工控安全之山东某大型燃气SCADA系统弱口令(人机会话\涉及银行\酒店\工厂\政府单位等)
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;word-break:break-all;"><span style="color:black;font-size:10.0pt;">济华燃气</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;">SCADA</span><span style="color:black;font-size:10.0pt;">实时监控平台</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<div style="background:#F8F8F8;border:solid #CCCCCC 1.0pt;padding:9.0pt 9.0pt 9.0pt 9.0pt;">
<fieldset style="border:1px solid #CCCCCC;margin:0px auto;padding:0px;width:870px;">
<pre style="background:#F8F8F8;border:none;line-height:13.5pt;overflow:hidden;overflow-wrap:break-word;padding:0cm;"><code><span lang="EN-US" style="font-family:"color:#333333;background:#F8F8F8;">**.**.**.**:8085/login.jsp</span></code><span lang="EN-US" style="font-family:"color:#333333;"></span></pre>
</fieldset>
</div>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"><br />
</span><span style="color:black;font-size:10.0pt;">弱口令</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;">admin/123456<br />
</span><span style="color:black;font-size:10.0pt;">涉及的单位一览</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/24153531a32a730392c148580e16e927a87e326a.png" target="_blank"><img width="554" height="344" src="https://www.2k8.org/content/uploadfile/202203/31/7e2a9220.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"> </span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/24153536b4e601196ef5ce1121d2450c8a09befe.png" target="_blank"><img width="553" height="483" src="https://www.2k8.org/content/uploadfile/202203/31/5a1593f6.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"> </span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/241535424a4f896a4e4988d9d712e48966095066.png" target="_blank"><img width="553" height="261" src="https://www.2k8.org/content/uploadfile/202203/31/26fa6a90.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"><br />
</span><span style="color:black;font-size:10.0pt;">电脑不知道是配置的问题还是怎么,</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;">svg</span><span style="color:black;font-size:10.0pt;">无法预览,在那一台电脑上可以看到,不过没有截图,就这样吧</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"><br />
</span><span style="color:black;font-size:10.0pt;">转到后台可以看到整个单位的</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/24153942dd30b5262d135f8b9be14122731d8218.png" target="_blank"><img width="553" height="425" src="https://www.2k8.org/content/uploadfile/202203/31/82a264fa.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"> </span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/241538511c858a7e18a11ab95f93991b9ec7a3b6.png" target="_blank"><img width="554" height="471" src="https://www.2k8.org/content/uploadfile/202203/31/f4c2254b.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"> </span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/24153846e828330d918b3b1ed8c6f26784f1a555.png" target="_blank"><img width="554" height="441" src="https://www.2k8.org/content/uploadfile/202203/31/455dc355.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<div style="border:none;border-left:solid #999999 4.5pt;padding:0cm 0cm 0cm 0cm;">
<h3 style="-webkit-text-stroke-width:0px;border:none;font-variant-caps:normal;font-variant-ligatures:normal;margin-bottom:0cm;margin-left:0cm;margin-right:0cm;margin-top:11.25pt;orphans:2;overflow-wrap:break-word;padding:0cm;text-decoration-color:initial;text-decoration-style:initial;text-indent:7.5pt;widows:2;word-break:break-all;word-spacing:0px;">
<span style="color:black;font-size:10.5pt;font-weight:normal;">漏洞证明:</span><span lang="EN-US" style="font-size:10.5pt;font-family:"color:black;font-weight:normal;"></span>
</h3>
</div>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span style="color:black;font-size:10.0pt;">后台存在</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;">struts2</span><span style="color:black;font-size:10.0pt;">命令执行,直接添加管理员登陆远程桌面,双网卡均在内网,可内网渗透</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/241609032ccec10dbcf67422e067373e9660a300.png" target="_blank"><img width="554" height="403" src="https://www.2k8.org/content/uploadfile/202203/31/93a6b82d.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"><br />
</span><span style="color:black;font-size:10.0pt;">找到控制系统,可以人机交互</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"><br />
</span><span style="color:black;font-size:10.0pt;">地区管网分布</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/2415531723061ce4e37d6da21837798db23798ef.png" target="_blank"><img width="554" height="370" src="https://www.2k8.org/content/uploadfile/202203/31/26cb92da.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"><br />
</span><span style="color:black;font-size:10.0pt;">工艺图,均可以发送指令控制系统</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/241555422d0bc5def179964c03fc90a336a3dac4.png" target="_blank"><img width="554" height="308" src="https://www.2k8.org/content/uploadfile/202203/31/f8c2303a.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"> </span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/2415554781df1de87a96878fcd0f25ca1495fdd1.png" target="_blank"><img width="553" height="401" src="https://www.2k8.org/content/uploadfile/202203/31/ad3261fb.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"> </span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/2415555264b9a54b9e3de0e0c67bf3ae999418c4.png" target="_blank"><img width="554" height="343" src="https://www.2k8.org/content/uploadfile/202203/31/712753b5.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"> </span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/24155556dc668ee30953d07fd58b3afd9add6588.png" target="_blank"><img width="553" height="286" src="https://www.2k8.org/content/uploadfile/202203/31/fb9e8a32.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"> </span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/241556010d17594b3cf06d655091e7adb4c5c67b.png" target="_blank"><img width="553" height="323" src="https://www.2k8.org/content/uploadfile/202203/31/5d0c14b7.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"> </span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/2415560634ed63242442cb69916a98aac6248c88.png" target="_blank"><img width="554" height="329" src="https://www.2k8.org/content/uploadfile/202203/31/a35f578e.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"><br />
</span><span style="color:black;font-size:10.0pt;">燃气管路信息</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/241557179ba75d760f9d6d57c6a754bd166b764c.png" target="_blank"><img width="553" height="265" src="https://www.2k8.org/content/uploadfile/202203/31/f0d48d5f.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"><br />
</span><span style="color:black;font-size:10.0pt;">系统的配置图</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/24155801782d0da5b3479097342cfcd64ccb45ee.png" target="_blank"><img width="554" height="344" src="https://www.2k8.org/content/uploadfile/202203/31/b1544248.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"><br />
</span><span style="color:black;font-size:10.0pt;">找到了部分数据库信息</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<div style="background:#F8F8F8;border:solid #CCCCCC 1.0pt;padding:9.0pt 9.0pt 9.0pt 9.0pt;">
<fieldset style="border:1px solid #CCCCCC;margin:0px auto;padding:0px;width:870px;">
<pre style="background:#F8F8F8;border:none;line-height:13.5pt;overflow:hidden;overflow-wrap:break-word;padding:0cm;"><code><span lang="EN-US" style="font-family:"color:#333333;background:#F8F8F8;"># -- Hibernate Configuration for JUnit tests --</span></code><span lang="EN-US" style="font-family:"color:#333333;background:#F8F8F8;"> <code><span style="font-family:"">dao.type=hibernate</span></code> <code><span style="font-family:"">hibernate.connection.username=ies_ms</span></code> <code><span style="font-family:"">hibernate.connection.password=iesapp</span></code> <code><span style="font-family:"">hibernate.dialect=org.hibernate.dialect.SybaseDialect</span></code> <code><span style="font-family:"">hibernate.connection.url=jdbc\:jtds\:sqlserver\**.**.**.**\:1433/emmi</span></code> <code><span style="font-family:"">hibernate.connection.driver_class=net.sourceforge.jtds.jdbc.Driver</span></code> <code><span style="font-family:"">#hibernate.connection.username=ies</span></code> <code><span style="font-family:"">#hibernate.connection.password=ieslab</span></code> <code><span style="font-family:"">#hibernate.dialect=org.hibernate.dialect.Oracle9iDialect</span></code> <code><span style="font-family:"">#hibernate.connection.url=jdbc\:oracle\:thin\:@**.**.**.**\:1521\:iesOrcl</span></code> <code><span style="font-family:"">#hibernate.connection.driver_class=oracle.jdbc.driver.OracleDriver</span></code> <code><span style="font-family:"">#hibernate.connection.username=liuxiaojun</span></code> <code><span style="font-family:"">#hibernate.connection.password=liuxiaojun</span></code> <code><span style="font-family:"">#hibernate.dialect=org.hibernate.dialect.Oracle10gDialect</span></code> <code><span style="font-family:"">#hibernate.connection.url=jdbc:oracle:thin:@**.**.**.**:1521:orcl</span></code> <code><span style="font-family:"">#hibernate.connection.driver_class=oracle.jdbc.driver.OracleDriver</span></code> <code><span style="font-family:"">hibernate.show_sql=false</span></code> <code><span style="font-family:"">hibernate.hbm2ddl.auto=update</span></code> <code><span style="font-family:"">hibernate.hbm2ddl.autoSqlCim=update</span></code> <code><span style="font-family:"">hibernate.connection.usernameSqlCim=ies_ms</span></code> <code><span style="font-family:"">hibernate.connection.passwordSqlCim=iesapp</span></code> <code><span style="font-family:"">hibernate.dialectSqlCim=org.hibernate.dialect.SybaseDialect</span></code> <code><span style="font-family:"">##hibernate.connection.urlSqlCim=jdbc\:jtds\:sqlserver\**.**.**.**\:1312/CIM</span></code> <code><span style="font-family:"">hibernate.connection.urlSqlCim=jdbc\:jtds\:sqlserver\**.**.**.**\:1433/CIM</span></code> <code><span style="font-family:"">hibernate.connection.driver_classSqlCim=net.sourceforge.jtds.jdbc.Driver</span></code> <code><span style="font-family:"">hibernate.hbm2ddl.autoSqlHis=update</span></code> <code><span style="font-family:"">hibernate.connection.usernameSqlHis=ies_ls</span></code> <code><span style="font-family:"">hibernate.connection.passwordSqlHis=iesapp</span></code> <code><span style="font-family:"">hibernate.dialectSqlHis=org.hibernate.dialect.SybaseDialect</span></code> <code><span style="font-family:"">##hibernate.connection.urlSqlHis=jdbc\:jtds\:sqlserver\**.**.**.**\:1312/UAS_History</span></code> <code><span style="font-family:"">hibernate.connection.urlSqlHis=jdbc\:jtds\:sqlserver\**.**.**.**\:1433/UAS_History</span></code> <code><span style="font-family:"">hibernate.connection.driver_classSqlHis=net.sourceforge.jtds.jdbc.Driver</span></code></span><span lang="EN-US" style="font-family:"color:#333333;"></span></pre>
</fieldset>
</div>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"><br />
</span><span style="color:black;font-size:10.0pt;">内网中找到一个海康威视摄像头,雾霾大的都看不清了。。。</span><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:宋体;font-size:12.0pt;line-height:18.75pt;margin:0cm;margin-left:0cm;margin-right:0cm;overflow-wrap:break-word;word-break:break-all;">
<a href="https://w.hundan.org/articles/attach/201512/241610269440c5e7d9ee9f48d1c35b4578ff4cc5.png" target="_blank"><img width="553" height="420" src="https://www.2k8.org/content/uploadfile/202203/31/25b83a89.jpg" alt="" style="vertical-align:middle;" /></a><span lang="EN-US" style="font-size:10.0pt;font-family:"color:black;"></span>
</p>
<p style="font-family:等线;font-size:10.5pt;margin:0cm;text-align:justify;text-justify:inter-ideograph;">
<span lang="EN-US"> </span>
</p>
页:
[1]