Shenzhou.com delivery treasure Getshell exposes millions of information and can detect 89 internal network hosts.

Last Update:2016-01-05 Source: Internet

Author: User

Tags apache tomcat

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Shenzhou.com delivery treasure Getshell exposes millions of information and can detect 89 internal network hosts.

Http: // 202.108.145.58/default/

JAVA deserialization Command Execution Vulnerability

Intranet IP Address

Directly write shell

Http: // 202.108.145.58/sso-server/she11.jsp? O = vLogin

Database Configuration

     
  
   jdbc:oracle:thin:@172.16.1.13:1521:ntoptest
      
  
   oracle.jdbc.driver.OracleDriver
      
        
           
    
     user
            
    
     ntop
          
       
      
  
   {AES}V4FhseVJGl6mXcSohg920/a0N8EwqY6vtwlLt0I/Ecc=

Decryption

Ntop

Ntop456

Millions of database information leaks

Then scan the Intranet.

http://172.16.1.12 >>>> Serv-U/11.2.0.0> Success http://172.16.1.13 >>>> Null> Success http://172.16.1.84 > Smart city> Apache-Coyote/1.1> Success http://172.16.1.37 >>>> Serv-U/14.0.1.0> Success http://172.16.1.94 >>>> Apache >> Success http://172.16.1.66 > IIS7> Microsoft-IIS/7.5> Success http://172.16.1.16 > Xampp Compatible 1.9.2phpinfo ()> Apache/2.4.10 (Win32) OpenSSL/0.9.8zc PHP/5.2.17> Success http://172.16.1.5 2> IIS7> Microsoft-IIS/7.5> Success http://172.16.1.5 1 >>>> Apache >> Success http://172.16.1.110 >>>> Microsoft-IIS/7.0> Success http://172.16.1.26 > IIS7> Microsoft-IIS/7.5> Success http://172.16.1.112 >>>> Apache/2.2.22 (Win32) mod_ssl/2.2.22 OpenSSL/0.9.8t> Success http://172.16.1.113 > Apache Tomcat> Apache-Coyote/1.1> Success http://172.16.1.80 > Sogoso.com ??????? ????????? ??? >>> Microsoft-IIS/5.0> Success http://172.16.1.85 >>>> Serv-U/11.2.0.0> Success http://172.16.1.46 >>> Apache Tomcat/7.0.47> Apache-Coyote/1.1> Success http://172.16.1.111 >>>> Microsoft-IIS/6.0> Success http://172.16.1.106 >>???????? >>> Microsoft-IIS/6.0> Success http://172.16.1.18 >>>> Microsoft-IIS/7.5> Success http://172.16.1.34 >>?????? >>> Microsoft-IIS/6.0> Success http://172.16.1.109 > Shenzhou yunke> Apache-Coyote/1.1> Successhttp://172.16.1.12 3 >>>> Microsoft-IIS/6.0> Success http://172.16.1.119 > Oracle HTTP Server Index> Oracle HTTP Server Powered by Apache/1.3.22 (Win32) mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25> Success http://172.16.1.5 >>>> Microsoft-IIS/7.5> Success http://172.16.1.13 9> Adobe Flash Media Server> Apache/2.2.21 (Win32) DAV/2> Success http://172.16.1.141 > IIS7> Microsoft-IIS/7.5> Success http://172.16.1.13 7 >>>> HttpServer> Success http://172.16.1.13 8 >>>> Apache> Success http://172.16.1.40 >>>> Nginx/1.2.5> Success http://172.16.1.43 > Vault Allocation System 2.0> null> Success http://172.16.1.149 >>>> Microsoft-IIS/6.0> Success http://172.16.1.150 >>>> Microsoft-IIS/6.0> Success http://172.16.1.5 9> HW e-FA> null> Success http://172.16.1.60 >>>> Nginx/1.3.4> Success http://172.16.1.67 >>>> Apache-Coyote/1.1> Success http://172.16.1.5 4> Apache Tomcat/7.0.57> Apache-Coyote/1.1> Success http://172.16.1.64 > Index of/> Apache/2.0.59 (Unix)> Success http://172.16.1.69 >>>> Nginx/1.4.4> Success http://172.16.1.70 > Welcome to nginx!> Nginx/1.8.0> Success http://172.16.1.42 >>> Apache Tomcat/7.0.55-Error report> Apache-Coyote/1.1> Success http://172.16.1.28 > Ibm http Server> IBM_HTTP_Server> Success http://172.16.1.88 >>>> Apache-Coyote/1.1> Success http://172.16.1.91 >>>> Nginx/1.0.11> Success http://172.16.1.79 > Shenzhou digital DMT group commercial display Department CRM system> Apache/2.0.63 (Win32) PHP/5.2.14> Success http://172.16.1.117 >>>> Apache-Coyote/1.1> Success http://172.16.1.118 > ITL platform> null> Success http://172.16.1.176 >>>> Microsoft-IIS/7.5> Successhttp://172.16.1.12 8 >>>> Apache> Success http://172.16.1.86 >>>> Microsoft-IIS/6.0> Success http://172.16.1.13 2> HW e-FA> null> Success http://172.16.1.98 >>>> Nginx/1.4.4> Success http://172.16.1.18 5 >>>> Microsoft-IIS/7.5> Success http://172.16.1.18 4> product logon interface> Apache-Coyote/1.1> Success http://172.16.1.171 > Index> Microsoft-IIS/6.0> Success http://172.16.1.18 7 >>>> Microsoft-IIS/6.0> Success http://172.16.1.194 > IIS7> Microsoft-IIS/7.5> Success http://172.16.1.18 0> VisualSVN Server> Apache> Success http://172.16.1.18 9 >>>> Microsoft-IIS/7.5> Success http://172.16.1.153 >>>> Apache-Coyote/1.1> Success http://172.16.1.62 > Shop UED> Apache/2.2.15 (Red Hat)> Success http://172.16.1.156 >>>> Nginx/1.2.5> Success http://172.16.1.159 > Index of/> Apache/2.4.12 (Unix) PHP/5.5.23> Success http://172.16.1.16 6 >>>> nginx/1.1.19> Success http://172.16.1.148 >>>> Lotus-Domino> Success http://172.16.1.16 8> Welcome to nginx!> Nginx/1.3.0> Success http://172.16.1.205 > My JSP 'index. jsp 'starting page> null> Success http://172.16.1.224 > IIS7> Microsoft-IIS/7.5> Success http://172.16.1.230 > Homepage-Beijing Shenzhou yunke Data Technology Co. Ltd.> Apache-Coyote/1.1> Success http://172.16.1.73 >> ???????? -??? >>> Apache/2.2.8 (Unix) PHP/5.2.10> Success http://172.16.1.219 > CASE system> Apache-Coyote/1.1> Success http://172.16.1.204 >>>> Apache-Coyote/1.1> Success http://172.16.1.236 >>>> Apache/2.2.25 (Win32)> Success http://172.16.1.225 >> ?????? ----- ??? >> Apache-Coyote/1.1> Success http://172.16.1.195 >>>> Nginx/1.8.0> Success http://172.16.1.172 > Server Login> Lotus-Domino> Success http://172.16.1.211 > Mobile terminal application service> WebSEAL/6.1.0.4 (Build 090910)> Success http://172.16.1.212 >>>> Nginx/1.4.4> Success http://172.16.1.210 >> ???????? IT ???> WebSEAL/6.1.0.4 (Build 090910)> Success http://172.16.1.213 >>????????????????> Apache-Coyote/1.1> Success http://172.16.1.239 >>>> Apache/2.2.22 (Win32)> Success http://172.16.1.227 >>>> Nginx> Success http://172.16.1.244 >>>> Apache-Coyote/1.1> Success http://172.16.1.250 > Mobile terminal application service> WebSEAL/6.1.0.4 (Build 090910)> Success http://172.16.1.248 > Vault Allocation System 2.0> null> Success http://172.16.1.209 > Tongrentong health ITSM: Login> Apache-Coyote/1.1> Success http://172.16.1.221 > Sametime> IBM_HTTP_Server> Success http://172.16.1.235 > Sametime conference center> IBM_HTTP_Server> Success http://172.16.1.234 > Server Login> Lotus-Domino> Success http://172.16.1.240 > Digital China> IBM_HTTP_Server> Success

89 hosts on the Intranet can be roaming !!!

Solution:

20rank is worth it!

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More