免责声明
这些漏洞只存在于内网,所暴露的IP也都是内网IP,不存在造成公共危害的情况。
本人无任何恶意,未进行任何破坏行为或渗透行为,将来也不会进行。
发现的漏洞全部原样披露,未经扭曲加工,无不良误导。
获得手段
- 在本校AC所在网段执行nmap扫描,发现大量开放2033-2035和8081端口的主机。这些端口开放,是西加云杉SAC700系列智能多业务网关的特征。
$ sudo nmap -sS 10.72.0-255.2 -n -p 2033-2035,8081 -oG schools
读写 raw socket 需要 root 权限
- 使用grep和sed进行数据清洗(这下看不懂了)
$ grep open schools|sed -e's/^[^:]*: //g' -e's/(.*$//g' > schools_ip
我可不会告诉你正则是干嘛的哼
- 利用SAC700系列的webshell命令执行漏洞在上述每个主机执行 uname -a
$ for i in `cat schools_ip` ;do ~/web.sh "uname -a" $i; done
发现主机名大概率是拼音,因此可对所属校名进行猜测。猜的名字很搞笑不怪我啊(
二 学校列表
教育发展中心 (😰开幕雷击,你管这叫学校?)
10.72.0.2
jiaoyufazhanzhongxin
10.72.1.2
jiaoyufazhanzhongxin
10.72.2.2
jiaoyufazhanzhongxin
10.72.3.2
jiaoyufazhanzhongxin
芳草小学玉林
10.72.4.2
fangcaoxiaoxuyulin
10.72.5.2
fangcaoxiaoxuyulin
10.72.6.2
fangcaoxiaoxuyulin
10.72.7.2
fangcaoxiaoxuyulin
芳草小学南区
10.72.8.2
fangcaoxiaoxuenanqu
10.72.9.2
fangcaoxiaoxuenanqu
10.72.10.2
fangcaoxiaoxuenanqu
10.72.11.2
fangcaoxiaoxuenanqu
锦城小学
10.72.12.2
jinchengxiaoxue
10.72.13.2
jinchengxiaoxue
10.72.14.2
jinchengxiaoxue
10.72.15.2
jinchengxiaoxue
西芯小学
10.72.16.2
xixinxiaoxue
10.72.17.2
xixinxiaoxue
10.72.19.2
xixinxiaoxue
金辉小学
10.72.20.2
jinhuixiaoxue
10.72.21.2
jinhuixiaoxue
10.72.22.2
jinhuixiaoxue
10.72.23.2
jinhuixiaoxue
临江小学
10.72.24.2
lingjiangxiaoxue
10.72.25.2
lingjiangxiaoxue
10.72.26.2
lingjiangxiaoxue
10.72.27.2
lingjiangxiaoxue
高新实验 神仙树校区
10.72.28.2
gaoxinshiyan-shenxianshuxiaoqu
10.72.29.2
gaoxinshiyan-shenxianshuxiaoqu
10.72.30.2
gaoxinshiyan-shenxianshuxiaoqu
10.72.31.2
gaoxinshiyan-shenxianshuxiaoqu
泡桐树小学 天府
10.72.32.2
paotongshuxiaoxue-tianfu
10.72.33.2
paotongshuxiaoxue-tianfu
10.72.34.2
paotongshuxiaoxue-tianfu
10.72.35.2
paotongshuxiaoxue-tianfu
新光小学
10.72.36.2
xinguangxiaoxue
10.72.37.2
xinguangxiaoxue
10.72.38.2
xinguangxiaoxue
10.72.39.2
xinguangxiaoxue
中和小学
10.72.40.2
zhonghexiaoxue
10.72.41.2
zhonghexiaoxue
10.72.42.2
zhonghexiaoxue
10.72.43.2
zhonghexiaoxue
“懵逼里诶”??
10.72.44.2
mengbiliai
10.72.45.2
mengbiliai
10.72.46.2
mengbiliai
10.72.47.2
mengbiliai
“庆安”小学?
10.72.56.2
qinganxiaoxue
10.72.57.2
qinganxiaoxue
10.72.58.2
qinganxiaoxue
10.72.59.2
qinganxiaoxue
“一周”小学?
10.72.60.2
yizhouxiaoxue
10.72.61.2
yizhouxiaoxue
10.72.62.2
yizhouxiaoxue
10.72.63.2
yizhouxiaoxue
电子科大实验附小
10.72.64.2
dianzikedashiyanfuxiao
10.72.65.2
dianzikedashiyanfuxiao
10.72.66.2
dianzikedashiyanfuxiao
10.72.67.2
dianzikedashiyanfuxiao
“一肚子疼”小学??别太荒谬
10.72.68.2
yiduzitengxiaoxue
10.72.69.2
yiduzitengxiaoxue
10.72.70.2
yiduzitengxiaoxue
“性质”小学?
10.72.72.2
xingzhixiaoxue
10.72.73.2
xingzhixiaoxue
10.72.74.2
xingzhixiaoxue
10.72.75.2
xingzhixiaoxue
七中初中
10.72.76.2
qizhongchuzhong
10.72.77.2
qizhongchuzhong
10.72.78.2
qizhongchuzhong
10.72.79.2
qizhongchuzhong
“打原”学校?玩原神玩的
10.72.80.2
dayuanxuexiao
10.72.81.2
dayuanxuexiao
10.72.82.2
dayuanxuexiao
10.72.83.2
dayuanxuexiao
和平学校
10.72.84.2
hepingxuexiao
10.72.85.2
hepingxuexiao
10.72.86.2
hepingxuexiao
10.72.87.2
hepingxuexiao
新城学校
10.72.88.2
xinchengxuexiao
10.72.89.2
xinchengxuexiao
10.72.90.2
xinchengxuexiao
10.72.91.2
xinchengxuexiao
“新园”学校?
10.72.92.2
xinyuanxuexiao
10.72.93.2
xinyuanxuexiao
10.72.94.2
xinyuanxuexiao
10.72.95.2
xinyuanxuexiao
“经荣”小学?
10.72.96.2
jingrongxiaoxue
10.72.97.2
jingrongxiaoxue
10.72.98.2
jingrongxiaoxue
10.72.99.2
jingrongxiaoxue
滨河学校
10.72.100.2
binhexuexiao
10.72.101.2
binhexuexiao
10.72.102.2
binhexuexiao
10.72.103.2
binhexuexiao
顺江学校
10.72.104.2
shunjiangxuexiao
10.72.105.2
shunjiangxuexiao
10.72.106.2
shunjiangxuexiao
10.72.107.2
shunjiangxuexiao
新华小学
10.72.108.2
xinhuaxiaoxue
10.72.109.2
xinhuaxiaoxue
10.72.110.2
xinhuaxiaoxue
10.72.111.2
xinhuaxiaoxue
新科学校
10.72.112.2
xinkexuexiao
10.72.113.2
xinkexuexiao
10.72.114.2
xinkexuexiao
10.72.115.2
xinkexuexiao
高新实验 新北校区
10.72.120.2
gaoxinshiyanxinbeixiaoqu
10.72.121.2
gaoxinshiyanxinbeixiaoqu
10.72.122.2
gaoxinshiyanxinbeixiaoqu
10.72.123.2
gaoxinshiyanxinbeixiaoqu
你考点玉林芳草😋
10.72.124.2
yulinfangcao
10.72.125.2
yulinfangcao
10.72.126.2
yulinfangcao
10.72.127.2
yulinfangcao
玉林肖家河
10.72.128.2
yulinxiaojiahe
10.72.129.2
yulinxiaojiahe
10.72.130.2
yulinxiaojiahe
10.72.131.2
yulinxiaojiahe
玉林中学石羊校区
10.72.132.2
yulinzhongxue-shiyangxiaoqu
10.72.133.2
yulinzhongxue-shiyangxiaoqu
10.72.134.2
yulinzhongxue-shiyangxiaoqu
10.72.135.2
yulinzhongxue-shiyangxiaoqu
石室天府
10.72.136.2
shishitianfu
10.72.137.2
shishitianfu
10.72.138.2
shishitianfu
10.72.139.2
shishitianfu
电子科大本部 (kdsy天骄?) 不会是真电子科大吧😰
10.72.140.2
dianzikedabenbu
10.72.141.2
dianzikedabenbu
10.72.142.2
dianzikedabenbu
10.72.143.2
dianzikedabenbu
中和中学
10.72.144.2
zhonghezhongxue
10.72.145.2
zhonghezhongxue
10.72.146.2
zhonghezhongxue
10.72.147.2
zhonghezhongxue
高新实验小学 紫荆校区
10.72.152.2
gaoxinshiyanxiaoxue-zijingxiaoqu
10.72.153.2
gaoxinshiyanxiaoxue-zijingxiaoqu
10.72.154.2
gaoxinshiyanxiaoxue-zijingxiaoqu
10.72.155.2
gaoxinshiyanxiaoxue-zijingxiaoqu
玉林附小 “搞笑”?
10.72.156.2
yulinfuxiao-gaoxiao
10.72.157.2
yulinfuxiao-gaoxiao
10.72.158.2
yulinfuxiao-gaoxiao
10.72.159.2
yulinfuxiao-gaoxiao
“商鞅”小学?特色课程五马分尸是吧(
10.72.160.2
shangyangxiaoxue
10.72.161.2
shangyangxiaoxue
10.72.162.2
shangyangxiaoxue
10.72.163.2
shangyangxiaoxue
墨池书院小学
10.72.164.2
mochishuyuanxiaoxue
10.72.165.2
mochishuyuanxiaoxue
10.72.166.2
mochishuyuanxiaoxue
10.72.167.2
mochishuyuanxiaoxue
玉林中学紫荆校区
10.72.168.2
yulinzhongxuezijingxiaoqu
10.72.169.2
yulinzhongxuezijingxiaoqu
10.72.170.2
yulinzhongxuezijingxiaoqu
10.72.171.2
yulinzhongxuezijingxiaoqu
科大科中校区(你清水河😈)
10.72.172.2
kedakezhongxiaoqu
10.72.174.2
kedakezhongxiaoqu
西藏中学(说藏话了😉)
10.72.176.2
xizangzhongxue
10.72.178.2
xizangzhongxue
10.72.179.2
xizangzhongxue
总结
以上学校用于Wi-Fi认证的AC存在webshell命令执行·文件上传下载·SQL注射·API与web网管越权访问等高危漏洞,非常易受来自内网的攻击,可能造成严重的DoS。😋
但是我真的猜不出来一肚子疼小学是什么逆天学校