1 [50]: File 1 [51]: File 1 [52]: File 1 [53]: File 1 [54]: File 1 [55]: File 1 [56]: File 1 [57]: File 1 [58]: File 1 [59]: File 1 [60]: File 1 [61]: File 1 [62]: File 1 [63]: File 1 [64]: File 1 [65]: File 1 [66]: File 1 [67]: File 1 [68]: File 1 [69]: File 1 [70]: File 1 [71]: File 1 [72]: File 1 [73]: File 1 [74]: File 1 [75]: File 1 [76]: File 1 [77]: File 1 [78]: File 1 [79]: File 1 [80]: File 1 [81]: File 1 [82]: File 1 [83]: File 1 [84]: File 1 [85]: File 1 [86]: File 1 [87]: File 1 [88]: File 1 [89]: File 1 [90]: File 1 [91]: File 1 [92]: File 1 [93]: File 1 [94]: File 1 [95]: File 1 [96]: File 1 [97]: File 1 [98]: File 1 [99]: File 1 [100]: File 1 [101]: File 1 [102]: File 1 [103]: File 1 [104]: File 1 [105]: File 1 [106]: File 1 [107]: File 1 [108]: File 1 [109]: File 1 [110]: File 1 [111]: File 1 [112]: File 1 [113]: File 1 [114]: File 1 [115]: File 1 [116]: File 1 [117]: File 1 [118]: File 1 [119]: File 1 [120]: File 1 [121]: File 1 [122]: File 1 [123]: File 1 [124]: File 1 [125]: File 1 [126]: File 1 [127]: File 1 [128]: File 1 [129]: File 1 [130]: File 1 [131]: File 1 [132]: File 1 [133]: File 1 [134]: File 1 [135]: File 1 [136]: File 1 [137]: File 1 [138]: File 1 [139]: File 1 [140]: File 1 [141]: File 1 [142]: File 1 [143]: File 1 [144]: File 1 [145]: File 1 [146]: File 1 [147]: File 1 [148]: File 1 [149]: File 1 [150]: File 1 [151]: File 1 [152]: File 1 [153]: File 1 [154]: File 1 [155]: File 1 [156]: File 1 [157]: File 1 [158]: File 1 [159]: File 1 [160]: File 1 [161]: File 1 [162]: File 1 [163]: File 1 [164]: File 1 [165]: File 1 [166]: File 1 [167]: File 1 [168]: File 1 [169]: File 1 [170]: File 1 [171]: File 1 [172]: File 1 [173]: File 1 [174]: File 1 [175]: File 1 [176]: File 1 [177]: File 1 [178]: File 1 [179]: File 1 [180]: File 1 [181]: File 1 [182]: File 1 [183]: File 1 [184]: File 1 [185]: File 1 [186]: File 1 [187]: File 1 [188]: File 1 [189]: File 1 [190]: File 1 [191]: File 1 [192]: File 1 [193]: File 1 [194]: File 1 [195]: File 1 [196]: File 1 [197]: File 1 [198]: File 1 [199]: File 1 [200]: File 1 [201]: File 1 [202]: File 1 [203]: File 1 [204]: File 1 [205]: File 1 [206]: File 1 [207]: File 1 [208]: File 1 [209]: File 1 [210]: File 1 [211]: File 1 [212]: File 1 [213]: File 1 [214]: File 1 [215]: File 1 [216]: File 1 [217]: File 1 [218]: File 1 [219]: File 1 [220]: File 1 [221]: File 1 [222]: File 1 [223]: File 1 [224]: File 1 [225]: File 1 [226]: File 1 [227]: File 1 [228]: File 1 [229]: File 1 [230]: File 1 [231]: File 1 [232]: File 1 [233]: File 1 [234]: File 1 [235]: File 1 [236]: File 1 [237]: File 1 [238]: File 1 [239]: File 1 [240]: File 1 [241]: File 1 [242]: File 1 [243]: File 1 [244]: File 1 [245]: File 1 [246]: File 1 [247]: File 1 [248]: File 1 [249]: File 1 [250]: File 1 [251]: File 1 [252]: File 1 [253]: File 1 [254]: File 1 [255]: File 1 [256]: File 1 [257]: File 1 [258]: File 1 [259]: File 1 [260]: File 1 [261]: File 1 [262]: File 1 [263]: File 1 [264]: File 1 [265]: File 1 [266]: File 1 [267]: File 1 [268]: File 1 [269]: File 1 [270]: File 1 [271]: File 1 [272]: File 1 [273]: File 1 [274]: File 1 [275]: File 1 [276]: File 1 [277]: File 1 [278]: File 1 [279]: File 1 [280]: File 1 [281]: File 1 [282]: File 1 [283]: File 1 [284]: File 1 [285]: File 1 [286]: File 1 [287]: File 1 [288]: File 1 [289]: File 1 [290]: File 1 [291]: File 1 [292]: File 1 [293]: File 1 [294]: File 1 [295]: File 1 [296]: File 1 [297]: File 1 [298]: File 1 [299]: 网卡: 安装了 2 个 NIC。 [01]: Intel(R) PRO/1000 MT Network Connection 连接名: 本地连接 启用 DHCP: 否 IP 地址 [01]: **.**.**.** [02]: **.**.**.** [02]: Intel(R) PRO/1000 MT Network Connection 连接名: 本地连接 2 启用 DHCP: 否 IP 地址 [01]: **.**.**.** [02]: **.**.**.**
加强安全意识
危害等级:高
漏洞Rank:12
确认时间:2016-01-15 15:48
CNVD确认并复现所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置.
暂无
