\u57fa\u4e8eMITRE CVE\u7edf\u8ba1\u3001NVD\u6f0f\u6d1e\u6570\u636e\u5e93\u53caFireEye\u4e8b\u4ef6\u54cd\u5e94\u62a5\u544a\uff0c\u9009\u53d6\u7b26\u5408\u4ee5\u4e0b\u7279\u5f81\u7684\u6f0f\u6d1e\uff1a<\/p>\n\n\n\n
\u6280\u672f\u6210\u56e0<\/strong>\uff1a \u5173\u952e\u5371\u5bb3<\/strong>\uff1a<\/p>\n\n\n\n \u9632\u5fa1\u6f14\u8fdb<\/strong>\uff1a \u6f0f\u6d1e\u96c6\u7fa4<\/strong>\uff1a<\/p>\n\n\n\n \u653b\u51fb\u8303\u5f0f\u8f6c\u53d8<\/strong>\uff1a<\/p>\n\n\n\n \u52a0\u56fa\u65b9\u6848<\/strong>\uff1a Stop-Service -Name LanmanServer -Force \u653b\u51fb\u8def\u5f84<\/strong>\uff1a<\/p>\n\n\n\n \u6280\u672f\u7a81\u7834<\/strong>\uff1a<\/p>\n\n\n\n \u68c0\u6d4b\u96be\u70b9<\/strong>\uff1a<\/p>\n\n\n\n \u6f0f\u6d1e\u672c\u8d28<\/strong>\uff1a \u653b\u51fb\u98ce\u66b4<\/strong>\uff1a<\/p>\n\n\n\n \u5e94\u6025\u54cd\u5e94\u77e9\u9635<\/strong>\uff1a<\/p>\n\n\n\n \u6f0f\u6d1e\u7ec4\u5408\u62f3<\/strong>\uff1a<\/p>\n\n\n\n \u653b\u51fb\u7279\u5f81<\/strong>\uff1a<\/p>\n\n\n\n \u53d6\u8bc1\u8981\u70b9<\/strong>\uff1a \u5904\u7406\u5668\u67b6\u6784\u7f3a\u9677<\/strong>\uff1a<\/p>\n\n\n\n \u8de8\u7ef4\u5ea6\u5f71\u54cd<\/strong>\uff1a<\/p>\n\n\n\n \u5f02\u6784\u8ba1\u7b97\u9632\u5fa1<\/strong>\uff1a<\/p>\n\n\n\n \u5bc6\u7801\u5b66\u5371\u673a<\/strong>\uff1a \u884c\u4e1a\u51b2\u51fb<\/strong>\uff1a<\/p>\n\n\n\n \u5bc6\u7801\u7b56\u7565\u91cd\u6784<\/strong>\uff1a<\/p>\n\n\n\n \u6f0f\u6d1e\u673a\u7406<\/strong>\uff1a \u4f20\u64ad\u7279\u70b9<\/strong>\uff1a<\/p>\n\n\n\n \u52a8\u6001\u6c99\u7bb1\u68c0\u6d4b<\/strong>\uff1a<\/p>\n\n\n\n \u6f0f\u6d1e\u7b5b\u9009\u6807\u51c6 \u57fa\u4e8eMITRE CVE\u7edf\u8ba1\u3001NVD\u6f0f\u6d1e\u6570\u636e\u5e93\u53ca...<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[20,19],"class_list":["post-242","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-20","tag-19"],"_links":{"self":[{"href":"https:\/\/dengbaoceping.org\/index.php\/wp-json\/wp\/v2\/posts\/242","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dengbaoceping.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dengbaoceping.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dengbaoceping.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dengbaoceping.org\/index.php\/wp-json\/wp\/v2\/comments?post=242"}],"version-history":[{"count":0,"href":"https:\/\/dengbaoceping.org\/index.php\/wp-json\/wp\/v2\/posts\/242\/revisions"}],"wp:attachment":[{"href":"https:\/\/dengbaoceping.org\/index.php\/wp-json\/wp\/v2\/media?parent=242"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dengbaoceping.org\/index.php\/wp-json\/wp\/v2\/categories?post=242"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dengbaoceping.org\/index.php\/wp-json\/wp\/v2\/tags?post=242"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
OpenSSL 1.0.1\u7248\u672cTLS\u5fc3\u8df3\u6269\u5c55\u534f\u8bae\u5b9e\u73b0\u7f3a\u9677\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u6784\u9020\u7578\u5f62\u5fc3\u8df3\u8bf7\u6c42\u89e6\u53d164KB\u5185\u5b58\u6570\u636e\u6cc4\u9732<\/p>\n\n\n\n\n
\u25b8 \u7981\u7528TLS heartbeat\u6269\u5c55
\u25b8 OpenSSL\u5347\u7ea7\u81f31.0.1g+\u7248\u672c
\u25b8 \u5b9e\u65bd\u8bc1\u4e66\u5bc6\u94a5\u8f6e\u6362\u673a\u5236<\/p>\n\n\n\n
\n\n\n\n2. \u6c38\u6052\u4e4b\u84dd\uff08EternalBlue\uff09\u6f0f\u6d1e\u94fe<\/h2>\n\n\n\n
\n
\n
```powershell<\/p>\n\n\n\n\u4f01\u4e1a\u7ea7\u4fee\u590d\u547d\u4ee4\u793a\u4f8b<\/h1>\n\n\n\n
Set-SmbServerConfiguration -EnableSMB1Protocol $false<\/p>\n\n\n\n3. \u4f9b\u5e94\u94fe\u6838\u5f39\uff1aSolarWinds Orion\u540e\u95e8\uff082020\uff09<\/h2>\n\n\n\n
\n
\n
HTTPS\u52a0\u5bc6\u4f20\u8f93\u53cd\u5c04\u578bDLL\u6ce8\u5165\u5408\u6cd5\u66f4\u65b0\u670d\u52a1\u5668\u53d7\u4fe1\u8bc1\u4e66\u6570\u5b57\u7b7e\u540d\u9a8c\u8bc1\u901a\u8fc7\u5185\u5b58\u4e2d\u89e3\u5bc6\u6267\u884c\u6076\u610f\u4ee3\u7801\u5408\u6cd5\u7cfb\u7edf\u8fdb\u7a0b<\/pre>\n\n\n\n
\n\n\n\n4. \u65e5\u5fd7\u7ec4\u4ef6\u584c\u9677\uff1aLog4j2\u6f0f\u6d1e\uff08CVE-2021-44228\uff09<\/h2>\n\n\n\n
JNDI\u67e5\u627e\u529f\u80fd\u672a\u505a\u8f93\u5165\u8fc7\u6ee4\uff0c\u5141\u8bb8\u901a\u8fc7\u65e5\u5fd7\u5185\u5bb9\u89e6\u53d1\u8fdc\u7a0b\u7c7b\u52a0\u8f7d<\/p>\n\n\n\n\n
\u4fee\u590d\u9636\u6bb5<\/th> \u64cd\u4f5c\u65b9\u6848<\/th> \u6709\u6548\u6027<\/th><\/tr><\/thead> \u9ec4\u91d14\u5c0f\u65f6<\/td> \u7981\u7528JNDI\u67e5\u627e\u529f\u80fd<\/td> \u4e34\u65f6\u7f13\u89e3<\/td><\/tr> 24\u5c0f\u65f6<\/td> \u5347\u7ea7\u81f32.15.0\u7248\u672c<\/td> \u90e8\u5206\u4fee\u590d<\/td><\/tr> 72\u5c0f\u65f6<\/td> \u90e8\u7f72WAF\u89c4\u5219\u96c6LJ001-2021<\/td> \u6df1\u5ea6\u9632\u5fa1<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n5. \u90ae\u4ef6\u670d\u52a1\u5668\u6ca6\u9677\uff1aProxyLogon\uff08CVE-2021-26855\uff09<\/h2>\n\n\n\n
\n
\n
\u25b8 \u68c0\u67e5IIS\u65e5\u5fd7\u4e2d\u7684\u5f02\u5e38POST\u8bf7\u6c42\uff08Content-Length: 0\uff09
\u25b8 \u6392\u67e5%PROGRAMFILES%\\Microsoft\\Exchange Server\\V15\\FrontEnd\\HttpProxy\\owa\\auth\\\u76ee\u5f55
\u25b8 \u5ba1\u8ba1ECP\u865a\u62df\u76ee\u5f55\u914d\u7f6e\u53d8\u66f4\u8bb0\u5f55<\/p>\n\n\n\n
\n\n\n\n6. \u786c\u4ef6\u7ea7\u707e\u96be\uff1a\u7194\u65ad\u4e0e\u5e7d\u7075\uff08Meltdown\/Spectre\uff09<\/h2>\n\n\n\n
\n
\n
<CPP>
\/\/ \u5185\u6838\u9875\u8868\u9694\u79bb\u8865\u4e01\u793a\u4f8b\uff08KPTI\uff09<\/em>\nvoid __switch_to_extra_pgd(struct mm_struct *mm)\n{\n write_cr3(__pa(mm->pgd) | CR3_PCID_USER);\n}\n<\/code><\/pre>\n\n\n\n
\n\n\n\n7. TLS\u534f\u8bae\u964d\u7ea7\u653b\u51fb\uff08CVE-2017-3732\uff09<\/h2>\n\n\n\n
OpenSSL 1.1.0\u7248\u672c\u5b58\u5728RSA\u5bc6\u94a5\u534f\u5546\u6f0f\u6d1e\uff0c\u5141\u8bb8\u4e2d\u95f4\u4eba\u5f3a\u5236\u964d\u7ea7\u81f3\u5f31\u52a0\u5bc6\u7b97\u6cd5<\/p>\n\n\n\n\n
<NGINX>
# Nginx\u5f3a\u5236\u52a0\u5bc6\u5957\u4ef6\u914d\u7f6e\u793a\u4f8b<\/em>\nssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256';\nssl_prefer_server_ciphers on;\nssl_protocols TLSv1.3;\n<\/code><\/pre>\n\n\n\n
\n\n\n\n8. CMS\u6838\u7206\u6f0f\u6d1e\uff1aDrupalgeddon\uff08CVE-2018-7600\uff09<\/h2>\n\n\n\n
Drupal\u8868\u5355API\u672a\u8fc7\u6ee4#\u53c2\u6570\uff0c\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c<\/p>\n\n\n\n\n
<PYTHON>
# \u6f0f\u6d1e\u68c0\u6d4bPoC\u7247\u6bb5<\/em>\npayload = {\n 'form_id': 'user_register_form',\n '_drupal_ajax': '1',\n 'mail[#post_render][]': 'exec',\n 'mail[#type]': 'markup',\n 'mail[#markup]': 'echo vulnerable > \/tmp\/drupalcheck'\n}\nrequests.post(target, data=payload)\n<\/code><\/pre>\n\n\n\n
\n\n\n\n\u9632\u5fa1\u4f53\u7cfb\u6784\u5efa\u5efa\u8bae<\/h2>\n\n\n\n
\n
\n
\n
\n