今天找到了个默认的数据库,然后拿了一个shell.(看webshell可以短信通知我)
FTP用的ms,3389,4899端口开着,通过注册表读取终端端口确实是3389,不能连接,猜想是设置了IP策略, 4899同样不能连接,想利用radmin提权,注册表也读取不了内容。 c:/php可访问 大概过程就这样,由于我的技术跟经验都有限,到现在已经没有什么斗志了。 希望大家能抽空看下,给我指几条路子,真的非常感谢了。 下面是我搜集的信息. 1,目标系统 OS Name: Microsoft(R) Windows(R) Server 2003, Enterprise Edition OS Version: 5.2.3790 Service Pack 2 Build 3790 2,运行的服务没办法查看,net start运行后无回显,其他命令都正常. 3,扩展映射asp,php,aspx 4,端口 TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1624 TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 1624 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 792 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1002 0.0.0.0:0 LISTENING 1836 TCP 0.0.0.0:1041 0.0.0.0:0 LISTENING 1624 TCP 0.0.0.0:1043 0.0.0.0:0 LISTENING 548 TCP 0.0.0.0:1089 0.0.0.0:0 LISTENING 1624 TCP 0.0.0.0:1093 0.0.0.0:0 LISTENING 1624 TCP 0.0.0.0:1248 0.0.0.0:0 LISTENING 1696 TCP 0.0.0.0:2499 0.0.0.0:0 LISTENING 920 TCP 0.0.0.0:2967 0.0.0.0:0 LISTENING 2036 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 2904 TCP 0.0.0.0:4899 0.0.0.0:0 LISTENING 1892 TCP 0.0.0.0:8693 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:13722 0.0.0.0:0 LISTENING 1752 TCP 0.0.0.0:13724 0.0.0.0:0 LISTENING 1660 TCP 0.0.0.0:13782 0.0.0.0:0 LISTENING 1660 TCP 0.0.0.0:13783 0.0.0.0:0 LISTENING 1660 TCP 127.0.0.1:1042 0.0.0.0:0 LISTENING 1752 TCP 127.0.0.1:1187 0.0.0.0:0 LISTENING 3332 UDP 0.0.0.0:161 *:* 2008 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 548 UDP 0.0.0.0:1025 *:* 864 UDP 0.0.0.0:1026 *:* 864 UDP 0.0.0.0:1040 *:* 2008 UDP 0.0.0.0:1716 *:* 864 UDP 0.0.0.0:3456 *:* 1624 UDP 0.0.0.0:4500 *:* 548 UDP 127.0.0.1:123 *:* 880 UDP 127.0.0.1:1027 *:* 548 UDP 127.0.0.1:1175 *:* 488 UDP 127.0.0.1:3456 *:* 1624 UDP 208.109.xxx.171:123 *:* 880 UDP 208.109.xxx.171:137 *:* 4 UDP 208.109.xxx.171:138 *:* 4 5,当前进程 Image Name PID Session Name Session# Mem Usage ========================= ======== ================ =========== ============ System Idle Process 0 0 28 K System 4 0 328 K smss.exe 412 0 452 K csrss.exe 460 0 6,796 K winlogon.exe 488 0 12,580 K services.exe 536 0 36,492 K lsass.exe 548 0 17,320 K svchost.exe 724 0 3,328 K svchost.exe 792 0 4,640 K svchost.exe 864 0 7,112 K svchost.exe 880 0 6,032 K svchost.exe 920 0 50,032 K ccSetMgr.exe 976 0 4,132 K ccEvtMgr.exe 1004 0 3,984 K SPBBCSvc.exe 1144 0 3,792 K spoolsv.exe 1308 0 5,244 K msdtc.exe 1332 0 4,448 K DefWatch.exe 1480 0 5,208 K svchost.exe 1508 0 2,452 K inetinfo.exe 1624 0 63,204 K bpinetd.exe 1660 0 3,892 K pNSClient.exe 1696 0 12,888 K bpjava-msvc.exe 1752 0 3,664 K watchdog.exe 1808 0 1,476 K ProcessMonitorService.exe 1828 0 3,420 K python.exe 1836 0 21,140 K svchost.exe 1880 0 2,240 K r_server.exe 1892 0 4,796 K SavRoam.exe 1916 0 5,172 K snmp.exe 2008 0 5,708 K Rtvscan.exe 2036 0 69,736 K svchost.exe 2352 0 19,804 K svchost.exe 2904 0 5,148 K svchost.exe 2984 0 4,284 K alg.exe 3332 0 3,212 K wmiprvse.exe 3440 0 5,844 K logon.scr 5884 0 1,928 K wmiprvse.exe 15632 0 10,728 K cisvc.exe 22976 0 4,964 K cidaemon.exe 18640 0 488 K cidaemon.exe 9352 0 2,036 K w3wp.exe 30936 0 43,468 K w3wp.exe 2948 0 39,028 K w3wp.exe 23608 0 35,104 K cmd.exe 32564 0 4,372 K w3wp.exe 3856 0 136,156 K w3wp.exe 26008 0 98,036 K w3wp.exe 15408 0 35,432 K w3wp.exe 23720 0 106,640 K w3wp.exe 19584 0 77,408 K w3wp.exe 6020 0 41,752 K w3wp.exe 12252 0 12,296 K w3wp.exe 6852 0 13,756 K w3wp.exe 12028 0 166,096 K w3wp.exe 23772 0 51,756 K w3wp.exe 28468 0 78,304 K w3wp.exe 11524 0 89,280 K w3wp.exe 32308 0 74,144 K w3wp.exe 8740 0 9,280 K w3wp.exe 6920 0 38,684 K w3wp.exe 12832 0 14,672 K w3wp.exe 6896 0 58,876 K w3wp.exe 29808 0 230,904 K w3wp.exe 20932 0 34,044 K w3wp.exe 28836 0 128,808 K w3wp.exe 27636 0 71,420 K w3wp.exe 14332 0 32,072 K w3wp.exe 4700 0 56,852 K w3wp.exe 12156 0 40,004 K w3wp.exe 21636 0 105,448 K w3wp.exe 4928 0 26,636 K w3wp.exe 18000 0 10,244 K w3wp.exe 6780 0 53,516 K w3wp.exe 30764 0 199,392 K w3wp.exe 612 0 73,648 K w3wp.exe 2020 0 50,384 K w3wp.exe 5148 0 292,428 K w3wp.exe 6648 0 23,736 K w3wp.exe 6076 0 90,388 K w3wp.exe 31128 0 10,904 K w3wp.exe 26780 0 41,088 K w3wp.exe 25864 0 13,488 K w3wp.exe 23452 0 46,068 K w3wp.exe 21380 0 55,420 K w3wp.exe 31996 0 19,628 K w3wp.exe 1672 0 9,132 K w3wp.exe 27712 0 10,408 K w3wp.exe 11164 0 48,024 K bpbkar32.exe 292 0 22,656 K w3wp.exe 10700 0 10,376 K vssvc.exe 8452 0 6,924 K svchost.exe 5896 0 3,872 K cidaemon.exe 31904 0 928 K w3wp.exe 2452 0 10,932 K w3wp.exe 11664 0 13,368 K w3wp.exe 18228 0 8,964 K w3wp.exe 4880 0 16,164 K w3wp.exe 5080 0 8,912 K w3wp.exe 6416 0 13,872 K cmd.exe 12408 0 1,780 K tasklist.exe 32276 0 4,136 K 6,set结果 ALLUSERSPROFILE=C:\Documents and Settings\All Users APP_POOL_ID=HostingAppPool21_ASPNET2 ClusterLog=C:\WINDOWS\Cluster\cluster.log CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=P3SWH129 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO NUMBER_OF_PROCESSORS=4 OS=Windows_NT Path=C:\Program Files\VERITAS\NetBackup\bin\;C:\WINDOWS\system32;C: \WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0b ProgramFiles=C:\Program Files PROMPT=$P$G SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=d:\temp TMP=d:\temp USERPROFILE=C:\Documents and Settings\Default User windir=C:\WINDOWS 7,当前安装程序 C:\Program Files\ 无权限 这个是开始菜单下的程序列表 accessories administrative tools microsoft asp.net 2.0 ajax extensions Microsoft SOAP Toolkit Version 3 startup symantec client security veritas netbackup winzip desktop.ini --~--~---------~--~----~------------~-------~--~----~ 要向邮件组发送邮件,请发到 [email protected] 要退订此邮件,请发邮件至 [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
