黑色海岸线论坛 - Powered by Discuz! Board

标题: HELP ME! [打印本页]

作者: 萝卜炖排骨 时间: 2004-8-3 01:59 标题: HELP ME!

刚刚用X-Scan扫描了自己的机器，发现漏洞之多。
别的不说，但是下面的小弟实在是看不懂啊。。。。
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63winnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%%35c..%%35c..%%35c..%%35c..%%35c..%%35cwinnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25%35%63winnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%255c..%255c..%255c..%255c..%255c..%255cwinnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%u00255c..%u00255cwinnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%u00255c..%u00255c..%u00255c..%u00255c..%u00255cwinnt/system32/cmd.exe?/c+dir
漏洞 www (80/tcp) IIS编码/解码漏洞: http://10.0.0.9/scripts/..%u00255c..%u00255c..%u00255c..%u00255c..%u00255c..%u00255cwinnt/system32/cmd.exe?/c+dir
我的系统是WIN2000 Server 也打了补丁
希望高手能够指点我把漏洞补好
先谢谢了。。。。。。

作者: 默读忧伤 时间: 2004-8-3 11:23 标题: HELP ME!

虽然我不太会，但是从你的资料来看，你的补丁实在太旧了吧？去下最新的补丁打上吧！IIS的。

作者: 萝卜炖排骨 时间: 2004-8-3 14:35 标题: HELP ME!

还是先感谢大家的指点◎
但是我的补丁是最新的啊。。。
-=-=-=-=-=>
有的漏洞很正常
-=-=-=-=-=>
请问指的是哪点啊？？？

作者: 大漠孤行虾 时间: 2004-8-3 17:48 标题: HELP ME!

晕
这都是些致命的漏洞啊
你要升级IIS的版本
下面有些补丁
http://www.cqu.edu.cn/xinxiziyuan/aqgg_01_07.htm

作者: 萝卜炖排骨 时间: 2004-8-3 18:54 标题: HELP ME!

感谢楼上的哥哥！大虾！！！
但是我又扫了机器
还是发现了一大堆的漏洞！如下：
安全漏洞及解决方案:
类型端口/服务安全漏洞及解决方案
提示 smtp (25/tcp) A SMTP server is running on this port
Here is its banner :
220 nan-heizi Microsoft ESMTP MAIL Service, Version: 5.0.2195.2966 ready at Tue, 3 Aug 2004 18:43:08 +0800
NESSUS_ID : 10330

警告 www (80/tcp) CGI漏洞: http://10.0.0.9/abczxv.htw
警告 www (80/tcp) CGI漏洞: http://10.0.0.9/null.ida
警告 www (80/tcp) CGI漏洞: http://10.0.0.9/null.idq
警告 www (80/tcp) CGI漏洞: http://10.0.0.9/scripts
警告 www (80/tcp) CGI漏洞: http://10.0.0.9/scripts/samples/search/qfullhit.htw
警告 www (80/tcp) CGI漏洞: http://10.0.0.9/scripts/samples/search/qsumrhit.htw
提示 www (80/tcp) A web server is running on this port
NESSUS_ID : 10330

提示 https (443/tcp) Maybe the "https" service running on this port.
NESSUS_ID : 10330

提示 netbios-ssn (139/tcp) Maybe the "netbios-ssn" service running on this port.
Here is its banner:
83 .
NESSUS_ID : 10330

警告 epmap (135/tcp)
Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.
Solution : filter incoming traffic to this port.
Risk factor : Low
NESSUS_ID : 10736

提示 epmap (135/tcp) Maybe the "epmap" service running on this port.
NESSUS_ID : 10330

提示 microsoft-ds (445/tcp) Maybe the "microsoft-ds" service running on this port.
NESSUS_ID : 10330

提示 cifs (445/tcp) A CIFS server is running on this port
NESSUS_ID : 11011

提示 smb (139/tcp) An SMB server is running on this port
NESSUS_ID : 11011

提示 DCE/906b0ce0-c70b-1067-b317-00dd010662da (1025/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.

Here is the list of DCE services running on this port:
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:10.0.0.9[1025]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:10.0.0.9[1025]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:10.0.0.9[1025]
UUID: 906b0ce0-c70b-1067-b317-00dd010662da, version 1
Endpoint: ncacn_ip_tcp:10.0.0.9[1025]

Solution : filter incoming traffic to this port.
Risk Factor : Low
NESSUS_ID : 10736

提示 DCE/1ff70682-0a51-30e8-076d-740be8cee98b (1026/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.

Here is the list of DCE services running on this port:
UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, version 1
Endpoint: ncacn_ip_tcp:10.0.0.9[1026]
UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1
Endpoint: ncacn_ip_tcp:10.0.0.9[1026]

Solution : filter incoming traffic to this port.
Risk Factor : Low
NESSUS_ID : 10736

提示 DCE/82ad4280-036b-11cf-972c-00aa006887b0 (3074/tcp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.

Here is the list of DCE services running on this port:
UUID: 82ad4280-036b-11cf-972c-00aa006887b0, version 2
Endpoint: ncacn_ip_tcp:10.0.0.9[3074]
UUID: 4f82f460-0e21-11cf-909e-00805f48a135, version 4
Endpoint: ncacn_ip_tcp:10.0.0.9[3074]
UUID: 8cfb5d70-31a4-11cf-a7d8-00805f48a135, version 3
Endpoint: ncacn_ip_tcp:10.0.0.9[3074]
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncacn_ip_tcp:10.0.0.9[3074]

Solution : filter incoming traffic to this port.
Risk Factor : Low
NESSUS_ID : 10736

提示 unknown (1029/udp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.

Here is the list of DCE services running on this port:
UUID: 5a7b91f8-ff00-11d0-a9b2-00c04fb6e6fc, version 1
Endpoint: ncadg_ip_udp:10.0.0.9[1029]
Annotation: Messenger Service

Solution : filter incoming traffic to this port.
Risk Factor : Low
NESSUS_ID : 10736

提示 unknown (3075/udp) Distributed Computing Environment (DCE) services running on the remote host
can be enumerated by connecting on port 135 and doing the appropriate queries.
An attacker may use this fact to gain more knowledge
about the remote host.

Here is the list of DCE services running on this port:
UUID: bfa951d1-2f0e-11d3-bfd1-00c04fa3490a, version 1
Endpoint: ncadg_ip_udp:10.0.0.9[3075]

Solution : filter incoming traffic to this port.
Risk Factor : Low
NESSUS_ID : 10736
我也搜索了一些CGI的补丁但是不知道针对自己的机器应该装哪个
还有为什么我的机器开了这么多端口啊？我不知道哪个应该关掉，哪个应该开着。
盼指点。。。。。。。。。。
希望高手再帮帮我大恩不言谢！！！

欢迎光临黑色海岸线论坛 (http://bbs.thysea.com/)