楼主 跳转到 » 倒序看帖
打印
tT
alei2920发表于 2005-5-2 16:07 | 只看该作者

跪求入侵方法。以Q币相送。

哪位能帮我入侵这台主机啊? 扫描结果已经发上去了。真的感谢啦。会的请联系我。QQ:24047292。 e-mail: alei2920@163.com 真心感谢。 扫描时间 2005-5-2 15:28:48 - 2005-5-2 15:33:37 检测结果 存活主机 1 漏洞数量 2 警告数量 7 提示数量 17 主机列表 主机 检测结果 192.168.1.250 发现安全漏洞 主机摘要 - OS: Unknown OS; PORT/TCP: 21, 80, 135, 139, 443, 1025, 1027 [返回顶部] 主机分析: 192.168.1.250 主机地址 端口/服务 服务漏洞 192.168.1.250 https (443/tcp) 发现安全提示 192.168.1.250 ftp (21/tcp) 发现安全漏洞 192.168.1.250 www (80/tcp) 发现安全警告 192.168.1.250 epmap (135/tcp) 发现安全警告 192.168.1.250 unknown (1027/tcp) 发现安全提示 192.168.1.250 network blackjack (1025/tcp) 发现安全提示 192.168.1.250 smb (139/tcp) 发现安全提示 192.168.1.250 netbios-ns (137/udp) 发现安全警告 192.168.1.250 DCE/906b0ce0-c70b-1067-b317-00dd010662da (1025/tcp) 发现安全提示 192.168.1.250 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1026/tcp) 发现安全提示 192.168.1.250 DCE/82ad4280-036b-11cf-972c-00aa006887b0 (1027/tcp) 发现安全提示 192.168.1.250 DCE/378e52b0-c0a9-11cf-822d-00aa0051e40f (1026/tcp) 发现安全提示 192.168.1.250 tcp 发现安全提示 安全漏洞及解决方案: 192.168.1.250 类型 端口/服务 安全漏洞及解决方案 提示 https (443/tcp) Maybe the "https" service running on this port. NESSUS_ID : 10330 漏洞 ftp (21/tcp) FTP弱口令: "ftp/123456" 漏洞 ftp (21/tcp) FTP弱口令: "anonymous/[口令与用户名相同]" 警告 ftp (21/tcp) This FTP service allows anonymous logins. If you do not want to share data with anyone you do not know, then you should deactivate the anonymous account, since it may only cause troubles. The content of the remote FTP root is : Risk factor : Low CVE_ID : CAN-1999-0497 NESSUS_ID : 10079 警告 ftp (21/tcp) It may be possible to make the remote FTP server crash by sending the command ';STAT *?AAA...AAA. An attacker may use this flaw to prevent your site from distributing files *** Warning : we could not verify this vulnerability. *** Nessus solely relied on the banner of this server Solution : Apply the relevant hotfix from Microsoft See:http://www.microsoft.com/technet/security/bulletin/ms02-018.mspx Risk factor : Medium CVE_ID : CVE-2002-0073 BUGTRAQ_ID : 4482 NESSUS_ID : 10934 Other references : IAVA:2002-A-0002 提示 ftp (21/tcp) An FTP server is running on this port. Here is its banner : 220 xhysf Microsoft FTP Service (Version 5.0). NESSUS_ID : 10330 提示 ftp (21/tcp) 通过登陆目标服务器并经过缓冲器接收可查出FTP服务的类型和版本。这些注册过的标识信息将给予潜在的攻击者们关于他们要攻击的系统的额外信息。版本和类型会在可能的地方被泄露。 解决方案:将这些注册过的标识信息转变为普通类别的信息。。 风险等级:低 ___________________________________________________________________ Remote FTP server banner : 220 xhysf Microsoft FTP Service (Version 5.0). NESSUS_ID : 10092 警告 www (80/tcp) 你的webserver支持TRACE 和/或 TRACK 方式。 TRACE和TRACK是用来调试web服务器连接的HTTP方式。 支持该方式的服务器存在跨站脚本漏洞,通常在描述各种浏览器缺陷的时候,把"Cross-Site-Tracing"简称为XST。 攻击者可以利用此漏洞欺骗合法用户并得到他们的私人信息。 解决方案: 禁用这些方式。 如果你使用的是Apache, 在各虚拟主机的配置文件里添加如下语句: RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] 如果你使用的是Microsoft IIS, 使用URLScan工具禁用HTTP TRACE请求,或者只开放满足站点需求和策略的方式。 如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更高的版本, 在obj.conf文件的默认object section里添加下面的语句: AuthTrans fn="set-variable" remove-headers="transfer-encoding" set-headers="content-length: -1" error="501" 如果你使用的是Sun ONE Web Server releases 6.0 SP2 或者更低的版本, 编译如下地址的NSAPI插件: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 参见http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 http://www.kb.cert.org/vuls/id/867593 风险等级: 中 ___________________________________________________________________ Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for "Cross-Site-Tracing", when used in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to give him their credentials. Solution: Disable these methods. If you are using Apache, add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE requests or to permit only the methods needed to meet site requirements and policy. If you are using Sun ONE Web Server releases 6.0 SP2 and later, add the following to the default object section in obj.conf: AuthTrans fn="set-variable" remove-headers="transfer-encoding" set-headers="content-length: -1" error="501" If you are using Sun ONE Web Server releases 6.0 SP2 or below, compile the NSAPI plugin located at: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50603 http://www.kb.cert.org/vuls/id/867593 Risk factor : Medium BUGTRAQ_ID : 9506, 9561, 11604 NESSUS_ID : 11213 警告 www (80/tcp) 远程服务器当前运行WebDAV服务,WebDAV 服务是HTTP规范的一个扩展的标准。它让远程用户对服务器添加授权的用户和管理添加服务器的内容。如果你不使用这个功能,请禁用它。 解决方案:http://support.microsoft.com/default.aspx?kbid=241520 风险等级:中 ___________________________________________________________________ The remote server is running with WebDAV enabled. WebDAV is an industry standard extension to the HTTP specification. It adds a capability for authorized users to remotely add and manage the content of a web server. If you do not use this extension, you should disable it. Solution : See http://support.microsoft.com/default.aspx?kbid=241520 Risk factor : Medium NESSUS_ID : 11424 提示 www (80/tcp) A web server is running on this port Here is its banner : HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Mon, 02 May 2005 07:29:17 GMT Connection: Keep-Alive Content-Length: 1162 Content-Type: text/html Set-Cookie: ASPSESSIONIDQCDCBQSC=IDKHGLOCIKJNEPEDICNKIHBH path=/ Cache-control: private