ÎÄÕÂȪԴ£ºÏÈÖªÉçÇø£¨Å£°®»¨£©

Ô­Îĵص㣺https://xz.aliyun.com/t/10442

0x01 Ç°ÑÔ

×î½ü¿´µ½Á˹ØÓÚÐí¶àºì¶Ó·½ÃæµÄÎÄÕ£¬ÔõÑù¾ÙÐÐÐÅÏ¢ÍøÂ磬´Ó¼òµ¥Ä¿µÄ»ò¶à¸öÄ¿µÄÖоÙÐпìËÙ²éÕÒÎó²î¡£½ñÌìÌṩһÖÖÕë¶Ô½Ï¶à×ʲú»òÄ¿µÄµÄÇéÐÎϾÙÐÐÅúÁ¿Ê¶±ðÄ¿µÄ¿ò¼Ü¾ÙÐÐÕë¶ÔÐÔÎó²îÍÚ¾òµÄ·½·¨¡£ÓõúÿÉÄÜÆäËü²½¶Ó»¹ÔÚÐÁÐÁÇÚ¿à´òµãµÄʱ¼ä£¬ÄãÒѾ­½øÄÚÍøÁË¡£

0x02 ÕýÎÄ

×î½ü EHole ¸üÐÂÁË3.0°æ±¾£¬ÌṩÁË finger Óë fofaext ²ÎÊý£¬fofaext²ÎÊýÖ÷Òª´Ófofa¾ÙÐÐÅúÁ¿»ñÈ¡ IP µÄ¶Ë¿ÚÇéÐΣ¬¶ø finger Ôò¾ÙÐÐÅúÁ¿¾ÙÐÐÖ¸ÎÆÑé֤ʶ±ð¡£ÏÖÔÚ¿ªÔ´µÄÖ¸ÎÆ¿ìÒª1000Ìõ£¬»ù±¾É϶¼ÊǽÏÁ¿³£Óöµ½µÄϵͳ£¬ÁíÍâ finger ²ÎÊýÔò¿ÉÒÔÖ±½Óʶ±ðÏÂÃæÃûÌõĵص㣺

IP:PORT

HTTP(s)://URL

HTTP(s)://IP

HTTP(s)://IP:PORT

ÔÚºì¶Ó³¡¾°ÏÂÊ×ÏȶԶà¸öÄ¿µÄ¾ÙÐÐÁË×ʲúÍøÂ磬ÓÌÈçʱ¼¸Ç§ÉÏÍò¸öIP£¬ÔõÑù¿ìËٵĴÓÕâЩ×ʲúÖоÙÐлñÈ¡Ö÷ÒªµÄϵͳ»òÕßÖ±½ÓÄÜ RCE µÄϵͳÄØ£¿

¿ÉÒÔÏÈ´Ófofa¾ÙÐÐÅúÁ¿ÌáÈ¡IP+PORT£º

./Ehole-darwin fofaext -l /Users/r1ng/Downloads/ip.txt

²âÊÔÁùÍò¸öIP´ÓFOFAÌáȡԼĪÐèÒª15-20·ÖÖÓ×óÓÒ¡£ÌáÈ¡ºó»á×Ô¶¯ÌìÉú results.xlsx Îļþ¡£

Ëæºó¿ÉÖ±½Ó½« host ÁÐ copy ÖÁ txt Îı¾ÖоÙÐÐʶ±ðÖ÷ÒªµÄϵͳ£¨×îÖÕ»ñÈ¡HTTP·þÎñ½«3ÍòÌõ£¬Ê¶±ð10·ÖÖÓ×óÓÒ£©£º

PS£ºÖ¸ÎÆ¿É×Ô½ç˵Ìí¼Ó£¬ÈçÊÖÀïÓÐij¸öϵͳµÄ 0day ¿ÉÖ¸¶¨Ìí¼ÓÖ¸ÎƾÙÐÐʶ±ð¡£

./Ehole-darwin finger -l /Users/r1ng/Downloads/url.txt

×îÖÕÊä³öµÄЧ¹ûÈçÏ£º

ÖÖÖÖÖصãϵͳ¿ÉÖ±½Ó¾ÙÐÐɸѡºó°´Ö¸¶¨Ä¿µÄ¾ÙÐй¥»÷»ñȡȨÏÞ£¬ºÃ±Èshiro£º

ijOA£º

º£¿µÍþÊÓ rceµÈ£º

........

½ÓÏÂÀ´¾Í¿ÉÒÔ½øÈëÄÚÍøËæÒâÊ©Õ¹ÁË~

0x03 ×ܽá

ÔÚºì¶Ó×÷Õ½ÖУ¬ÐÅÏ¢ÍøÂçÊDZز»¿ÉÉٵĻ·½Ú¡£EHole¿ÉÒÔ×ÊÖúºì¶ÓÖ°Ô±¿ìËÙ´ÓÍøÂçÖÐÒÔ¼°´ó×ÚÔÓÂÒµÄ×ʲúÖо«×¼¶¨Î»µ½Ò×±»¹¥»÷µÄϵͳºÍųÈõ×ʲú£¬´Ó¶øʵÑé½øÒ»²½¹¥»÷¡£

EHoleÏîÄ¿µØµã£º

https://github.com/EdgeSecurityTeam/EHole