admin 发表于 2022-3-31 03:45:03

工控安全之沈阳宝鸡中燃(内网拓扑/设备运行状况/敏感信息泄漏)

<!--StartFragment-->
<div class="wybug_detail" style="margin:0px;padding:0px;color:#000000;font-family:Verdana, &quot;font-size:12px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;orphans:2;text-align:left;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;-webkit-text-stroke-width:0px;text-decoration-style:initial;text-decoration-color:initial;">
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                首先找到一个FTP,谷歌来的<br style="margin:0px;padding:0px;" />
**.**.**.**
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/07091322741430b7f6140164bd1fd5a0a331ab2e.png" target="_blank" style="margin:0px;padding:0px;color:#002E8C;text-decoration:none;"><img src="https://w.hundan.org/articles/attach/201510/07091322741430b7f6140164bd1fd5a0a331ab2e.png" alt="主页.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br />
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/07091333ee0c3666d6f886511560dc6c34b0c0fb.png" target="_blank" style="margin:0px;padding:0px;color:#002E8C;text-decoration:none;"><img src="https://w.hundan.org/articles/attach/201510/07091333ee0c3666d6f886511560dc6c34b0c0fb.png" alt="ftp匿名登录.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br style="margin:0px;padding:0px;" />
可以看见这是这个系统的文件,可以下载其中的exe文件,包括配置文件
        </p>
        <fieldset class="fieldset fieldset-code" style="margin:0px auto;padding:0px;width:870px;border:1px solid #CCCCCC;">
<pre style="margin:0px auto;padding:12px;font-family:&quot;color:#333333;background-color:#F8F8F8;border:0px solid #CCCCCC;line-height:18px;overflow:hidden;overflow-wrap:break-word;width:846px;"><code style="margin:0px;padding:0px;font-family:&quot;color:#333333;background-color:#F8F8F8;">&lt;configuration xmlns="http://**.**.**.**/.NetConfiguration/v2.0"&gt;
        &lt;appSettings&gt;
                &lt;add key="ip" value="**.**.**.**"&gt;&lt;/add&gt;
                &lt;add key="inipath" value="E:/监控/泰安/MSiteWeb/web.ini"&gt;&lt;/add&gt;
                &lt;add key="sql_connStr" value="Provider=SQLOLEDB;server=**.**.**.**;database=CIM;uid=U1000;pwd=iESDBA"&gt;&lt;/add&gt;
               
        &lt;/appSettings&gt;
        &lt;connectionStrings/&gt;</code></pre>
        </fieldset>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br style="margin:0px;padding:0px;" />
数据库配置文件<br style="margin:0px;padding:0px;" />
数据库不许与外链<br style="margin:0px;padding:0px;" />
数据库服务器FTP匿名访问
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/070914557623aec3de005ec6afbfbfffd16f3f16.png" target="_blank" style="margin:0px;padding:0px;color:#002E8C;text-decoration:none;"><img src="https://w.hundan.org/articles/attach/201510/070914557623aec3de005ec6afbfbfffd16f3f16.png" alt="1.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br style="margin:0px;padding:0px;" />
由于FTP权限太低,并不能做什么,<br style="margin:0px;padding:0px;" />
下面是下载的EXE文件安装后
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/07091600673ff88b2fa45895fa013b0e2d177b76.png" target="_blank" style="margin:0px;padding:0px;color:#002E8C;text-decoration:none;"><img src="https://w.hundan.org/articles/attach/201510/07091600673ff88b2fa45895fa013b0e2d177b76.png" alt="登录页面.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br style="margin:0px;padding:0px;" />
所有的密码都是123
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/070916154c7269d20e48f279be538606747749d0.png" target="_blank" style="margin:0px;padding:0px;color:#002E8C;text-decoration:none;"><img src="https://w.hundan.org/articles/attach/201510/070916154c7269d20e48f279be538606747749d0.png" alt="宝鸡.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br />
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/070916288be61028cb333abc5230c0a101bc97f0.png" target="_blank" style="margin:0px;padding:0px;color:#002E8C;text-decoration:none;"><img src="https://w.hundan.org/articles/attach/201510/070916288be61028cb333abc5230c0a101bc97f0.png" alt="沈阳.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br />
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/070916360a60e0d4684823f07c2eaadc3e3cbd21.png" target="_blank" style="margin:0px;padding:0px;color:#002E8C;text-decoration:none;"><img src="https://w.hundan.org/articles/attach/201510/070916360a60e0d4684823f07c2eaadc3e3cbd21.png" alt="佳木斯1.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br />
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/07091642c3ffb4d6de6269e6e995452fa7f09a8b.png" target="_blank" style="margin:0px;padding:0px;color:#002E8C;text-decoration:none;"><img src="https://w.hundan.org/articles/attach/201510/07091642c3ffb4d6de6269e6e995452fa7f09a8b.png" alt="佳木斯2.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br />
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/07091648abf5f86c2aab185ba1a4ea3257d70846.png" target="_blank" style="margin:0px;padding:0px;color:#002E8C;text-decoration:none;"><img src="https://w.hundan.org/articles/attach/201510/07091648abf5f86c2aab185ba1a4ea3257d70846.png" alt="佳木斯3.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br />
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/07091654d27a846ffaf576433c3321b600c722e7.png" target="_blank" style="margin:0px;padding:0px;color:#002E8C;text-decoration:none;"><img src="https://w.hundan.org/articles/attach/201510/07091654d27a846ffaf576433c3321b600c722e7.png" alt="佳木斯4.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br style="margin:0px;padding:0px;" />
并没有深
        </p>
</div>
<h3 class="detailTitle" style="margin:15px auto 0px;padding:5px 0px 0px;font-size:14px;font-weight:normal;width:950px;text-indent:10px;word-break:break-all;overflow-wrap:break-word;border-left:5px solid #999999;color:#000000;font-family:Verdana, &quot;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;letter-spacing:normal;orphans:2;text-align:left;text-transform:none;white-space:normal;widows:2;word-spacing:0px;-webkit-text-stroke-width:0px;text-decoration-style:initial;text-decoration-color:initial;">
        漏洞证明:
</h3>
<div class="wybug_poc" style="margin:0px;padding:0px;color:#000000;font-family:Verdana, &quot;font-size:12px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;orphans:2;text-align:left;text-indent:0px;text-transform:none;white-space:normal;widows:2;word-spacing:0px;-webkit-text-stroke-width:0px;text-decoration-style:initial;text-decoration-color:initial;">
        <p class="detail" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <br />
        </p>
        <p class="detail usemasaic" style="margin:0px auto;padding:5px 12px;font-size:13px;width:870px;line-height:25px;word-break:break-all;overflow-wrap:break-word;">
                <a href="https://w.hundan.org/articles/attach/201510/07091752511be9e0fc3c53e743441ef7ed642d86.png" target="_blank" style="margin:0px;padding:0px;color:#FF6600;text-decoration:underline;"><img src="https://w.hundan.org/articles/attach/201510/07091752511be9e0fc3c53e743441ef7ed642d86.png" alt="佳木斯4.png" width="600" onerror="javascript:errimg(this);" style="margin:0px;padding:0px;border:none;" /></a>
        </p>
</div>
<!--EndFragment-->
页: [1]
查看完整版本: 工控安全之沈阳宝鸡中燃(内网拓扑/设备运行状况/敏感信息泄漏)