Improper O & M during multiple games, leading to leakage of core information, 1% of hazards

Improper O & M during multiple games, leading to leakage of core information, 1% of hazards

At present, the common problem of almost all enterprises is that the front-end is solid as the background bean curd
About 300 core servers, but almost all servers are in the C segment of these servers
As a result, the background can be used almost as an example.

 

1 # preparations



You need to collect enough IP addresses before penetration. There are several collection methods, <Baidu> <second-level domain name> <previous experience>



Baidu's simplest inurl: and site:




 

 

 

PS: I wrote a simple tool myself. Don't laugh at it ....







2 # organize ip c-segment Scanning


 

Perform a C-segment scan on all collected IP addresses, and pay special attention to some common ports and Some uncommon judgment based on experience.



Generally, some background or other "things" of an enterprise are found"



The most common vulnerability is the directory calendar vulnerability. Although this vulnerability is moderate or even low-risk, it is extremely important for every file in the background. For example, some config files have backup website compressed packages. it is difficult to find or discover files, and all files are exposed at this time. Undoubtedly, you can even find the data connection password in config, which makes it impossible to directly remove your pants and is very common in actual situations.

For example: WooYun: A server of China Mobile's improper O & M results in database account password leakage, affecting the security of multiple financial institutions

Serious Consequences



3 # Find suspected and explore in depth



After discovering the background, you can perform a deep exploration on the background. Because the background security is not highly valued, especially the Enterprise will think that you do not know my IP address, and the ports I use are not commonly used. No one can find them. using a weak password.


Another critical risk of background security is that enterprises do not have high requirements on background security because the code is loose and not rigorous.



Using software to perform spider operations on the background can discover a large number of unauthorized traffic files, which is the most common problem.



Not only are these background threats



Some developers are weak in awareness, so that they can easily use weak passwords on some servers or even access them anonymously.


This will cause source code leaks, core databases, and other serious security events.







I did not intend to discover how to deploy the server on the core server while performing a C scan on the IP address.


 

 

 

We can see that there is no in-depth research on the server configuration and the like, but the problem is that the IP addresses of the core servers are all out. How much harm is there?

1: attackers can directly attack core servers.

2: You can view almost all background servers.

3: It is found that most substations are on the same server. Once one of them falls into the same server, the entire server will fall.



In order to prove the hazards, You can randomly select a spot and perform a light source scan to scan the background at will.

Weak passwords are everywhere

 

 

 

 

 

 

 

This is just a random scan. Continuing the deep scan may affect the business. I will not continue.


 

Solution:
Modify configurations