乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-19: 细节已通知厂商并且等待厂商处理中 2016-01-22: 厂商已经确认,细节仅向厂商公开 2016-02-01: 细节向核心白帽子及相关领域专家公开 2016-02-11: 细节向普通白帽子公开 2016-02-21: 细节向实习白帽子公开 2016-03-05: 细节向公众公开
地址**.**.**.**:7001存在“Java 反序列化”漏洞
直接上传木马到服务器中
whoamiibm31\administratornet user\\IBM31 的用户帐户-------------------------------------------------------------------------------___VMware_Conv_SA___ Administrator Guest SUPPORT_388945a0 命令成功完成。net share共享名 资源 注释-------------------------------------------------------------------------------IPC$ 远程 IPC ADMIN$ C:\WINDOWS 远程管理 D$ D:\ 默认共享 C$ C:\ 默认共享 命令成功完成。net view服务器名称 注释-------------------------------------------------------------------------------\\AEF0C6E60CAE47F \\BS-07 \\CZT \\CZTITSM \\IBM21 \\IBM22 \\IBM31 \\N5200-1A \\PAYNONTAX231 \\PAYNONTAXAPP \\PAYNONTAXDB \\WIN-DQJSMHISNIC \\WIN-FHEK6I7OEIE \\WIN-T2NA698RP3U \\WINDOWS-9TDQLIL \\WINDOWS-FV6G9W6 \\WINDOWS-G1JCOMJ \\WINDOWS-PV4E892 \\WINDOWS-Z0MGYJJ \\YSJXTEST \\ZCGL 命令成功完成。net start已经启动以下 Windows 服务: Application Experience Lookup Service Automatic Updates COM+ Event System Computer Browser Cryptographic Services DCOM Server Process Launcher DHCP Client Distributed Link Tracking Client Distributed Transaction Coordinator DNS Client Error Reporting Service Event Log Help and Support IPSEC Services Logical Disk Manager Network Connections Network Location Awareness (NLA) NT LM Security Support Provider OfficeScan NT Listener OfficeScan NT RealTime Scan OracleDBConsoleorcl OracleOraDb10g_home1TNSListener OracleServiceORCL Plug and Play Print Spooler Protected Storage Remote Procedure Call (RPC) Remote Registry Secondary Logon Security Accounts Manager Server Shell Hardware Detection System Event Notification Task Scheduler TCP/IP NetBIOS Helper Telnet Terminal Services Time Navigator (tina) VMware vCenter Converter Standalone Agent VMware vCenter Converter Standalone Server VMware vCenter Converter Standalone Worker Windows Management Instrumentation Windows Time Wireless Configuration Workstation命令成功完成。tasklist /svc映像名称 PID 服务 ========================= ======== ============================================System Idle Process 0 暂缺 System 4 暂缺 smss.exe 324 暂缺 csrss.exe 372 暂缺 winlogon.exe 396 暂缺 services.exe 444 Eventlog, PlugPlay lsass.exe 456 NtLmSsp, PolicyAgent, ProtectedStorage, SamSs svchost.exe 660 DcomLaunch svchost.exe 724 RpcSs svchost.exe 796 Dhcp, Dnscache svchost.exe 836 LmHosts, W32Time svchost.exe 852 AeLookupSvc, Browser, CryptSvc, dmserver, EventSystem, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, Schedule, seclogon, SENS, ShellHWDetection, TrkWks, winmgmt, wuauserv, WZCSVC spoolsv.exe 1048 Spooler msdtc.exe 1072 MSDTC svchost.exe 1188 ERSvc NTRtScan.exe 1224 ntrtscan svchost.exe 1268 RemoteRegistry tina_daemon.exe 1328 tina tina_daemon.exe 1380 暂缺 tlntsvr.exe 1396 TlntSvr vmware-converter-a.exe 1696 vmware-converter-agent vmware-converter.exe 1768 vmware-converter-server tina_daemon.exe 1824 暂缺 vmware-converter.exe 1852 vmware-converter-worker TmListen.exe 2020 tmlisten svchost.exe 2240 TermService wmiprvse.exe 2536 暂缺 CNTAoSMgr.exe 2680 暂缺 csrss.exe 3552 暂缺 winlogon.exe 3576 暂缺 rdpclip.exe 3748 暂缺 explorer.exe 3852 暂缺 PccNTMon.exe 3972 暂缺 ctfmon.exe 3984 暂缺 cmd.exe 1976 暂缺 conime.exe 2792 暂缺 TNSLSNR.EXE 2916 OracleOraDb10g_home1TNSListener nmesrvc.exe 1196 OracleDBConsoleorcl cmd.exe 3052 暂缺 perl.exe 3040 暂缺 java.exe 2896 暂缺 emagent.exe 3936 暂缺 notepad.exe 1008 暂缺 taskmgr.exe 3080 暂缺 mmc.exe 3696 暂缺 oracle.exe 1324 OracleServiceORCL sqlplus.exe 3828 暂缺 notepad.exe 2944 暂缺 csrss.exe 3292 暂缺 winlogon.exe 216 暂缺 rdpclip.exe 3476 暂缺 explorer.exe 896 暂缺 PccNTMon.exe 3768 暂缺 ctfmon.exe 3488 暂缺 conime.exe 1180 暂缺 cmd.exe 3076 暂缺 java.exe 3484 暂缺 cmd.exe 448 暂缺 logon.scr 3336 暂缺 tasklist.exe 1928 暂缺 wmiprvse.exe 5884 暂缺 ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : ibm31 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter 本地连接: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5709S NetXtreme II GigE (NDIS VBD Client) Physical Address. . . . . . . . . : E4-1F-13-1C-D7-AA DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : Ethernet adapter 本地连接 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5709S NetXtreme II GigE (NDIS VBD Client) #2 Physical Address. . . . . . . . . : E4-1F-13-1C-D7-A8 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : **.**.**.** Subnet Mask . . . . . . . . . . . : **.**.**.** Default Gateway . . . . . . . . . : **.**.**.** DNS Servers . . . . . . . . . . . : **.**.**.**systeminfo主机名: IBM31OS 名称: Microsoft(R) Windows(R) Server 2003, Enterprise EditionOS 版本: 5.2.3790 Service Pack 2 Build 3790OS 制造商: Microsoft CorporationOS 配置: 独立服务器OS 构件类型: Multiprocessor Free注册的所有人: ibm31注册的组织: 产品 ID: 69813-651-1907954-45828初始安装日期: 2010-12-3, 10:57:28系统启动时间: 13 天 9 小时 18 分 29 秒系统制造商: IBM 系统型号: BladeCenter HS22 -[7870Q1U]-系统类型: X86-based PC处理器: 安装了 16 个处理器。 [01]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [02]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [03]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [04]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [05]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [06]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [07]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [08]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [09]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [10]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [11]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [12]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [13]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [14]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [15]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz [16]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 MhzBIOS 版本: IBM - 0Windows 目录: C:\WINDOWS系统目录: C:\WINDOWS\system32启动设备: \Device\HarddiskVolume1系统区域设置: zh-cn;中文(中国)输入法区域设置: zh-cn;中文(中国)时区: (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐物理内存总量: 8,180 MB可用的物理内存: 6,060 MB页面文件: 最大值: 10,021 MB页面文件: 可用: 7,993 MB页面文件: 使用中: 2,028 MB页面文件位置: C:\pagefile.sys域: WORKGROUP登录服务器: \\IBM31修补程序: 安装了 1 个修补程序。 [01]: Q147222网卡: 安装了 2 个 NIC。 [01]: Broadcom BCM5709S NetXtreme II GigE (NDIS VBD Client) 连接名: 本地连接 启用 DHCP: 是 DHCP 服务器: **.**.**.** IP 地址 [01]: **.**.**.** [02]: Broadcom BCM5709S NetXtreme II GigE (NDIS VBD Client) 连接名: 本地连接 2 启用 DHCP: 否 IP 地址 [01]: **.**.**.**
加强安全意识
危害等级:高
漏洞Rank:10
确认时间:2016-01-22 10:33
CNVD确认并复现所述情况,已经转由CNCERT下发给河北分中心,由其后续协调网站管理单位处置.
暂无
