除了网站提供我们使用的WIFI,意外发现了很多其他的WIFI,细看之下,还会注意到这里面夹杂了很多内部的办公网络WIFI,甚至有些WIFI可直接连接无需输入密码,笔者猜测当前设备曾经已授权连接过这些WIFI,因此无需要输入密码直接可连接进入办公网络了!
除此之外,我们还可以在手机上安装apk来尝试获取手机ROOT权限,ROOT之后的手机就如同内网中一台被我们拿下的服务器一样危险。这里我们使用meterpreter生成反弹shell的apk并上传安装,然后我们本地就可以root权限完全控制手机。
翻译;
Besides the Wi-Fi provided by the website, we unexpectedly discovered many other Wi-Fi networks. Upon closer inspection, we also noticed that many of these were internal office network Wi-Fi networks, some of which allowed direct connection without a password. We suspect that our device had previously been authorized to connect to these networks, thus gaining access to the office network without a password!
Furthermore, we can install an APK on the phone to attempt to gain root access. A rooted phone is as dangerous as a compromised server on an internal network. Here, we use Meterpreter to generate a reverse shell APK, upload and install it, and then we can gain complete root control of the phone locally.
这里我们可以看到手机机房的全貌,如果录像的话可以一直监控机房工作人员的一举一动,甚至有些手机摆放的位置比较恰当的话,可以拍到记录密码的便签贴。 我们还可以开启手机录音功能,实现长时间的远程窃听等……
翻译;
Here we can see the entire mobile phone server room. If we record video, we can continuously monitor the actions of the staff in the room. If some phones are positioned strategically, we can even capture images of the notes containing passwords. We can also enable the phone's recording function for extended remote eavesdropping, etc.
另外,我们可以通过手机的定位功能找到受控机器所在的位置。
翻译;
In addition, we can use the location function of a mobile phone to find the location of the controlled machine.
合作意向;https://t.me/chuanfua1
XML外部实体注入(XML External Entity)
当允许引用外部实体时,通过构造恶意内容,可导致读取任意文件、执行系统命令、探测内网端口、攻击内网网站等危害。
引入外部实体方式有多种,比如:
恶意引入外部实体方式1:
XML内容:
翻译;
Unknown Attacks, Unknown Defenses – XXE Vulnerability Attack and Defense
XML External Entity Injection
When referencing external entities is allowed, malicious content can be crafted to lead to arbitrary file reading, execution of system commands, probing of internal network ports, and attacks on internal websites, among other harms.
There are several ways to introduce external entities, such as:
Malicious External Entity Injection Method 1:
XML Content:
合作意向;https://t.me/chuanfua1
未知攻焉知防——XXE漏洞攻防
一、XML基础知识
XML用于标记电子文件使其具有结构性的标记语言,可以用来标记数据、定义数据类型,是一种允许用户对自己的标记语言进行定义的源语言。XML文档结构包括XML声明、DTD文档类型定义(可选)、文档元素。
翻译;
Unknown Attacks, Unknown Defenses – XXE Vulnerability Attack and Defense
I. XML Basics
XML is a markup language used to mark up electronic documents, giving them structure. It can be used to mark up data and define data types. It is a source language that allows users to define their own markup languages. The structure of an XML document includes an XML declaration, a DTD document type definition (optional), and document elements.
合作意向;https://t.me/chuanfua1