当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0186380

漏洞标题:P2P金融安全之卡得万利某处命令执行影响多台重要服务器(自带nmap威胁内网安全)

相关厂商:卡得万利

漏洞作者: 镱鍚

提交时间:2016-03-20 23:31

修复时间:2016-05-04 23:31

公开时间:2016-05-04 23:31

漏洞类型:服务弱口令

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-03-20: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-04: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT
涉及微信服务器、邮件服务器、监控服务器、多台路由设备等,自带nmap,可直接探测内网

详细说明:

URL:http://220.248.19.22:80/


zabbix弱口令:admin zabbix
可直接登陆

2.png


看下它上面涉及的服务器,都挺重要的

5.png


13.png


从脚本中可以看到,服务器上安装了nmap的,可以直接探测内网,我这里加了个脚本,看了下ip信息

3.png


4.png


这里用nmap它自带的nmap脚本探测了一下各个服务器的端口,如下:

7.png


6.png


10.png


11.png


12.png


从中还是得到不少信息
jenkins项目平台

http://220.248.19.21:8088/


8.png


邮件系统

http://211.95.2.35/


9.png


直接探测c段,得到的结果如下:

"test"的结果
Starting Nmap 5.51 ( http://nmap.org ) at 2016-03-18 20:58 CST
Nmap scan report for 192.168.0.1
Host is up (0.00073s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
53/tcp open domain
687/tcp open asipregistry
1723/tcp open pptp
1900/tcp open upnp
8080/tcp open http-proxy
MAC Address: 00:0D:88:11:29:88 (D-Link)
Nmap scan report for 192.168.0.2
Host is up (0.00048s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
443/tcp open https
5431/tcp closed park-agent
MAC Address: 3C:8C:40:CA:F9:F8 (Unknown)
Nmap scan report for 192.168.0.3
Host is up (0.00038s latency).
Not shown: 989 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
80/tcp open http
88/tcp open kerberos-sec
389/tcp open ldap
443/tcp open https
514/tcp open shell
636/tcp open ldapssl
902/tcp closed iss-realsecure
2020/tcp open xinupageserver
6502/tcp closed netop-rc
8010/tcp closed xmpp
MAC Address: 00:0C:29:51:D0:69 (VMware)
Nmap scan report for 192.168.0.4
Host is up (0.00033s latency).
Not shown: 989 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
80/tcp open http
427/tcp open svrloc
443/tcp open https
902/tcp open iss-realsecure
5988/tcp closed wbem-http
5989/tcp open wbem-https
8000/tcp open http-alt
8080/tcp closed http-proxy
8100/tcp open xprint-server
8300/tcp open tmi
MAC Address: 14:18:77:32:F1:AE (Unknown)
Nmap scan report for 192.168.0.5
Host is up (0.00018s latency).
Not shown: 989 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
427/tcp open svrloc
443/tcp open https
902/tcp open iss-realsecure
5988/tcp closed wbem-http
5989/tcp open wbem-https
8000/tcp open http-alt
8080/tcp closed http-proxy
8100/tcp open xprint-server
8300/tcp open tmi
MAC Address: B0:83:FE:E5:A8:4D (Unknown)
Nmap scan report for 192.168.0.8
Host is up (0.00089s latency).
Not shown: 991 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
81/tcp open hosts2-ns
3306/tcp open mysql
3690/tcp open svn
8080/tcp closed http-proxy
8081/tcp open blackice-icecap
8090/tcp open unknown
9000/tcp open cslistener
MAC Address: 6C:F0:49:46:1A:FC (Giga-byte Technology Co.)
Nmap scan report for 192.168.0.9
Host is up (0.0047s latency).
Not shown: 983 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
8800/tcp open sunwebadmin
49154/tcp open unknown
49155/tcp open unknown
49157/tcp open unknown
49158/tcp open unknown
MAC Address: 00:0C:29:C1:AF:0D (VMware)
Nmap scan report for 192.168.0.10
Host is up (0.00012s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
81/tcp open hosts2-ns
631/tcp open ipp
3306/tcp open mysql
MAC Address: 00:0C:29:C1:5B:A3 (VMware)
Nmap scan report for 192.168.0.11
Host is up (0.00012s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
MAC Address: 00:0C:29:A8:25:5B (VMware)
Nmap scan report for 192.168.0.13
Host is up (0.00021s latency).
Not shown: 980 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
2179/tcp open vmrdp
3306/tcp open mysql
3389/tcp open ms-term-serv
6059/tcp open X11:59
8009/tcp open ajp13
8080/tcp open http-proxy
8888/tcp open sun-answerbook
9009/tcp open pichat
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49157/tcp open unknown
49158/tcp open unknown
49159/tcp open unknown
MAC Address: F0:1F:AF:D2:A1:F0 (Unknown)
Nmap scan report for 192.168.0.14
Host is up (0.00040s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
MAC Address: 8C:DC:D4:49:15:50 (Unknown)
Nmap scan report for 192.168.0.15
Host is up (0.00027s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
3000/tcp open ppp
8080/tcp open http-proxy
MAC Address: 00:0C:29:47:B9:4F (VMware)
Nmap scan report for 192.168.0.16
Host is up (0.00024s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
161/tcp closed snmp
3306/tcp open mysql
MAC Address: 00:0C:29:99:4E:37 (VMware)
Nmap scan report for 192.168.0.17
Host is up (0.000020s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
Nmap scan report for 192.168.0.18
Host is up (0.00055s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
MAC Address: 00:0C:29:23:B0:42 (VMware)
Nmap scan report for 192.168.0.19
Host is up (0.00033s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
MAC Address: 00:0C:29:1B:DA:41 (VMware)
Nmap scan report for 192.168.0.21
Host is up (0.00055s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
8080/tcp open http-proxy
MAC Address: 00:0C:29:C5:B0:A2 (VMware)
Nmap scan report for 192.168.0.22
Host is up (0.00088s latency).
Not shown: 990 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
1029/tcp open ms-lsa
3389/tcp open ms-term-serv
4899/tcp open radmin
5800/tcp open vnc-http
5900/tcp open vnc
MAC Address: 00:E0:4C:35:17:56 (Realtek Semiconductor)
Nmap scan report for 192.168.0.23
Host is up (0.00055s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:50:56:88:6C:4E (VMware)
Nmap scan report for 192.168.0.24
Host is up (0.00048s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:50:56:88:36:6F (VMware)
Nmap scan report for 192.168.0.25
Host is up (0.00027s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
8009/tcp open ajp13
8888/tcp open sun-answerbook
MAC Address: 00:50:56:88:C7:DA (VMware)
Nmap scan report for 192.168.0.26
Host is up (0.00026s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
8009/tcp open ajp13
8080/tcp open http-proxy
MAC Address: 00:50:56:88:B5:C8 (VMware)
Nmap scan report for 192.168.0.50
Host is up (0.00062s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
MAC Address: 00:0B:82:40:23:E2 (Grandstream Networks)
Nmap scan report for 192.168.0.53
Host is up (0.00059s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
MAC Address: 00:0B:82:40:24:F8 (Grandstream Networks)
Nmap scan report for 192.168.0.55
Host is up (0.00054s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
MAC Address: 00:0B:82:40:25:4F (Grandstream Networks)
Nmap scan report for 192.168.0.56
Host is up (0.00057s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
MAC Address: 00:0B:82:3B:47:FC (Grandstream Networks)
Nmap scan report for 192.168.0.57
Host is up (0.00057s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
MAC Address: 00:0B:82:40:25:6D (Grandstream Networks)
Nmap scan report for 192.168.0.63
Host is up (0.00050s latency).
Not shown: 992 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1433/tcp open ms-sql-s
3306/tcp open mysql
3389/tcp open ms-term-serv
49154/tcp open unknown
MAC Address: 90:E6:BA:DB:79:62 (Asustek Computer)
Nmap scan report for 192.168.0.76
Host is up (0.00030s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1521/tcp open oracle
3389/tcp open ms-term-serv
5357/tcp open wsdapi
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49158/tcp open unknown
MAC Address: 74:86:7A:F0:CF:AC (Unknown)
Nmap scan report for 192.168.0.89
Host is up (0.00050s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
8009/tcp closed ajp13
8080/tcp closed http-proxy
8888/tcp open sun-answerbook
MAC Address: C8:1F:66:E5:3C:4F (Unknown)
Nmap scan report for 192.168.0.98
Host is up (0.00060s latency).
Not shown: 984 closed ports
PORT STATE SERVICE
81/tcp open hosts2-ns
90/tcp open dnsix
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
2383/tcp open ms-olap4
3306/tcp open mysql
3389/tcp open ms-term-serv
9000/tcp open cslistener
9001/tcp open tor-orport
27000/tcp open flexlm0
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
MAC Address: 40:A8:F0:5E:B4:A4 (Unknown)
Nmap scan report for 192.168.0.101
Host is up (0.00072s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
2869/tcp open icslap
3306/tcp open mysql
MAC Address: B0:83:FE:BB:BB:D2 (Unknown)
Nmap scan report for 192.168.0.103
Host is up (0.00056s latency).
Not shown: 990 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1801/tcp open msmq
2103/tcp open zephyr-clt
2105/tcp open eklogin
2107/tcp open msmq-mgmt
2869/tcp open icslap
3306/tcp open mysql
MAC Address: B0:83:FE:77:C6:9C (Unknown)
Nmap scan report for 192.168.0.111
Host is up (0.00020s latency).
Not shown: 986 closed ports
PORT STATE SERVICE
80/tcp open http
81/tcp open hosts2-ns
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1723/tcp open pptp
3306/tcp open mysql
3389/tcp open ms-term-serv
6666/tcp open irc
8009/tcp open ajp13
8080/tcp open http-proxy
8088/tcp open radan-http
MAC Address: 6C:F0:49:4E:88:94 (Giga-byte Technology Co.)
Nmap scan report for 192.168.0.120
Host is up (0.00044s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
5900/tcp open vnc
MAC Address: 00:26:B9:5C:9B:55 (Dell)
Nmap scan report for 192.168.0.125
Host is up (0.00036s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
139/tcp open netbios-ssn
427/tcp open svrloc
443/tcp open https
445/tcp open microsoft-ds
515/tcp open printer
631/tcp open ipp
843/tcp open unknown
9100/tcp open jetdirect
50001/tcp open unknown
MAC Address: 00:20:6B:91:E8:7A (Konica Minolta Holdings)
Nmap scan report for 192.168.0.126
Host is up (0.00046s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
80/tcp open http
50002/tcp open iiimsf
MAC Address: 00:0E:3A:14:A5:76 (Cirrus Logic)
Nmap scan report for 192.168.0.127
Host is up (0.00048s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
515/tcp open printer
631/tcp open ipp
8080/tcp open http-proxy
9100/tcp open jetdirect
MAC Address: 3C:4A:92:BB:E8:C9 (Unknown)
Nmap scan report for 192.168.0.128
Host is up (0.00031s latency).
Not shown: 987 closed ports
PORT STATE SERVICE
80/tcp open http
81/tcp open hosts2-ns
82/tcp open xfer
83/tcp open mit-ml-dev
443/tcp open https
515/tcp open printer
631/tcp open ipp
5222/tcp open xmpp-client
8080/tcp open http-proxy
8291/tcp open unknown
8292/tcp open blp3
8888/tcp open sun-answerbook
9100/tcp open jetdirect
MAC Address: A0:B3:CC:9E:1F:39 (Unknown)
Nmap scan report for 192.168.0.130
Host is up (0.00058s latency).
Not shown: 994 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
445/tcp open microsoft-ds
1433/tcp open ms-sql-s
3306/tcp open mysql
49154/tcp open unknown
MAC Address: 90:E6:BA:DB:79:62 (Asustek Computer)
Nmap scan report for 192.168.0.131
Host is up (0.00055s latency).
Not shown: 994 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
445/tcp open microsoft-ds
1433/tcp open ms-sql-s
3306/tcp open mysql
49154/tcp open unknown
MAC Address: 90:E6:BA:DB:79:62 (Asustek Computer)
Nmap scan report for 192.168.0.165
Host is up (0.00021s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
587/tcp open submission
1433/tcp open ms-sql-s
3306/tcp open mysql
3389/tcp open ms-term-serv
MAC Address: 6C:F0:49:46:F5:B1 (Giga-byte Technology Co.)
Nmap scan report for 192.168.0.199
Host is up (0.00045s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
5432/tcp open postgresql
MAC Address: 00:0C:29:30:3F:34 (VMware)
Nmap scan report for 192.168.0.200
Host is up (0.0019s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
23/tcp open telnet
5003/tcp open filemaker
MAC Address: 3C:D1:6E:01:A4:99 (Unknown)
Nmap scan report for 192.168.0.201
Host is up (0.00038s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
873/tcp open rsync
2049/tcp open nfs
MAC Address: 8C:DC:D4:43:9C:91 (Unknown)
Nmap scan report for 192.168.0.203
Host is up (0.00038s latency).
Not shown: 988 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
389/tcp open ldap
443/tcp closed https
465/tcp open smtps
873/tcp closed rsync
993/tcp open imaps
995/tcp open pop3s
5222/tcp closed xmpp-client
MAC Address: A4:BA:DB:26:45:4F (Dell)
Nmap scan report for 192.168.0.208
Host is up (0.00049s latency).
Not shown: 988 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
81/tcp open hosts2-ns
3306/tcp open mysql
8081/tcp open blackice-icecap
8082/tcp open blackice-alerts
8084/tcp open unknown
8085/tcp open unknown
8086/tcp open d-s-n
8088/tcp open radan-http
9000/tcp open cslistener
9002/tcp open dynamid
MAC Address: 00:24:1D:99:7F:0B (Giga-byte Technology Co.)
Nmap scan report for 192.168.0.209
Host is up (0.00043s latency).
Not shown: 985 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
5989/tcp open wbem-https
8009/tcp open ajp13
8080/tcp open http-proxy
8081/tcp open blackice-icecap
8088/tcp open radan-http
8089/tcp open unknown
8090/tcp open unknown
9009/tcp open pichat
9080/tcp open glrpc
9081/tcp closed unknown
9090/tcp closed zeus-admin
MAC Address: C8:1F:66:DE:7D:F8 (Unknown)
Nmap scan report for 192.168.0.225
Host is up (0.00015s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
MAC Address: 00:50:56:88:54:53 (VMware)
Nmap scan report for 192.168.0.239
Host is up (0.00023s latency).
Not shown: 984 closed ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1433/tcp open ms-sql-s
1521/tcp open oracle
2383/tcp open ms-olap4
3306/tcp open mysql
3389/tcp open ms-term-serv
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49167/tcp open unknown
MAC Address: 74:86:7A:EA:10:B4 (Unknown)
Nmap scan report for 192.168.0.244
Host is up (0.00030s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
3389/tcp open ms-term-serv
8009/tcp open ajp13
8080/tcp open http-proxy
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49156/tcp open unknown
MAC Address: 74:86:7A:F0:DE:75 (Unknown)
Nmap scan report for 192.168.0.249
Host is up (0.00027s latency).
Not shown: 984 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
3306/tcp open mysql
3389/tcp open ms-term-serv
8009/tcp open ajp13
8080/tcp open http-proxy
8089/tcp open unknown
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49157/tcp open unknown
MAC Address: F8:BC:12:4D:52:A0 (Unknown)
Nmap scan report for 192.168.0.253
Host is up (0.00040s latency).
Not shown: 990 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
81/tcp open hosts2-ns
443/tcp closed https
631/tcp closed ipp
3306/tcp open mysql
8000/tcp open http-alt
8080/tcp open http-proxy
8088/tcp closed radan-http
MAC Address: 00:26:B9:5C:9B:53 (Dell)
Nmap done: 256 IP addresses (53 hosts up) scanned in 47.40 seconds


可以看到,还是有很多东西的。就不深入了,危害太大了

漏洞证明:

URL:http://220.248.19.22:80/


zabbix弱口令:admin zabbix
可直接登陆

2.png


看下它上面涉及的服务器,都挺重要的

5.png


13.png


从脚本中可以看到,服务器上安装了nmap的,可以直接探测内网,我这里加了个脚本,看了下ip信息

3.png


4.png


这里用nmap它自带的nmap脚本探测了一下各个服务器的端口,如下:

7.png


6.png


10.png


11.png


12.png


从中还是得到不少信息
jenkins项目平台

http://220.248.19.21:8088/


8.png


邮件系统

http://211.95.2.35/


9.png


直接探测c段,得到的结果如下:

"test"的结果
Starting Nmap 5.51 ( http://nmap.org ) at 2016-03-18 20:58 CST
Nmap scan report for 192.168.0.1
Host is up (0.00073s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
53/tcp open domain
687/tcp open asipregistry
1723/tcp open pptp
1900/tcp open upnp
8080/tcp open http-proxy
MAC Address: 00:0D:88:11:29:88 (D-Link)
Nmap scan report for 192.168.0.2
Host is up (0.00048s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
443/tcp open https
5431/tcp closed park-agent
MAC Address: 3C:8C:40:CA:F9:F8 (Unknown)
Nmap scan report for 192.168.0.3
Host is up (0.00038s latency).
Not shown: 989 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
80/tcp open http
88/tcp open kerberos-sec
389/tcp open ldap
443/tcp open https
514/tcp open shell
636/tcp open ldapssl
902/tcp closed iss-realsecure
2020/tcp open xinupageserver
6502/tcp closed netop-rc
8010/tcp closed xmpp
MAC Address: 00:0C:29:51:D0:69 (VMware)
Nmap scan report for 192.168.0.4
Host is up (0.00033s latency).
Not shown: 989 filtered ports
PORT STATE SERVICE
22/tcp closed ssh
80/tcp open http
427/tcp open svrloc
443/tcp open https
902/tcp open iss-realsecure
5988/tcp closed wbem-http
5989/tcp open wbem-https
8000/tcp open http-alt
8080/tcp closed http-proxy
8100/tcp open xprint-server
8300/tcp open tmi
MAC Address: 14:18:77:32:F1:AE (Unknown)
Nmap scan report for 192.168.0.5
Host is up (0.00018s latency).
Not shown: 989 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
427/tcp open svrloc
443/tcp open https
902/tcp open iss-realsecure
5988/tcp closed wbem-http
5989/tcp open wbem-https
8000/tcp open http-alt
8080/tcp closed http-proxy
8100/tcp open xprint-server
8300/tcp open tmi
MAC Address: B0:83:FE:E5:A8:4D (Unknown)
Nmap scan report for 192.168.0.8
Host is up (0.00089s latency).
Not shown: 991 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
81/tcp open hosts2-ns
3306/tcp open mysql
3690/tcp open svn
8080/tcp closed http-proxy
8081/tcp open blackice-icecap
8090/tcp open unknown
9000/tcp open cslistener
MAC Address: 6C:F0:49:46:1A:FC (Giga-byte Technology Co.)
Nmap scan report for 192.168.0.9
Host is up (0.0047s latency).
Not shown: 983 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
8800/tcp open sunwebadmin
49154/tcp open unknown
49155/tcp open unknown
49157/tcp open unknown
49158/tcp open unknown
MAC Address: 00:0C:29:C1:AF:0D (VMware)
Nmap scan report for 192.168.0.10
Host is up (0.00012s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
81/tcp open hosts2-ns
631/tcp open ipp
3306/tcp open mysql
MAC Address: 00:0C:29:C1:5B:A3 (VMware)
Nmap scan report for 192.168.0.11
Host is up (0.00012s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
MAC Address: 00:0C:29:A8:25:5B (VMware)
Nmap scan report for 192.168.0.13
Host is up (0.00021s latency).
Not shown: 980 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
2179/tcp open vmrdp
3306/tcp open mysql
3389/tcp open ms-term-serv
6059/tcp open X11:59
8009/tcp open ajp13
8080/tcp open http-proxy
8888/tcp open sun-answerbook
9009/tcp open pichat
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49157/tcp open unknown
49158/tcp open unknown
49159/tcp open unknown
MAC Address: F0:1F:AF:D2:A1:F0 (Unknown)
Nmap scan report for 192.168.0.14
Host is up (0.00040s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
MAC Address: 8C:DC:D4:49:15:50 (Unknown)
Nmap scan report for 192.168.0.15
Host is up (0.00027s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
3000/tcp open ppp
8080/tcp open http-proxy
MAC Address: 00:0C:29:47:B9:4F (VMware)
Nmap scan report for 192.168.0.16
Host is up (0.00024s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
161/tcp closed snmp
3306/tcp open mysql
MAC Address: 00:0C:29:99:4E:37 (VMware)
Nmap scan report for 192.168.0.17
Host is up (0.000020s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
Nmap scan report for 192.168.0.18
Host is up (0.00055s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
MAC Address: 00:0C:29:23:B0:42 (VMware)
Nmap scan report for 192.168.0.19
Host is up (0.00033s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
3306/tcp open mysql
8009/tcp open ajp13
8080/tcp open http-proxy
MAC Address: 00:0C:29:1B:DA:41 (VMware)
Nmap scan report for 192.168.0.21
Host is up (0.00055s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
8080/tcp open http-proxy
MAC Address: 00:0C:29:C5:B0:A2 (VMware)
Nmap scan report for 192.168.0.22
Host is up (0.00088s latency).
Not shown: 990 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
1029/tcp open ms-lsa
3389/tcp open ms-term-serv
4899/tcp open radmin
5800/tcp open vnc-http
5900/tcp open vnc
MAC Address: 00:E0:4C:35:17:56 (Realtek Semiconductor)
Nmap scan report for 192.168.0.23
Host is up (0.00055s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:50:56:88:6C:4E (VMware)
Nmap scan report for 192.168.0.24
Host is up (0.00048s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:50:56:88:36:6F (VMware)
Nmap scan report for 192.168.0.25
Host is up (0.00027s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
8009/tcp open ajp13
8888/tcp open sun-answerbook
MAC Address: 00:50:56:88:C7:DA (VMware)
Nmap scan report for 192.168.0.26
Host is up (0.00026s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
8009/tcp open ajp13
8080/tcp open http-proxy
MAC Address: 00:50:56:88:B5:C8 (VMware)
Nmap scan report for 192.168.0.50
Host is up (0.00062s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
MAC Address: 00:0B:82:40:23:E2 (Grandstream Networks)
Nmap scan report for 192.168.0.53
Host is up (0.00059s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
MAC Address: 00:0B:82:40:24:F8 (Grandstream Networks)
Nmap scan report for 192.168.0.55
Host is up (0.00054s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
MAC Address: 00:0B:82:40:25:4F (Grandstream Networks)
Nmap scan report for 192.168.0.56
Host is up (0.00057s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
MAC Address: 00:0B:82:3B:47:FC (Grandstream Networks)
Nmap scan report for 192.168.0.57
Host is up (0.00057s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
554/tcp open rtsp
MAC Address: 00:0B:82:40:25:6D (Grandstream Networks)
Nmap scan report for 192.168.0.63
Host is up (0.00050s latency).
Not shown: 992 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1433/tcp open ms-sql-s
3306/tcp open mysql
3389/tcp open ms-term-serv
49154/tcp open unknown
MAC Address: 90:E6:BA:DB:79:62 (Asustek Computer)
Nmap scan report for 192.168.0.76
Host is up (0.00030s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1521/tcp open oracle
3389/tcp open ms-term-serv
5357/tcp open wsdapi
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49158/tcp open unknown
MAC Address: 74:86:7A:F0:CF:AC (Unknown)
Nmap scan report for 192.168.0.89
Host is up (0.00050s latency).
Not shown: 993 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
8009/tcp closed ajp13
8080/tcp closed http-proxy
8888/tcp open sun-answerbook
MAC Address: C8:1F:66:E5:3C:4F (Unknown)
Nmap scan report for 192.168.0.98
Host is up (0.00060s latency).
Not shown: 984 closed ports
PORT STATE SERVICE
81/tcp open hosts2-ns
90/tcp open dnsix
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
2383/tcp open ms-olap4
3306/tcp open mysql
3389/tcp open ms-term-serv
9000/tcp open cslistener
9001/tcp open tor-orport
27000/tcp open flexlm0
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
MAC Address: 40:A8:F0:5E:B4:A4 (Unknown)
Nmap scan report for 192.168.0.101
Host is up (0.00072s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
2869/tcp open icslap
3306/tcp open mysql
MAC Address: B0:83:FE:BB:BB:D2 (Unknown)
Nmap scan report for 192.168.0.103
Host is up (0.00056s latency).
Not shown: 990 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1801/tcp open msmq
2103/tcp open zephyr-clt
2105/tcp open eklogin
2107/tcp open msmq-mgmt
2869/tcp open icslap
3306/tcp open mysql
MAC Address: B0:83:FE:77:C6:9C (Unknown)
Nmap scan report for 192.168.0.111
Host is up (0.00020s latency).
Not shown: 986 closed ports
PORT STATE SERVICE
80/tcp open http
81/tcp open hosts2-ns
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1723/tcp open pptp
3306/tcp open mysql
3389/tcp open ms-term-serv
6666/tcp open irc
8009/tcp open ajp13
8080/tcp open http-proxy
8088/tcp open radan-http
MAC Address: 6C:F0:49:4E:88:94 (Giga-byte Technology Co.)
Nmap scan report for 192.168.0.120
Host is up (0.00044s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
5900/tcp open vnc
MAC Address: 00:26:B9:5C:9B:55 (Dell)
Nmap scan report for 192.168.0.125
Host is up (0.00036s latency).
Not shown: 989 closed ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
139/tcp open netbios-ssn
427/tcp open svrloc
443/tcp open https
445/tcp open microsoft-ds
515/tcp open printer
631/tcp open ipp
843/tcp open unknown
9100/tcp open jetdirect
50001/tcp open unknown
MAC Address: 00:20:6B:91:E8:7A (Konica Minolta Holdings)
Nmap scan report for 192.168.0.126
Host is up (0.00046s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
80/tcp open http
50002/tcp open iiimsf
MAC Address: 00:0E:3A:14:A5:76 (Cirrus Logic)
Nmap scan report for 192.168.0.127
Host is up (0.00048s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
23/tcp open telnet
80/tcp open http
515/tcp open printer
631/tcp open ipp
8080/tcp open http-proxy
9100/tcp open jetdirect
MAC Address: 3C:4A:92:BB:E8:C9 (Unknown)
Nmap scan report for 192.168.0.128
Host is up (0.00031s latency).
Not shown: 987 closed ports
PORT STATE SERVICE
80/tcp open http
81/tcp open hosts2-ns
82/tcp open xfer
83/tcp open mit-ml-dev
443/tcp open https
515/tcp open printer
631/tcp open ipp
5222/tcp open xmpp-client
8080/tcp open http-proxy
8291/tcp open unknown
8292/tcp open blp3
8888/tcp open sun-answerbook
9100/tcp open jetdirect
MAC Address: A0:B3:CC:9E:1F:39 (Unknown)
Nmap scan report for 192.168.0.130
Host is up (0.00058s latency).
Not shown: 994 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
445/tcp open microsoft-ds
1433/tcp open ms-sql-s
3306/tcp open mysql
49154/tcp open unknown
MAC Address: 90:E6:BA:DB:79:62 (Asustek Computer)
Nmap scan report for 192.168.0.131
Host is up (0.00055s latency).
Not shown: 994 filtered ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
445/tcp open microsoft-ds
1433/tcp open ms-sql-s
3306/tcp open mysql
49154/tcp open unknown
MAC Address: 90:E6:BA:DB:79:62 (Asustek Computer)
Nmap scan report for 192.168.0.165
Host is up (0.00021s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
587/tcp open submission
1433/tcp open ms-sql-s
3306/tcp open mysql
3389/tcp open ms-term-serv
MAC Address: 6C:F0:49:46:F5:B1 (Giga-byte Technology Co.)
Nmap scan report for 192.168.0.199
Host is up (0.00045s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp closed http
5432/tcp open postgresql
MAC Address: 00:0C:29:30:3F:34 (VMware)
Nmap scan report for 192.168.0.200
Host is up (0.0019s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
23/tcp open telnet
5003/tcp open filemaker
MAC Address: 3C:D1:6E:01:A4:99 (Unknown)
Nmap scan report for 192.168.0.201
Host is up (0.00038s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
873/tcp open rsync
2049/tcp open nfs
MAC Address: 8C:DC:D4:43:9C:91 (Unknown)
Nmap scan report for 192.168.0.203
Host is up (0.00038s latency).
Not shown: 988 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
389/tcp open ldap
443/tcp closed https
465/tcp open smtps
873/tcp closed rsync
993/tcp open imaps
995/tcp open pop3s
5222/tcp closed xmpp-client
MAC Address: A4:BA:DB:26:45:4F (Dell)
Nmap scan report for 192.168.0.208
Host is up (0.00049s latency).
Not shown: 988 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
81/tcp open hosts2-ns
3306/tcp open mysql
8081/tcp open blackice-icecap
8082/tcp open blackice-alerts
8084/tcp open unknown
8085/tcp open unknown
8086/tcp open d-s-n
8088/tcp open radan-http
9000/tcp open cslistener
9002/tcp open dynamid
MAC Address: 00:24:1D:99:7F:0B (Giga-byte Technology Co.)
Nmap scan report for 192.168.0.209
Host is up (0.00043s latency).
Not shown: 985 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
5989/tcp open wbem-https
8009/tcp open ajp13
8080/tcp open http-proxy
8081/tcp open blackice-icecap
8088/tcp open radan-http
8089/tcp open unknown
8090/tcp open unknown
9009/tcp open pichat
9080/tcp open glrpc
9081/tcp closed unknown
9090/tcp closed zeus-admin
MAC Address: C8:1F:66:DE:7D:F8 (Unknown)
Nmap scan report for 192.168.0.225
Host is up (0.00015s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
443/tcp open https
MAC Address: 00:50:56:88:54:53 (VMware)
Nmap scan report for 192.168.0.239
Host is up (0.00023s latency).
Not shown: 984 closed ports
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1433/tcp open ms-sql-s
1521/tcp open oracle
2383/tcp open ms-olap4
3306/tcp open mysql
3389/tcp open ms-term-serv
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49167/tcp open unknown
MAC Address: 74:86:7A:EA:10:B4 (Unknown)
Nmap scan report for 192.168.0.244
Host is up (0.00030s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
3389/tcp open ms-term-serv
8009/tcp open ajp13
8080/tcp open http-proxy
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49156/tcp open unknown
MAC Address: 74:86:7A:F0:DE:75 (Unknown)
Nmap scan report for 192.168.0.249
Host is up (0.00027s latency).
Not shown: 984 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
3306/tcp open mysql
3389/tcp open ms-term-serv
8009/tcp open ajp13
8080/tcp open http-proxy
8089/tcp open unknown
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49156/tcp open unknown
49157/tcp open unknown
MAC Address: F8:BC:12:4D:52:A0 (Unknown)
Nmap scan report for 192.168.0.253
Host is up (0.00040s latency).
Not shown: 990 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
81/tcp open hosts2-ns
443/tcp closed https
631/tcp closed ipp
3306/tcp open mysql
8000/tcp open http-alt
8080/tcp open http-proxy
8088/tcp closed radan-http
MAC Address: 00:26:B9:5C:9B:53 (Dell)
Nmap done: 256 IP addresses (53 hosts up) scanned in 47.40 seconds


可以看到,还是有很多东西的。就不深入了,危害太大了

修复方案:

。。

版权声明:转载请注明来源 镱鍚@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)