看我如何在2小时内控制100+天融信安全设备的 admin 102803文章 87评论 2015年6月10日03:54:23评论401 views字数 210阅读0分42秒阅读模式 摘要2014-09-06: 细节已通知厂商并且等待厂商处理中 2014-09-06: 厂商已经确认,细节仅向厂商公开 2014-09-16: 细节向核心白帽子及相关领域专家公开 2014-09-26: 细节向普通白帽子公开 2014-10-06: 细节向实习白帽子公开 2014-10-21: 细节向公众公开 漏洞概要 关注数(44) 关注此漏洞 缺陷编号: WooYun-2014-75265 漏洞标题: 看我如何在2小时内控制100+天融信安全设备的 相关厂商: 天融信 漏洞作者: 大大灰狼 提交时间: 2014-09-06 15:01 公开时间: 2014-10-21 15:02 漏洞类型: 系统/服务运维配置不当 危害等级: 高 自评Rank: 20 漏洞状态: 厂商已经确认 漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系 Tags标签: 无 10人收藏 漏洞详情 披露状态: 2014-09-06: 细节已通知厂商并且等待厂商处理中 2014-09-06: 厂商已经确认,细节仅向厂商公开 2014-09-16: 细节向核心白帽子及相关领域专家公开 2014-09-26: 细节向普通白帽子公开 2014-10-06: 细节向实习白帽子公开 2014-10-21: 细节向公众公开 简要描述: 看我如何2小时内入侵100台TopSec安全设备,获取admin权限,组建僵尸网络的。内含防火墙、VPN什么的,画面血腥、惨不忍睹!!!! 详细说明: “Heartbleed”的漏洞,过去快5个月了,各大安全厂商都说自己的设备已经修复,你们真的修复了吗? 乌云上也后好多大牛提交过这类漏洞,但都是个别设备“Heartbleed”的漏洞。由于数量有限,不能形成强有利的威胁。 今天“灰狼哥”带你一起对天融信136台安全设备进行“心跳”利用,获取admin权限、组建僵尸网络。 好了,下面利用开始,对136台天融信设备进行批量“心跳”利用。 (一)首先列举NGFW4000(TG-4508-CU)型号设备。 https://183.234.20.148/ (账号密码superman:talent) 登陆设备,管理员权限。 再来,https://218.91.210.30 再登陆https://61.158.253.204(账号密码superman:talent) (二)在列举NGFW4000(NGFW4000(TG-21109))型号设备。 再来,https://120.199.19.122/(账号密码superman:talent) (三)在列举NGFW4000(NGFW4000(TG-11406-VPN))型号设备。 再来,在登陆https://211.98.23.200(账号密码superman:talent) 通过指纹特征,可对天融信设备进行批量,如下136台设备,经抓取审计,发现存在“Heartbleed”的漏洞,批量利用,可以管理员的身份成功登陆,控制所有设备,轻松组建自己想要的僵尸网络。 测试代码,你们也是做安全的,这个应该有,就不附上了吧!!! 抓取的被害设备,如下136台设备均存在心脏滴血漏洞!为你们测试方便给你们15个分一个漏洞小组,够贴心吧!!! code 区域 TOPSEC Heartbleed of 1 ['ip=111.75.254.105', 'ip=61.158.253.204', 'ip=58.62.173.234', 'ip=221.231 .122.11', 'ip=123.7.84.170', 'ip=123.7.85.140', 'ip=123.7.84.92', 'ip=12 3.7.87.52', 'ip=123.7.84.241', 'ip=183.247.178.34', 'ip=218.29.12.121', 'ip=218.76.215.80', 'ip=219.153.48.134', 'ip=111.39.44.35', 'ip=222.132.86 .74', 'ip=221.131.86.40', 'ip=221.206.167.54', 'ip=221.229.114.102', 'ip =218.75.151.24', 'ip=123.133.65.72'] TOPSEC Heartbleed of 2 ['ip=119.254.231.85', 'ip=113.247.235.243', 'ip=113.247.235.86', 'ip=221.1 3.140.142', 'ip=218.249.32.129', 'ip=218.25.29.94', 'ip=183.234.20.148', 'ip=202.104.33.190', 'ip=218.85.77.106', 'ip=58.222.181.18', 'ip=61.161.2 05.2', 'ip=61.161.206.50', 'ip=61.161.205.98', 'ip=112.25.139.26', 'ip=1 12.25.138.211', 'ip=222.88.103.3', 'ip=222.82.91.139', 'ip=218.59.233.219" >', 'ip=113.200.76.98', 'ip=60.15.183.228'] TOPSEC Heartbleed of 3 ['ip=210.22.19.27', 'ip=171.8.148.101', 'ip=14.158.211.1', 'ip=111.63.16.8 3', 'ip=125.39.137.0', 'ip=202.101.149.205', 'ip=116.113.93.50', 'ip=61. 158.186.89', 'ip=58.213.122.69', 'ip=58.213.126.138', 'ip=58.213.122.68' , 'ip=58.213.123.226', 'ip=60.172.12.142', 'ip=60.172.12.134', 'ip=14.208. 55.93', 'ip=123.7.84.43', 'ip=123.7.82.250', 'ip=123.7.83.107', 'ip=113. 204.80.51', 'ip=123.150.47.98'] TOPSEC Heartbleed of 4 ['ip=123.150.47.27', 'ip=36.7.150.194', 'ip=113.107.155.66', 'ip=218.21.40 .130', 'ip=120.209.81.172', 'ip=125.73.131.235', 'ip=125.46.96.70', 'ip= 124.207.168.87', 'ip=58.23.113.32', 'ip=218.94.34.38', 'ip=218.94.39.210 ', 'ip=218.2.112.242', 'ip=218.95.73.13', 'ip=60.190.165.218', 'ip=61.154. 118.109', 'ip=123.84.202.196', 'ip=123.84.202.202', 'ip=61.156.218.11', 'ip=118.112.181.68', 'ip=60.191.133.39'] TOPSEC Heartbleed of 5 ['ip=60.191.133.53', 'ip=60.191.133.42', 'ip=60.191.133.34', 'ip=60.191.13 3.59', 'ip=60.191.133.41', 'ip=60.191.133.48', 'ip=60.191.133.36', 'ip=6 0.191.133.55', 'ip=60.191.133.46', 'ip=60.191.133.54', 'ip=60.191.133.57 ', 'ip=60.191.133.35', 'ip=60.191.133.60', 'ip=60.191.133.44', 'ip=60.167. 63.172', 'ip=27.17.62.242', 'ip=125.46.31.53', 'ip=125.46.30.130', 'ip=1 24.47.25.18', 'ip=60.29.145.170'] TOPSEC Heartbleed of 6 ['ip=112.80.18.21', 'ip=112.80.18.18', 'ip=112.80.18.20', 'ip=175.19.140.1 06', 'ip=175.19.140.122', 'ip=120.205.198.214', 'ip=111.75.204.70', 'ip= 121.28.76.34', 'ip=121.28.74.251', 'ip=121.28.74.227', 'ip=61.161.205.187" >', 'ip=61.184.93.218', 'ip=60.166.23.92', 'ip=60.166.23.180', 'ip=60.166. 23.114', 'ip=60.166.23.91', 'ip=60.166.23.90', 'ip=60.166.23.118', 'ip=6 0.166.23.115', 'ip=60.166.23.93'] TOPSEC Heartbleed of 7 ['ip=60.166.23.94', 'ip=60.166.23.117', 'ip=60.166.23.116', 'ip=125.71.30. 160', 'ip=218.91.212.30', 'ip=218.91.214.126', 'ip=218.91.210.30', 'ip=6 1.187.187.178', 'ip=218.66.50.61', 'ip=218.66.50.198', 'ip=180.173.161.230 ', 'ip=211.148.172.69', 'ip=113.0.128.154', 'ip=113.0.128.130', 'ip=61.1 36.184.98', 'ip=124.202.195.54', 'ip=203.88.36.67', 'ip=122.156.220.2', 'ip=122.156.218.125', 'ip=61.177.143.19'] TOPSEC Heartbleed of 8 ['ip=113.4.133.170', 'ip=113.4.132.99', 'ip=61.48.138.15', 'ip=112.122.11. 186', 'ip=112.122.9.36', 'ip=112.122.9.37', 'ip=111.160.178.62', 'ip=60. 191.133.51', 'ip=60.191.133.58', 'ip=60.191.133.50', 'ip=60.191.133.43', 'ip=60.191.133.52', 'ip=60.191.133.37', 'ip=60.191.133.49', 'ip=120.38.62 .58', 'ip=61.153.76.94', 'ip=61.153.73.66', 'ip=61.153.73.90', 'ip=218.2 06.210.157', 'ip=202.98.60.114'] TOPSEC Heartbleed of 9 ['ip=202.98.60.122', 'ip=202.98.60.116', 'ip=202.98.60.100', 'ip=202.98.60 .125', 'ip=202.98.60.115', 'ip=202.98.60.120', 'ip=202.98.60.103', 'ip=2 02.98.60.121', 'ip=202.98.60.102', 'ip=202.98.60.118', 'ip=202.98.60.110 ', 'ip=202.98.60.119', 'ip=202.98.60.113', 'ip=202.98.60.117', 'ip=202.98. 60.101', 'ip=183.129.186.109', 'ip=183.129.186.108', 'ip=183.129.186.106 ', 'ip=183.129.186.107', 'ip=183.129.186.154'] TOPSEC Heartbleed of 10 ['ip=61.187.94.197', 'ip=61.187.94.196', 'ip=123.127.76.52', 'ip=58.213.11 6.20', 'ip=120.194.66.142', 'ip=122.141.66.210', 'ip=61.181.72.14', 'ip= 202.97.177.157', 'ip=58.217.107.178', 'ip=218.28.130.18', 'ip=218.28.130.2 2', 'ip=218.28.130.106', 'ip=61.167.37.34', 'ip=175.19.208.197', 'ip=118 .122.33.239', 'ip=180.168.181.162', 'ip=218.92.37.122', 'ip=106.120.136.25 4', 'ip=60.30.27.5', 'ip=14.158.215.140'] TOPSEC Heartbleed of 11 ['ip=119.48.73.134', 'ip=119.48.73.126', 'ip=58.211.51.178', 'ip=61.163.12 7.142', 'ip=61.163.127.34', 'ip=61.163.124.24', 'ip=180.212.94.36', 'ip= 60.30.162.10', 'ip=218.3.136.172', 'ip=61.158.111.178', 'ip=60.31.185.66 ', 'ip=60.31.190.242', 'ip=60.214.69.95', 'ip=120.199.19.122', 'ip=111.26. 192.14', 'ip=182.116.61.241', 'ip=113.107.52.4', 'ip=124.133.48.244', 'i p=59.39.58.126', 'ip=211.98.23.200'] TOPSEC Heartbleed of 12 ['ip=1.189.195.124', 'ip=202.104.147.42', 'ip=117.117.117.72', 'ip=218.94. 23.114', 'ip=61.191.126.61', 'ip=113.3.56.127', 'ip=61.160.91.18', 'ip=1 20.44.125.62', 'ip=218.92.10.18', 'ip=59.175.173.178', 'ip=124.207.56.226" >', 'ip=113.128.206.130', 'ip=202.100.111.170', 'ip=123.138.180.210', 'ip= 180.96.16.182', 'ip=202.207.177.60', 'ip=202.207.177.250', 'ip=202.207.176 .62', 'ip=111.160.7.234', 'ip=111.160.0.135'] TOPSEC Heartbleed of 13 ['ip=111.160.2.126', 'ip=111.160.7.250'] 只求一个闪电足矣!! 漏洞证明: (一)首先列举NGFW4000(TG-4508-CU)型号设备。 https://183.234.20.148/ (账号密码superman:talent) 登陆设备,管理员权限。 再来,https://218.91.210.30 再登陆https://61.158.253.204(账号密码superman:talent) (二)在列举NGFW4000(NGFW4000(TG-21109))型号设备。 利用过程同上,https://120.199.19.122/(账号密码superman:talent) (三)在列举NGFW4000(NGFW4000(TG-11406-VPN))型号设备。 https://211.98.23.200(账号密码superman:talent) 抓取的被害设备,如下136台设备均存在心脏滴血漏洞!为你们测试方便给你们15个分一个漏洞小组,够贴心吧!!! code 区域 TOPSEC Heartbleed of 1 ['ip=111.75.254.105', 'ip=61.158.253.204', 'ip=58.62.173.234', 'ip=221.231 .122.11', 'ip=123.7.84.170', 'ip=123.7.85.140', 'ip=123.7.84.92', 'ip=12 3.7.87.52', 'ip=123.7.84.241', 'ip=183.247.178.34', 'ip=218.29.12.121', 'ip=218.76.215.80', 'ip=219.153.48.134', 'ip=111.39.44.35', 'ip=222.132.86 .74', 'ip=221.131.86.40', 'ip=221.206.167.54', 'ip=221.229.114.102', 'ip =218.75.151.24', 'ip=123.133.65.72'] TOPSEC Heartbleed of 2 ['ip=119.254.231.85', 'ip=113.247.235.243', 'ip=113.247.235.86', 'ip=221.1 3.140.142', 'ip=218.249.32.129', 'ip=218.25.29.94', 'ip=183.234.20.148', 'ip=202.104.33.190', 'ip=218.85.77.106', 'ip=58.222.181.18', 'ip=61.161.2 05.2', 'ip=61.161.206.50', 'ip=61.161.205.98', 'ip=112.25.139.26', 'ip=1 12.25.138.211', 'ip=222.88.103.3', 'ip=222.82.91.139', 'ip=218.59.233.219" >', 'ip=113.200.76.98', 'ip=60.15.183.228'] TOPSEC Heartbleed of 3 ['ip=210.22.19.27', 'ip=171.8.148.101', 'ip=14.158.211.1', 'ip=111.63.16.8 3', 'ip=125.39.137.0', 'ip=202.101.149.205', 'ip=116.113.93.50', 'ip=61. 158.186.89', 'ip=58.213.122.69', 'ip=58.213.126.138', 'ip=58.213.122.68' , 'ip=58.213.123.226', 'ip=60.172.12.142', 'ip=60.172.12.134', 'ip=14.208. 55.93', 'ip=123.7.84.43', 'ip=123.7.82.250', 'ip=123.7.83.107', 'ip=113. 204.80.51', 'ip=123.150.47.98'] TOPSEC Heartbleed of 4 ['ip=123.150.47.27', 'ip=36.7.150.194', 'ip=113.107.155.66', 'ip=218.21.40 .130', 'ip=120.209.81.172', 'ip=125.73.131.235', 'ip=125.46.96.70', 'ip= 124.207.168.87', 'ip=58.23.113.32', 'ip=218.94.34.38', 'ip=218.94.39.210 ', 'ip=218.2.112.242', 'ip=218.95.73.13', 'ip=60.190.165.218', 'ip=61.154. 118.109', 'ip=123.84.202.196', 'ip=123.84.202.202', 'ip=61.156.218.11', 'ip=118.112.181.68', 'ip=60.191.133.39'] TOPSEC Heartbleed of 5 ['ip=60.191.133.53', 'ip=60.191.133.42', 'ip=60.191.133.34', 'ip=60.191.13 3.59', 'ip=60.191.133.41', 'ip=60.191.133.48', 'ip=60.191.133.36', 'ip=6 0.191.133.55', 'ip=60.191.133.46', 'ip=60.191.133.54', 'ip=60.191.133.57 ', 'ip=60.191.133.35', 'ip=60.191.133.60', 'ip=60.191.133.44', 'ip=60.167. 63.172', 'ip=27.17.62.242', 'ip=125.46.31.53', 'ip=125.46.30.130', 'ip=1 24.47.25.18', 'ip=60.29.145.170'] TOPSEC Heartbleed of 6 ['ip=112.80.18.21', 'ip=112.80.18.18', 'ip=112.80.18.20', 'ip=175.19.140.1 06', 'ip=175.19.140.122', 'ip=120.205.198.214', 'ip=111.75.204.70', 'ip= 121.28.76.34', 'ip=121.28.74.251', 'ip=121.28.74.227', 'ip=61.161.205.187" >', 'ip=61.184.93.218', 'ip=60.166.23.92', 'ip=60.166.23.180', 'ip=60.166. 23.114', 'ip=60.166.23.91', 'ip=60.166.23.90', 'ip=60.166.23.118', 'ip=6 0.166.23.115', 'ip=60.166.23.93'] TOPSEC Heartbleed of 7 ['ip=60.166.23.94', 'ip=60.166.23.117', 'ip=60.166.23.116', 'ip=125.71.30. 160', 'ip=218.91.212.30', 'ip=218.91.214.126', 'ip=218.91.210.30', 'ip=6 1.187.187.178', 'ip=218.66.50.61', 'ip=218.66.50.198', 'ip=180.173.161.230 ', 'ip=211.148.172.69', 'ip=113.0.128.154', 'ip=113.0.128.130', 'ip=61.1 36.184.98', 'ip=124.202.195.54', 'ip=203.88.36.67', 'ip=122.156.220.2', 'ip=122.156.218.125', 'ip=61.177.143.19'] TOPSEC Heartbleed of 8 ['ip=113.4.133.170', 'ip=113.4.132.99', 'ip=61.48.138.15', 'ip=112.122.11. 186', 'ip=112.122.9.36', 'ip=112.122.9.37', 'ip=111.160.178.62', 'ip=60. 191.133.51', 'ip=60.191.133.58', 'ip=60.191.133.50', 'ip=60.191.133.43', 'ip=60.191.133.52', 'ip=60.191.133.37', 'ip=60.191.133.49', 'ip=120.38.62 .58', 'ip=61.153.76.94', 'ip=61.153.73.66', 'ip=61.153.73.90', 'ip=218.2 06.210.157', 'ip=202.98.60.114'] TOPSEC Heartbleed of 9 ['ip=202.98.60.122', 'ip=202.98.60.116', 'ip=202.98.60.100', 'ip=202.98.60 .125', 'ip=202.98.60.115', 'ip=202.98.60.120', 'ip=202.98.60.103', 'ip=2 02.98.60.121', 'ip=202.98.60.102', 'ip=202.98.60.118', 'ip=202.98.60.110 ', 'ip=202.98.60.119', 'ip=202.98.60.113', 'ip=202.98.60.117', 'ip=202.98. 60.101', 'ip=183.129.186.109', 'ip=183.129.186.108', 'ip=183.129.186.106 ', 'ip=183.129.186.107', 'ip=183.129.186.154'] TOPSEC Heartbleed of 10 ['ip=61.187.94.197', 'ip=61.187.94.196', 'ip=123.127.76.52', 'ip=58.213.11 6.20', 'ip=120.194.66.142', 'ip=122.141.66.210', 'ip=61.181.72.14', 'ip= 202.97.177.157', 'ip=58.217.107.178', 'ip=218.28.130.18', 'ip=218.28.130.2 2', 'ip=218.28.130.106', 'ip=61.167.37.34', 'ip=175.19.208.197', 'ip=118 .122.33.239', 'ip=180.168.181.162', 'ip=218.92.37.122', 'ip=106.120.136.25 4', 'ip=60.30.27.5', 'ip=14.158.215.140'] TOPSEC Heartbleed of 11 ['ip=119.48.73.134', 'ip=119.48.73.126', 'ip=58.211.51.178', 'ip=61.163.12 7.142', 'ip=61.163.127.34', 'ip=61.163.124.24', 'ip=180.212.94.36', 'ip= 60.30.162.10', 'ip=218.3.136.172', 'ip=61.158.111.178', 'ip=60.31.185.66 ', 'ip=60.31.190.242', 'ip=60.214.69.95', 'ip=120.199.19.122', 'ip=111.26. 192.14', 'ip=182.116.61.241', 'ip=113.107.52.4', 'ip=124.133.48.244', 'i p=59.39.58.126', 'ip=211.98.23.200'] TOPSEC Heartbleed of 12 ['ip=1.189.195.124', 'ip=202.104.147.42', 'ip=117.117.117.72', 'ip=218.94. 23.114', 'ip=61.191.126.61', 'ip=113.3.56.127', 'ip=61.160.91.18', 'ip=1 20.44.125.62', 'ip=218.92.10.18', 'ip=59.175.173.178', 'ip=124.207.56.226" >', 'ip=113.128.206.130', 'ip=202.100.111.170', 'ip=123.138.180.210', 'ip= 180.96.16.182', 'ip=202.207.177.60', 'ip=202.207.177.250', 'ip=202.207.176 .62', 'ip=111.160.7.234', 'ip=111.160.0.135'] TOPSEC Heartbleed of 13 ['ip=111.160.2.126', 'ip=111.160.7.250'] 只求一个闪电足矣!! 修复方案: 作为知名的安全设备厂商,这么高危的漏洞,Opnell都过去5个月了,没能及时打补丁,觉得还是要引起重视和思考的。 还回继续关注天融信安全的,希望你们越做越好。 版权声明:转载请注明来源 大大灰狼@乌云 漏洞回应 厂商回应: 危害等级:高 漏洞Rank:20 确认时间:2014-09-06 18:12 厂商回复: 感谢您的反馈,我们会尽快打补丁修复。 最新状态: 暂无 漏洞评价: 对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值 漏洞评价(共0人评价): 登陆后才能进行评分 评价 2014-09-06 15:33 | loli ( 普通白帽子 | Rank:649 漏洞数:59 | 每个男人心中都住着一个叫小红的88号技师。) 0 画面太美我不敢想! 1# 回复此人 2014-09-06 17:19 | px1624 ( 普通白帽子 | Rank:1171 漏洞数:207 | px1624) 0 。。。会被跨省么 2# 回复此人 2014-09-06 18:05 | 大大灰狼 ( 普通白帽子 | Rank:278 漏洞数:64 | Newbie) 0 @疯狗 乌云现在对加精漏洞审核标准是什么? 3# 回复此人 2014-09-06 18:06 | 大大灰狼 ( 普通白帽子 | Rank:278 漏洞数:64 | Newbie) 1 @loli 估计天融信的孩子要中秋节要加班了。。。。 4# 回复此人 2014-09-06 18:14 | loli ( 普通白帽子 | Rank:649 漏洞数:59 | 每个男人心中都住着一个叫小红的88号技师。) 0 想要被雷劈,一定要走非主流路线。 5# 回复此人 2014-09-06 20:33 | 大大灰狼 ( 普通白帽子 | Rank:278 漏洞数:64 | Newbie) 0 @loli 安全设备就那么回事,一会去看看绿盟 6# 回复此人 2014-09-06 20:36 | 大大灰狼 ( 普通白帽子 | Rank:278 漏洞数:64 | Newbie) 0 @天融信 给你们挖了100多台设备,是否有精美礼物呢? 7# 回复此人 2014-09-07 00:40 | [email protected] ( 普通白帽子 | Rank:288 漏洞数:27 | ANONYMOUS) 2 呵呵 这家公司连售后都屌的一逼 会管你 8# 回复此人 2014-09-09 12:38 | Asuri ( 路人 | Rank:13 漏洞数:6 | Never take off the mask) 0 T_T天融信的POC试了好久都没成功过..... 9# 回复此人 2014-09-26 19:01 | luwikes ( 普通白帽子 | Rank:552 漏洞数:83 | 潜心学习~~~) 0 够贴心 10# 回复此人 2014-09-26 20:53 | D&G ( 普通白帽子 | Rank:780 漏洞数:158 | going) 0 想了解一下IP从哪里批量抓取的? 11# 回复此人 2014-09-28 08:55 | 乐乐、 ( 普通白帽子 | Rank:878 漏洞数:190 ) 0 何止一个“爽”字得了 12# 回复此人 2014-09-28 08:59 | 大大灰狼 ( 普通白帽子 | Rank:278 漏洞数:64 | Newbie) 0 @乐乐、 连个礼物都不给,@天融信 真是屌的一逼,哼!!还不如分开刷呢 13# 回复此人 2014-09-28 09:01 | 乐乐、 ( 普通白帽子 | Rank:878 漏洞数:190 ) 1 @大大灰狼 14# 回复此人 2014-10-21 16:17 | 海绵君 ( 路人 | Rank:9 漏洞数:2 | 欢迎搞基:2646480065) 0 想了解一下IP从哪里批量抓取的? @大大灰狼 -。- 15# 回复此人 2014-10-21 16:49 | I am XiaoM ( 路人 | Rank:3 漏洞数:4 | 看着大家的Rank我深深被伤了...) 0 我累个槽,应该找一下天融信的销售资料。这样就精准定位了 16# 回复此人 2014-10-22 11:43 | 小卖部部长 ( 路人 | Rank:24 漏洞数:3 | 别拿部长不当干部!) 2 我之前购买的天融信的网关,后来外置电源坏了,联系客服,均无果,后来愣是在淘宝上买了个山货。 17# 回复此人 2014-10-24 13:59 | latershow ( 路人 | Rank:24 漏洞数:6 | andr0day) 1 我去,之前搞了个Heartbleed大网段扫描器,扫除好多天融信的,结果被忽略了,洞主是先弱口令?还是利用heartbleed获取到的口令? 18# 回复此人 2014-10-24 13:59 | latershow ( 路人 | Rank:24 漏洞数:6 | andr0day) 0 我去,之前搞了个Heartbleed大网段扫描器,扫除好多天融信的,结果被忽略了,洞主是先弱口令?还是利用heartbleed获取到的口令? 19# 回复此人 点赞 https://cn-sec.com/archives/26096.html 复制链接 复制链接 左青龙 微信扫一扫 右白虎 微信扫一扫
评论