HackAPT-打造中国最专业的黑客入侵技术 - 承接一切黑客渗透测试业务

对剑桥大学的一次简单渗透

声明:以下文章仅限技术研究和学习参考,因为本站内容导致一切法律责任均于本站无关!

目标站点: http://www.crassh.cam.ac.uk/

因为渗透过程太长太复杂,这里直接就公布数据库账户密码了,密码被加密了比起国内的明文数据确实是强太多了, 大家不必尝试在本文公布前已经向该校确认漏洞已经修复! 本文作技术探讨和交流.

  1. user_name       user_pass
  2. _________________________
  3. apm50   819b0643d6b89dc9b579fdfc9094f28e
  4. ch335   cac0da76054a2c60f2912895135ff1b4
  5. crassh  648973eafcbefad340434268d258e2fd
  6. el269   b330516f8678c6f8c0b28f8332f6ff32
  7. gjj24   5f4dcc3b5aa765d61d8327deb882cf99
  8. hb380   7c6a180b36896a0a8c02787eeafb0e4c
  9. ic223   7c6a180b36896a0a8c02787eeafb0e4c
  10. jmk28   7c6a180b36896a0a8c02787eeafb0e4c
  11. lw243   629ab14fab772d78a58eea752bdfc0dc
  12. lw243   629ab14fab772d78a58eea752bdfc0dc
  13. mm405   7c6a180b36896a0a8c02787eeafb0e4c
  14. raa43   5f4dcc3b5aa765d61d8327deb882cf99
  15. rhr32   73f48104be856eee268178cd2a5eb808
  16. sdg1001   3d4e992d8d8a7d848724aa26ed7f4176
  17. sjrm2   f8dbe37170ce10aded2eb0e412a6957f
  18. tba20   de1cf6d0f0ead7e81b38e0d87adf21d6
  19. test    ae2b1fca515949e5d54fb22b8ed95575

第二个站点:http://www.bss.phy.cam.ac.uk/steiner

不得不说这是管理员的疏忽才给了我们可乘之机的

admin admin(你懂的)

第三个站点:http://www-hki.fitzmuseum.cam.ac.uk/archives/wn/search.php?pid=gSearch&s_arg[]=Field&bln[]=PHRASE&fld[]=named_individuals_sum&cnt=25

直接sql注入,但是没找到太大有用的信息.

第三个站点:http://como.cheng.cam.ac.uk/

  1. MySQL Database Users:
  2. User: root
  3. Pass: 373f9da34562cf25
  4. Host: localhost
  5. User: root:
  6. Pass:
  7. Host: como.cheng.cam.ac.uk
  8. User:root:
  9. Pass:
  10. Host: 127.0.0.1
  11. User: bibtex
  12. Pass: 7807b39746f522b2
  13. Host: localhost
  14. User: cbs
  15. Pass: 3a7876553a3c0066
  16. Host: localhost
  17. User: prime
  18. Pass: 4a8de62465af89be
  19. Host: localhost
  20. User: como
  21. Pass: 7807b39746f522b2
  22. Host: localhost
  23. /etc/passwd:
  24. root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin avahi-autoipd:x:499:499:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin vcsa:x:69:498:virtual console memory owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin distcache:x:94:494:Distcache:/:/sbin/nologin nscd:x:28:493:NSCD Daemon:/:/sbin/nologin rpcuser:x:29:492:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin avahi:x:498:491:avahi-daemon:/var/run/avahi-daemon:/sbin/nologin apache:x:48:490:Apache:/var/www:/sbin/nologin abrt:x:497:489::/etc/abrt:/sbin/nologin openvpn:x:496:488:OpenVPN:/etc/openvpn:/sbin/nologin rtkit:x:495:487:RealtimeKit:/proc:/sbin/nologin saslauth:x:494:486:”Saslauthd user”:/var/empty/saslauth:/sbin/nologin mailnull:x:47:485::/var/spool/mqueue:/sbin/nologin smmsp:x:51:484::/var/spool/mqueue:/sbin/nologin sshd:x:74:483:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin webalizer:x:67:482:Webalizer:/var/www/usage:/sbin/nologin torrent:x:493:481:BitTorrent Seed/Tracker:/var/lib/bittorrent:/sbin/nologin haldaemon:x:68:480:HAL daemon:/:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin clamupdate:x:492:479:Clamav database update user:/var/lib/clamav:/sbin/nologin smolt:x:491:478:Smolt:/usr/share/smolt:/sbin/nologin mysql:x:27:477:MySQL Server:/var/lib/mysql:/bin/bash squid:x:23:23::/var/spool/squid:/sbin/nologin pulse:x:490:476:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin gdm:x:42:474::/var/lib/gdm:/sbin/nologin ajs224:x:500:501:Alastair J. Smith:/home/ajs224:/bin/bash tomcat:x:91:91:Apache Tomcat:/usr/share/tomcat6:/bin/sh ras81:x:502:501:Raphael Shirley:/home/ras81:/bin/bash wp214:x:503:501:Weerapong Phadungsukanan:/home/wp214:/bin/bash ganglia:x:489:473:Ganglia Monitoring System:/var/lib/ganglia:/sbin/nologin nx:x:504:502::/var/lib/nxserver/home:/usr/libexec/nx/nxserver tst25:x:505:501:Timothy Totton:/home/tst25:/bin/bash lrm29:x:506:501:Labs “Grumpy” McGlashan:/home/lrm29:/bin/bash ss663:x:507:507:Shraddha Shekar:/home/ss663:/bin/bash wjm34:x:508:501:William Menz:/home/wjm34:/bin/bash ircd:x:488:472:IRC service account:/usr/lib64/ircd:/sbin/nologin

第四个站点是:http://saffron.caret.cam.ac.uk/

  1. Username: admin
  2. Password: ef3c2add5c1d158138f821bd3a0a07f550696677942d

后面我们陆续尝试渗透了剑桥的email服务器 课程注册服务器等后面的数据非常敏感我们在此就不对外发布了如果喜欢渗透测试的朋友欢迎交流。


本文系作者个人观点,转载请注明出处!
喜欢 1

相关文章

更多

本站已经正式停止QQ联系方式,如有任何正在合作的客户或有意合作的客户可以通过  [email protected] 跟我们联系!

邮件24小时在线,通常1-2小时会回复!

error: