Airline security: Getshell may affect the security of multiple hosts on the intranet due to a system vulnerability in Sichuan Airlines
The shell process is rugged.
Axis2 default password and can execute system commands
It was discovered that it was already done by our predecessors.
Http: // **. **: 8080/axis2/services/Cat/exec? Cmd = whoami
This person tried to write shell in various poses and probably did not write it.
I also tried it for a long time. I got a correct posture and wrote it down. It's complicated and bumpy.
It's so tiring to bypass and write the pony, then upload the zhongma, and then upload the big horse.
Solution:
Shell: http: // **. **: 8080/axis2/cxx. jsp
Password 520
Deleted files for other tests. For files or shells uploaded by the predecessors, check them by yourself.
Note:
On the C drive, a lcx.exe is uploaded. I think it was uploaded in January 1. The main function is used for port forwarding,
Forward 3389 on the Intranet to the Internet. It is suspected that it is used to facilitate penetration into the Intranet. I am not in depth, just click here.