ÎÄÕÂȪԴ£ºÏÈÖªÉçÇø£¨Å£°®»¨£©

Ô­Îĵص㣺https://xz.aliyun.com/t/10442

0x01 Ç°ÑÔ

×î½ü¿´µ½Á˹ØÓÚÐí¶àºì¶Ó·½ÃæµÄÎÄÕ£¬£¬£¬£¬£¬ÔõÑù¾ÙÐÐÐÅÏ¢ÍøÂ磬£¬£¬£¬£¬´Ó¼òµ¥Ä¿µÄ»ò¶à¸öÄ¿µÄÖоÙÐпìËÙ²éÕÒÎó²î¡£¡£¡£½ñÌìÌṩһÖÖÕë¶Ô½Ï¶à×ʲú»òÄ¿µÄµÄÇéÐÎϾÙÐÐÅúÁ¿Ê¶±ðÄ¿µÄ¿ò¼Ü¾ÙÐÐÕë¶ÔÐÔÎó²îÍÚ¾òµÄ·½·¨¡£¡£¡£ÓõúÿÉÄÜÆäËü²½¶Ó»¹ÔÚÐÁÐÁÇÚ¿à´òµãµÄʱ¼ä£¬£¬£¬£¬£¬ÄãÒѾ­½øÄÚÍøÁË¡£¡£¡£

0x02 ÕýÎÄ

×î½ü EHole ¸üÐÂÁË3.0°æ±¾£¬£¬£¬£¬£¬ÌṩÁË finger Óë fofaext ²ÎÊý£¬£¬£¬£¬£¬fofaext²ÎÊýÖ÷Òª´Ófofa¾ÙÐÐÅúÁ¿»ñÈ¡ IP µÄ¶Ë¿ÚÇéÐΣ¬£¬£¬£¬£¬¶ø finger Ôò¾ÙÐÐÅúÁ¿¾ÙÐÐÖ¸ÎÆÑé֤ʶ±ð¡£¡£¡£ÏÖÔÚ¿ªÔ´µÄÖ¸ÎÆ¿ìÒª1000Ìõ£¬£¬£¬£¬£¬»ù±¾É϶¼ÊǽÏÁ¿³£Óöµ½µÄϵͳ£¬£¬£¬£¬£¬ÁíÍâ finger ²ÎÊýÔò¿ÉÒÔÖ±½Óʶ±ðÏÂÃæÃûÌõĵص㣺

IP:PORT

HTTP(s)://URL

HTTP(s)://IP

HTTP(s)://IP:PORT

ÔÚºì¶Ó³¡¾°ÏÂÊ×ÏȶԶà¸öÄ¿µÄ¾ÙÐÐÁË×ʲúÍøÂ磬£¬£¬£¬£¬ÓÌÈçʱ¼¸Ç§ÉÏÍò¸öIP£¬£¬£¬£¬£¬ÔõÑù¿ìËٵĴÓÕâЩ×ʲúÖоÙÐлñÈ¡Ö÷ÒªµÄϵͳ»òÕßÖ±½ÓÄÜ RCE µÄϵͳÄØ£¿£¿

¿ÉÒÔÏÈ´Ófofa¾ÙÐÐÅúÁ¿ÌáÈ¡IP+PORT£º

./Ehole-darwin fofaext -l /Users/r1ng/Downloads/ip.txt

²âÊÔÁùÍò¸öIP´ÓFOFAÌáȡԼĪÐèÒª15-20·ÖÖÓ×óÓÒ¡£¡£¡£ÌáÈ¡ºó»á×Ô¶¯ÌìÉú results.xlsx Îļþ¡£¡£¡£

Ëæºó¿ÉÖ±½Ó½« host ÁÐ copy ÖÁ txt Îı¾ÖоÙÐÐʶ±ðÖ÷ÒªµÄϵͳ£¨×îÖÕ»ñÈ¡HTTPЧÀͽ«3ÍòÌõ£¬£¬£¬£¬£¬Ê¶±ð10·ÖÖÓ×óÓÒ£©£º

PS£ºÖ¸ÎÆ¿É×Ô½ç˵Ìí¼Ó£¬£¬£¬£¬£¬ÈçÊÖÀïÓÐij¸öϵͳµÄ 0day ¿ÉÖ¸¶¨Ìí¼ÓÖ¸ÎƾÙÐÐʶ±ð¡£¡£¡£

./Ehole-darwin finger -l /Users/r1ng/Downloads/url.txt

×îÖÕÊä³öµÄЧ¹ûÈçÏ£º

ÖÖÖÖÖصãϵͳ¿ÉÖ±½Ó¾ÙÐÐɸѡºó°´Ö¸¶¨Ä¿µÄ¾ÙÐй¥»÷»ñȡȨÏÞ£¬£¬£¬£¬£¬ºÃ±Èshiro£º

ijOA£º

º£¿£¿µÍþÊÓ rceµÈ£º

........

½ÓÏÂÀ´¾Í¿ÉÒÔ½øÈëÄÚÍøËæÒâÊ©Õ¹ÁË~

0x03 ×ܽá

ÔÚºì¶Ó×÷Õ½ÖУ¬£¬£¬£¬£¬ÐÅÏ¢ÍøÂçÊDZز»¿ÉÉٵĻ·½Ú¡£¡£¡£EHole¿ÉÒÔ×ÊÖúºì¶ÓÖ°Ô±¿ìËÙ´ÓÍøÂçÖÐÒÔ¼°´ó×ÚÔÓÂÒµÄ×ʲúÖо«×¼¶¨Î»µ½Ò×±»¹¥»÷µÄϵͳºÍųÈõ×ʲú£¬£¬£¬£¬£¬´Ó¶øʵÑé½øÒ»²½¹¥»÷¡£¡£¡£

EHoleÏîÄ¿µØµã£º

https://github.com/EdgeSecurityTeam/EHole