Skip to content

Latest commit

 

History

History
387 lines (194 loc) · 14.2 KB

端口漏洞全集.md

File metadata and controls

387 lines (194 loc) · 14.2 KB
Raw

本文由 简悦 SimpRead 转码, 原文地址 mp.weixin.qq.com

web 漏洞挖腻了?到客户现场找不到 web 漏洞?不然来试试各个端口中存在的漏洞吧。以下是本人在项目中整理的端口漏洞合计,可能不是很全欢迎各位大佬补充。

1、web 服务类:

                   tomcat--80/8080/8009

                                manager 弱口令

                                put 上传 webshell

                                HTTP 慢速攻击

                                ajr 文件包含漏洞 -CVE-2020-1938

                   Jboss--8080

                                后台弱口令

                                console 后台部署 war 包

                                JAVA 反序列化

                                远程代码执行

                   webSphere--9080

                                后台弱口令

                                任意文件泄露

                                JAVA 反序列化

                   weblogic--7001/7002

                                后台弱口令

                                console 后台部署 war 包

                                SSRF

                                测试页面上传 webshell

                                        JAVA 反序列化

                                            CVE-2018-2628

                                            CVE-2018-2893

                                            CVE-2017-10271

                                            CVE-2019-2725

                                            CVE-2019-2729

                   Glassfish--8080/4848

                                暴力破解

                                任意文件读取

                                认证绕过

                   Jetty--8080

                                远程共享缓冲区溢出

                   Apache--80/8080

                                HTTP 慢速攻击

                                解析漏洞

                                目录遍历

                   Apache Solr--8983

                                远程命令执行

                                CVE-2017-12629

                                CVE-2019-0193

                    IIS--80

                                put 上传 webshell

                                IIS 解析漏洞

                                IIS 提权

                                IIS 远程远程代码执行 -CVE-2017-7269

                    Resin--8080

                                目录遍历

                                远程文件读取

                    Axis2--8080

                                后台弱口令

                    Lutos--1352

                                后台弱口令

                                信息泄露

                                跨站脚本攻击

                    Nginx--80/443

                                HTTP 慢速攻击

                                解析漏洞

2、数据库类:

                    Mysql--3306

                                弱口令

                                身份认证漏洞 -cve-2012-2122

                                拒绝服务攻击

                                phpmyadmin 万能密码 or 弱口令

                                UDF/MOF 提权

                    Mssql--1433

                                弱口令

                                存储过程提权

                    Oralce--1521

                                弱口令

                                TNS 漏洞

                    Redis--6379

                                弱口令

                                未经授权访问

                    PostgreSQL--5432

                                弱口令

                                缓冲区溢出 -cve-2014-2669

                    MongoDB--27001

                                弱口令

                                未经授权访问

                    DB2--5000

                                安全限制绕过进行未经授权操作 -cve-2015-1922

                    SysBase--5000/4100

                                弱口令

                                命令注入

                    Memcache--11211

                                未经授权访问

                                配置漏洞

                    ElasticSearch--9200/9300

                                未经授权访问

                                远程代码执行

                                文件办理

                                写入 webshell

3、大数据类:

                    Hadoop--50010

                                远程命令执行

                    Zookeeper--2181

                                未经授权访问

4、文件共享:

                    Ftp--21

                                弱口令

                                匿名访问

                                上传后门

                                远程溢出

                                跳转攻击

                    NFS--2049

                                未经授权访问

                    Samba--137

                                弱口令

                                未经授权访问

                                远程代码执行 -CVE-2015-0240

                    LDAP--389

                                弱口令

                                注入

                                未经授权访问

5、远程访问:

                   SSH--22

                                弱口令

                                28 退格漏洞

                                OpenSSL 漏洞

                                用户名枚举

                   Telent--23

                                弱口令

                   RDP--3389

                                弱口令

                                Shitf 粘滞键后门

                                缓冲区溢出

                                MS12-020

                                CVE-2019-0708

                    VNC--5901

                                弱口令

                                认证口令绕过

                                拒绝服务攻击 -CVE-2015-5239

                                权限提升 -CVE-2013-6886

                    Pcanywhere--5632

                                拒绝服务攻击

                                权限提升

                                代码执行

                    X11--6000

                                未经授权访问 -CVE-1999-0526

6、邮件服务:

                   SMTP--25/465

                                弱口令

                                未经授权访问

                                邮件伪造

                   POP3--110/995

                                弱口令

                                未经授权访问

                   IMAP--143/993

                                弱口令

                                任意文件读取

7、其他服务:

                   DNS--53

                                DNS 区域传输

                                DNS 劫持

                                DNS 欺骗

                                DNS 缓存投毒

                                DNS 隧道

                   DHCP--67/68

                                DHCP 劫持

                                DHCP 欺骗

                   SNMP--161

                                弱口令

                   Rlogin--512/513/514

                                rlogin 登录

                   Rsync--873

                                未经授权访问

                                本地权限提升

                   Zabbix--8069

                                远程命令执行

                   RMI--1090/1099

                                JAVA 反序列化

                   Docker--2375

                                未经授权访问

链接:https://pan.baidu.com/s/1y53BqoKRL5b4QA9CJYydXw

提取码:twc5

手握日月摘星辰,安全路上永不止步。

- Khan 攻防安全实验室

免责声明:本站提供安全工具、程序 (方法) 可能带有攻击性,仅供安全研究与教学之用,风险自负!

转载声明:著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。

订阅查看更多复现文章、学习笔记

thelostworld

安全路上,与你并肩前行!!!!

个人知乎:https://www.zhihu.com/people/fu-wei-43-69/columns

个人简书:https://www.jianshu.com/u/bf0e38a8d400

个人 CSDN:https://blog.csdn.net/qq_37602797/category_10169006.html

个人博客园:https://www.cnblogs.com/thelostworld/

FREEBUF 主页:https://www.freebuf.com/author/thelostworld?type=article

欢迎添加本公众号作者微信交流,添加时备注一下 “公众号”