旁注web综合检测:记对母校的一次非旁注攻击来源: 发布时间:星期六, 2009年9月12日 浏览:0次 评论:0
编者:很老
![]() ![]() ![]() ![]() ![]() ![]() ![]() 学校 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 2. 扫描 ![]() 既然是学校 ![]() ![]() ![]() ![]() ![]() 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_private 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_bin/_vti_aut/author.dll 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_bin 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_bin/fpcount.exe 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_bin/shtml.exe 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_inf.html 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_bin/_vti_aut 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_bin/_vti_adm 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_pvt/doctodep.btr 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_log 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/abczxv.htw 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/null.ida 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/null.idq 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/_vti_bin/shtml.dll 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/scripts 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/scripts/samples/search/qsumrhit.htw 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/scripts/samples/search/qfullhit.htw 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/filemanager/filemanager_forms.php 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/phorum/admin/actions/del.php 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/phorum/plugin/replace/admin.php 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/phorum/plugin/replace/plugin.php 警告 www (80/tcp) CGI漏洞: http://*.*.65.196/b2/b2- ![]() 很多人对这样 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 1. http://*.*.65.196/_private 分析:_private 是FrontPage自动在站点所在位置下新建 ![]() ![]() ![]() ![]() ![]() ![]() 危害:“private”文件夹比较特殊 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 尝试:403.14目录列表被拒绝 Directory Listing Denied This Virtual Directory does not allow contents to be listed. 目录上没有找到首页文件 ![]() ![]() ![]() 2. http://*.*.65.196/_vti_bin/_vti_aut/author.dll 分析:author.dll是安装FrontPage Server Extensions的后产生 ![]() ![]() ![]() ![]() 危害:WIN2K+IIS5对于 ![]() ![]() ![]() ![]() 尝试:暂不 ![]() 3. http://*.*.65.196/_vti_bin/shtml.dll 分析:shtml.dll同样是是安装FrontPage Server Extensions的后产生 ![]() ![]() ![]() ![]() 在服务器上安装FrontPage Server Extensions的后 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 危害:其上面有个漏洞可以暴露web目录本地路径和DOS(http://www.cnns.net/article/db/276.htm) 尝试:暴露web目录本地路径不成功 ![]() ![]() 4. http://*.*.65.196/_vti_bin http://*.*.65.196/scripts 分析:IIS安装时 ![]() ![]() 尝试: a.403.14目录列表被拒绝 Directory Listing Denied This Virtual Directory does not allow contents to be listed. 目录上没有找到首页文件 ![]() ![]() ![]() b.访问http://*.*.65.196/IISAdmin 提示HTTP 403 - 对 Internet 服务管理器 (HTML) ![]() c.访问http://*.*.65.196/ IISHelp http://*.*.65.196/ IISSamples http://*.*.65.196/MSADC HTTP 403.6 - 禁止访问:IP 地址被拒绝 猜测:估计是默认 ![]() 5. http://*.*.65.196/_vti_bin/fpcount.exe 分析:fpcount.exe是运行时FrontPage HitCounter组件 ![]() ![]() ![]() ![]() ![]() 危害:nt4.0时有个缓冲区溢出漏洞,不过现在是2000 ![]() ![]() 尝试:暂不 ![]() 6. http://*.*.65.196/_vti_inf.html 分析:_vti_inf.html其位于web根目录下,该文件是Frontpage extention server ![]() ![]() ![]() ![]() ![]() ![]() ![]() 危害:攻击者可以得到 ![]() ![]() ![]() 尝试:打开显示“FrontPage 配置信息 此网页 ![]() ![]() ![]() ![]() ![]() <!-- FrontPage Configuration Information FPVersion="4.0.2.3406" FPShtmlScriptUrl="_vti_bin/shtml.dll/_vti_rpc" FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll" FPAdminScriptUrl="_vti_bin/_vti_adm/admin.dll" --> 得到FP extensions ![]() 试试有没有MS0351 Microsoft FrontPage扩展服务缓冲区溢出漏洞-攻击不成功 ![]() 7.http://*.*.65.196/_vti_bin/_vti_aut http://*.*.65.196/_vti_bin/_vti_adm 分析:_vti_aut 和_vti_adm是 FrontPage Web中建立 ![]() ![]() ![]() ![]() ![]() • _vti_bin _vti_bin\_vti_aut • _vti_bin\_vti_adm • _vti_pvt _vti_cnf _vti_txt) 危害:信息泄露 尝试:403.14目录列表被拒绝 Directory Listing Denied This Virtual Directory does not allow contents to be listed. 目录上没有找到首页文件 ![]() ![]() ![]() 8.http://*.*.65.196/_vti_pvt/doctodep.btr 分析:Web ![]() 危害:信息泄露 ![]() 尝试:以记事本打开可以得到 ![]() ![]() 9.http://*.*.65.196/_vti_log 分析:用于存放包含FrontPage扩展Web站点相关信息 ![]() ![]() 危害:信息泄露 尝试:403.14目录列表被拒绝 Directory Listing Denied This Virtual Directory does not allow contents to be listed. 目录上没有找到首页文件 ![]() ![]() ![]() 10. http://*.*.65.196/scripts/samples/search/qsumrhit.htw http://*.*.65.196/scripts/samples/search/qfullhit.htw 分析和尝试:试着提交http://*.*.65.196/scripts/samples/search/nosuchfile.htw http://*.*.65.196/null.htw从服务器端获得如下信息:format of the QUERY_STRING is invalidQUERY_STRING ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 11. http://*.*.65.196/null.ida http://*.*.65.196/null.idq 分析:IISIndexServerISAPI扩展远程溢出漏洞(/NULL.ida) IISIndexServerISAPI扩展远程溢出漏洞(/NULL.idq) 不多说了老早 ![]() 尝试:不成功 ![]() ![]() ![]() ![]() ![]() ![]() 12.http://*.*.65.196/filemanager/filemanager_forms.php 分析: PHPprojekt远程文件包含执行任意命令漏洞(http://www.xfocus.net/vuls/200203/2065.html) 13.http://*.*.65.196/phorum/admin/actions/del.php http://*.*.65.196/phorum/plugin/replace/plugin.php http://*.*.65.196/phorum/plugin/replace/admin.php 分析:Phorm任意命令可执行漏洞(http://www.xfocus.net/vuls/200205/2479.html) 装有基于PHP ![]() ![]() 14. http://*.*.65.196/b2/b2- ![]() 分析:b2 php存在远程命令可执行漏洞(http://www.xfocus.net/vuls/200205/2410.html)难道装有低版本 ![]() ![]() 注:有关12.13.14 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 4.突破: 此时 ![]() ![]() ![]() ![]() 尝试:下载http://*.*.65.196/_vti_pvt/doctodep.btr后用记事本打开 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 提交http://*.*.65.196/kuaij ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 遗憾 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 5.整理总结 其实这个站上 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 0
相关文章读者评论发表评论 |