玩了下JeeCms命令执行漏洞
第一个站点
首先看了下信息,是管理员权限 (好像这种命令执行漏洞都是administrator权限吧。。。
然后就是看下开没开3389了。。
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5631 0.0.0.0:0 LISTENING
TCP 0.0.0.0:6666 0.0.0.0:0 LISTENING
TCP 0.0.0.0:7777 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8010 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8090 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8100 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9089 0.0.0.0:0 LISTENING
TCP 127.0.0.1:2891 127.0.0.1:8100 LAST_ACK
TCP 127.0.0.1:3171 127.0.0.1:8100 LAST_ACK
TCP 127.0.0.1:4391 127.0.0.1:8100 TIME_WAIT
TCP 127.0.0.1:4400 127.0.0.1:8100 ESTABLISHED
TCP 127.0.0.1:8006 0.0.0.0:0 LISTENING
TCP 127.0.0.1:8012 0.0.0.0:0 LISTENING
TCP 127.0.0.1:8100 127.0.0.1:4400 ESTABLISHED
TCP 192.168.5.41:80 172.18.10.2:41405 ESTABLISHED
TCP 192.168.5.41:80 172.18.10.2:41980 TIME_WAIT
TCP 192.168.5.41:139 0.0.0.0:0 LISTENING
TCP 192.168.5.41:3241 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3242 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3243 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3244 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3245 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3246 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3247 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3248 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3249 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3250 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3251 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3252 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3253 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3254 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3255 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3256 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3257 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3258 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3259 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3260 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3261 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3262 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3263 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3264 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3265 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3267 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3268 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3269 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3270 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3271 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3272 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3273 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3274 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3275 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3276 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3277 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3278 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3279 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3280 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3281 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3282 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3283 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3284 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3285 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3286 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3287 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3288 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3289 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3290 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3291 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3292 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3293 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3294 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3295 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3296 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3297 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3298 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3299 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3300 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3301 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3303 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3304 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3305 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3306 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3307 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3308 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3309 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3310 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3311 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3312 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3313 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3314 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3315 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3316 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3317 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3318 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3319 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3320 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3321 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:3322 192.168.5.100:1521 ESTABLISHED
TCP 192.168.5.41:4399 192.168.1.30:41001 SYN_SENT
TCP *.*.*.*:139 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:5632 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1031 *:*
UDP 127.0.0.1:1087 *:*
UDP 192.168.5.41:123 *:*
UDP 192.168.5.41:137 *:*
UDP 192.168.5.41:138 *:*
UDP *.*.*.*:123 *:*
UDP *.*.*.*:137 *:*
结果并没有开3389。。。
用注册表命令开下3389。。。
REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f然而并没有成功。。。ipconfig看了下是内网。。。本来像来个转发的。。结果上传不了任何东西
遂放弃 (没错,我就是这样一个半途而废的人
第二个站点,居然还是FreeBSD的。。太厉害了。。
然而执行命令没有任何回显。。而且上传东西返回500。。。
第三个站点
哪有那么容易找到啊。。。。于是。。。啥都没做到。。只是体验了一把命令执行 2333
当然我发现了一个很有趣的东西
whatcms会出现这个 hhhhh