对剑桥大学的一次简单渗透

声明:以下文章仅限技术研究和学习参考,因为本站内容导致一切法律责任均于本站无关!
目标站点: http://www.crassh.cam.ac.uk/
因为渗透过程太长太复杂,这里直接就公布数据库账户密码了,密码被加密了比起国内的明文数据确实是强太多了, 大家不必尝试在本文公布前已经向该校确认漏洞已经修复! 本文作技术探讨和交流.
- user_name user_pass
- _________________________
- apm50 819b0643d6b89dc9b579fdfc9094f28e
- ch335 cac0da76054a2c60f2912895135ff1b4
- crassh 648973eafcbefad340434268d258e2fd
- el269 b330516f8678c6f8c0b28f8332f6ff32
- gjj24 5f4dcc3b5aa765d61d8327deb882cf99
- hb380 7c6a180b36896a0a8c02787eeafb0e4c
- ic223 7c6a180b36896a0a8c02787eeafb0e4c
- jmk28 7c6a180b36896a0a8c02787eeafb0e4c
- lw243 629ab14fab772d78a58eea752bdfc0dc
- lw243 629ab14fab772d78a58eea752bdfc0dc
- mm405 7c6a180b36896a0a8c02787eeafb0e4c
- raa43 5f4dcc3b5aa765d61d8327deb882cf99
- rhr32 73f48104be856eee268178cd2a5eb808
- sdg1001 3d4e992d8d8a7d848724aa26ed7f4176
- sjrm2 f8dbe37170ce10aded2eb0e412a6957f
- tba20 de1cf6d0f0ead7e81b38e0d87adf21d6
- test ae2b1fca515949e5d54fb22b8ed95575
第二个站点:http://www.bss.phy.cam.ac.uk/steiner
不得不说这是管理员的疏忽才给了我们可乘之机的
admin admin(你懂的)
第三个站点:http://www-hki.fitzmuseum.cam.ac.uk/archives/wn/search.php?pid=gSearch&s_arg[]=Field&bln[]=PHRASE&fld[]=named_individuals_sum&cnt=25
直接sql注入,但是没找到太大有用的信息.
第三个站点:http://como.cheng.cam.ac.uk/
- MySQL Database Users:
- User: root
- Pass: 373f9da34562cf25
- Host: localhost
- User: root:
- Pass:
- Host: como.cheng.cam.ac.uk
- User:root:
- Pass:
- Host: 127.0.0.1
- User: bibtex
- Pass: 7807b39746f522b2
- Host: localhost
- User: cbs
- Pass: 3a7876553a3c0066
- Host: localhost
- User: prime
- Pass: 4a8de62465af89be
- Host: localhost
- User: como
- Pass: 7807b39746f522b2
- Host: localhost
- /etc/passwd:
- root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:499:499:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:498:virtual console memory owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin distcache:x:94:494:Distcache:/:/sbin/nologin nscd:x:28:493:NSCD Daemon:/:/sbin/nologin rpcuser:x:29:492:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin avahi:x:498:491:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin apache:x:48:490:Apache:/var/www:/sbin/nologin abrt:x:497:489::/etc/abrt:/sbin/nologin openvpn:x:496:488:OpenVPN:/etc/openvpn:/sbin/nologin rtkit:x:495:487:RealtimeKit:/proc:/sbin/nologin saslauth:x:494:486:”Saslauthd user”:/var/empty/saslauth:/sbin/nologin mailnull:x:47:485::/var/spool/mqueue:/sbin/nologin smmsp:x:51:484::/var/spool/mqueue:/sbin/nologin sshd:x:74:483:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin webalizer:x:67:482:Webalizer:/var/www/usage:/sbin/nologin torrent:x:493:481:BitTorrent Seed/Tracker:/var/lib/bittorrent:/sbin/nologin haldaemon:x:68:480:HAL daemon:/:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin clamupdate:x:492:479:Clamav database update user:/var/lib/clamav:/sbin/nologin smolt:x:491:478:Smolt:/usr/share/smolt:/sbin/nologin mysql:x:27:477:MySQL Server:/var/lib/mysql:/bin/bash squid:x:23:23::/var/spool/squid:/sbin/nologin pulse:x:490:476:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:474::/var/lib/gdm:/sbin/nologin ajs224:x:500:501:Alastair J. Smith:/home/ajs224:/bin/bash tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/bin/sh ras81:x:502:501:Raphael Shirley:/home/ras81:/bin/bash wp214:x:503:501:Weerapong Phadungsukanan:/home/wp214:/bin/bash ganglia:x:489:473:Ganglia Monitoring System:/var/lib/ganglia:/sbin/nologin nx:x:504:502::/var/lib/nxserver/home:/usr/libexec/nx/nxserver tst25:x:505:501:Timothy Totton:/home/tst25:/bin/bash lrm29:x:506:501:Labs “Grumpy” McGlashan:/home/lrm29:/bin/bash ss663:x:507:507:Shraddha Shekar:/home/ss663:/bin/bash wjm34:x:508:501:William Menz:/home/wjm34:/bin/bash ircd:x:488:472:IRC service account:/usr/lib64/ircd:/sbin/nologin
第四个站点是:http://saffron.caret.cam.ac.uk/
- Username: admin
- Password: ef3c2add5c1d158138f821bd3a0a07f550696677942d
后面我们陆续尝试渗透了剑桥的email服务器 课程注册服务器等后面的数据非常敏感我们在此就不对外发布了如果喜欢渗透测试的朋友欢迎交流。
上一篇:UMBC数据库入侵案例
下一篇:如何入某大学课程管理系统