Reborn Super Hacker
Chapter 249 Technical Attack and Defense
Text【The Matrix】Chapter 240 IX Technical Attack and Defense-
-
"Meka, do you need help?" Iverson asked Meka after seeing Meka's failure in the first confrontation. -
"Meka, let's go together! Don't fight that pervert alone, let's cooperate together!!" A member of the x organization stood up at this time and said passionately. -
Meka was already a little moved in his heart at this time, and then he looked at Pace, who was also looking at him, the two looked at each other, and then smiled, "Let's start, everyone, let's make Huaxia together. Defeat the 'God'!!" Meka yelled. -
Afterwards, under the leadership of Meka, the x organization launched an attack on the main server again. This was a confrontation between the strong, and no one could avoid it, and they couldn't guess who would win. . -
"Pace, test for cross-site vulnerabilities. It stands to reason that all websites now have cross-site vulnerabilities!!" Meka said to Pace. -
Pace nodded, "I'll try!" Pace was also very happy. The reason why Meka handed over this test to Pace was because Pace was an expert at detecting website vulnerabilities. Prepare tools! (There are two most commonly used website marginalia detection tools in Huaxia, Ming Xiaozi domain and Ah D, but the authors of these two tools are no longer updated! The tools can be found by Baidu search, but most of them are packed , there is a hacking Trojan horse! You can use the peid software to find out the shell. It is recommended that everyone download peid and install it. After installation, the software will add the peid key value to the right button. If you want to open some unknown software in the future, you can use peid to check the shell!) -
Pace first used two springboards to break through China's prohibition on access and entered the Shanghai Stock Exchange site. The first way Pace implemented site intrusion was injection attacks. This is a common security problem encountered by many sites. When network programmers write site programs, they don't pay attention to restricting url access to databases. They mainly write languages such as asp/asp.net/php/jsp (the first choice for sun enterprise-level use) that dynamically operate databases. (Then Xiaozhi will give you a basic example, let’s take a look at this is Xiaozhi’s website: mxd.hk/show.asp, you can add a single quotation mark after the URL of this website and then open it to see, the page cannot be displayed Then enter and1=1 to see the result; then enter and1=2 to see the result. If the results returned by entering and1=1 and and1=2 are different, it means that the site has an injection vulnerability. Injection vulnerability There are several types: including character type injection and search type injection. All kinds of injections are always the same, and they are all for listing the contents of the database. The main purpose of using the database is to enter the background and transmit web Trojan horses. There are a lot of injection vulnerabilities in private server websites! Because the asp code is not filtered for security!)-
Pace entered the injection code several times in a row. These codes are all created by Pace. It can be said that because of these codes, Pace has mastered all the injection vulnerabilities of asp sites. However, although this website is written in aspx, when Pace injected A message was suddenly fed back, "Can your methods be smarter!!" Of course, Pace knew that this injection vulnerability was fixed by "God is an idiot", but he was still a little angry when he saw this sentence, which is too contemptuous up! ! ! -
"Pace, it's useless, I tried it just now! This website doesn't have any vulnerabilities that can be injected. Do you remember that there were no security controls before our first intrusion, but now we have added bank-specific security controls!" Gypsy said helplessly. -
After Meka heard Gypsy's words, she immediately entered the website, and she saw that the login interface enabled the security ax control that must be downloaded when logging into the bank! "The bank's browser security control!?" Meka muttered, and then he immediately opened the sniffing tool and directly downloaded the security control for the Shanghai stock market login. From downloading to installation, Meka has been intercepting data, Meka registered an account casually. Although it was prompted that the registration was prohibited, Meka bypassed this restriction and the registration was successful. Meka used that account to log in, and she found out the function of this security control. Meka clicked After logging in, the account and password information is encrypted by SSL for key data. At this time, Meka immediately uses another tool to suspend the browser access thread. After suspending the browser access thread, the encrypted SSL is sent to the server. The data stopped accordingly, and Meka immediately opened the sniffing tool to see what was intercepted, but the result surprised him because he saw that the intercepted data were all garbled characters. -
"Damn it, this is too difficult!" Iverson stood behind Meka and watched Meka's operation and couldn't help cursing. -
Huang Fei looked at the injected and intercepted data, with a faint smile on his mouth. These were nothing in his eyes, because the number of loopholes he found on this Shanghai Stock Exchange website reached hundreds, and The high-risk ones are injection and guessing. Although this website is impossible to invade in the eyes of other hackers, these are just their methods. That line of injection code can definitely explode the administrator's account password! -
Huang Fei hasn't fixed all the loopholes now, so it won't be fun, and he has to give the other party a chance to invade!Because he will fight back against the x organization after a while. -
"It's so strong! It's really powerful." Li Hua looked at the monitoring abnormal traffic data transmitted from the Shanghai Stock Exchange server monitoring room, and sighed in his mouth, because it showed that in just 10 minutes, the Shanghai Stock Exchange stock website was tried to inject Hundreds of times, but now the data of the website is still normal, and the website can also be accessed normally. You must know that the intruder is the x organization, the self-proclaimed powerful hacker organization of m country!The gap between the Honker Alliance and the x organization is like a windows98 system and a windows xp system, the gap is not one or two points. Even if the Shanghai stock market website does not fix the loopholes, the Honker Alliance will definitely not be able to take down the webshell.Look at the fact that the x organization took only a few minutes to take away the database of the entire website, and you can see it. -
"The website can be registered, did 'God' deliberately let us register?" Pace said. -
Meka smiled wryly, "Maybe so, but we won't admit defeat, even if he looks down on us, let's prove it to him. Could it be that the defense of this website is more difficult than the website built by Dr. Leisen's Leisen system?" ?” Meka said. -
"Registered members post suggestions column, there is a function of uploading pictures, I will try to see if I can use this." Pace immediately came up with the second intrusion method after one failure. What matters is innovation, and it is impossible to succeed with immutable technology. -
"Gypsy, borrow your pony and use it! Send it here." Pace, who had never said a word to Gypsy, finally asked at this time. The latter was stunned for a moment, and then smiled: "No problem, I I'll pass it on to you!" Because Gypsy is a professional "Trojan horse writing machine", the web Trojan horses he modifies can be as small as tens of bytes, which can be compared with those web page horses, and all anti-virus software has been passed! -
"Thank you!" Pace said, and Gypsy hummed happily. The most important thing is to cooperate at this critical moment, because their opponent this time is extremely powerful, and they are simply computer super geniuses. -
After receiving the Trojan horse sent by Gypsy, Pace immediately clicked on the comments section of the webpage, because he needed to bypass the detection if he wanted to upload the pony to the server, so he executed a garbled message. -
When the Chinese and English words "Message successful" appeared on the screen, Pace began to feel a little nervous. Next, he continued to enter the access path of the uploaded pony in the browser bar, but the reply to him was a 404 access On the failure page, Pace's pony was actually killed. -
It is certain that he will be killed, because Huang Fei has already installed "Feiqi antivirus software" in the server. You must know that antivirus dogs are everywhere!The moment the file was modified, "Feiqi Antivirus Software" immediately scanned the file. How could a small Trojan horse escape its monitoring? No matter how small you are, you are still blacklisted. . -
"Damn it!" Pace couldn't help cursing. -
From his expression, it can be seen that this attempt to exploit the upload vulnerability also failed. -.
At this time, cold sweat was already appearing on Iverson's forehead, because if he didn't hurry up, all the investment funds blamed by them would be lost in one fell swoop.You know that is 15 billion US dollars, enough to buy several buildings in New York City. -
"It doesn't matter, since we can't start from the website, let's start from the server! Now check the server's loopholes!" Meka said calmly, paused, and then continued to ask a member of the x organization : "We still have a few common vulnerabilities in the windows system?" -
"8 2 common vulnerabilities, 46 exploitable vulnerabilities!" the member replied. . -
-
"Meka, do you need help?" Iverson asked Meka after seeing Meka's failure in the first confrontation. -
"Meka, let's go together! Don't fight that pervert alone, let's cooperate together!!" A member of the x organization stood up at this time and said passionately. -
Meka was already a little moved in his heart at this time, and then he looked at Pace, who was also looking at him, the two looked at each other, and then smiled, "Let's start, everyone, let's make Huaxia together. Defeat the 'God'!!" Meka yelled. -
Afterwards, under the leadership of Meka, the x organization launched an attack on the main server again. This was a confrontation between the strong, and no one could avoid it, and they couldn't guess who would win. . -
"Pace, test for cross-site vulnerabilities. It stands to reason that all websites now have cross-site vulnerabilities!!" Meka said to Pace. -
Pace nodded, "I'll try!" Pace was also very happy. The reason why Meka handed over this test to Pace was because Pace was an expert at detecting website vulnerabilities. Prepare tools! (There are two most commonly used website marginalia detection tools in Huaxia, Ming Xiaozi domain and Ah D, but the authors of these two tools are no longer updated! The tools can be found by Baidu search, but most of them are packed , there is a hacking Trojan horse! You can use the peid software to find out the shell. It is recommended that everyone download peid and install it. After installation, the software will add the peid key value to the right button. If you want to open some unknown software in the future, you can use peid to check the shell!) -
Pace first used two springboards to break through China's prohibition on access and entered the Shanghai Stock Exchange site. The first way Pace implemented site intrusion was injection attacks. This is a common security problem encountered by many sites. When network programmers write site programs, they don't pay attention to restricting url access to databases. They mainly write languages such as asp/asp.net/php/jsp (the first choice for sun enterprise-level use) that dynamically operate databases. (Then Xiaozhi will give you a basic example, let’s take a look at this is Xiaozhi’s website: mxd.hk/show.asp, you can add a single quotation mark after the URL of this website and then open it to see, the page cannot be displayed Then enter and1=1 to see the result; then enter and1=2 to see the result. If the results returned by entering and1=1 and and1=2 are different, it means that the site has an injection vulnerability. Injection vulnerability There are several types: including character type injection and search type injection. All kinds of injections are always the same, and they are all for listing the contents of the database. The main purpose of using the database is to enter the background and transmit web Trojan horses. There are a lot of injection vulnerabilities in private server websites! Because the asp code is not filtered for security!)-
Pace entered the injection code several times in a row. These codes are all created by Pace. It can be said that because of these codes, Pace has mastered all the injection vulnerabilities of asp sites. However, although this website is written in aspx, when Pace injected A message was suddenly fed back, "Can your methods be smarter!!" Of course, Pace knew that this injection vulnerability was fixed by "God is an idiot", but he was still a little angry when he saw this sentence, which is too contemptuous up! ! ! -
"Pace, it's useless, I tried it just now! This website doesn't have any vulnerabilities that can be injected. Do you remember that there were no security controls before our first intrusion, but now we have added bank-specific security controls!" Gypsy said helplessly. -
After Meka heard Gypsy's words, she immediately entered the website, and she saw that the login interface enabled the security ax control that must be downloaded when logging into the bank! "The bank's browser security control!?" Meka muttered, and then he immediately opened the sniffing tool and directly downloaded the security control for the Shanghai stock market login. From downloading to installation, Meka has been intercepting data, Meka registered an account casually. Although it was prompted that the registration was prohibited, Meka bypassed this restriction and the registration was successful. Meka used that account to log in, and she found out the function of this security control. Meka clicked After logging in, the account and password information is encrypted by SSL for key data. At this time, Meka immediately uses another tool to suspend the browser access thread. After suspending the browser access thread, the encrypted SSL is sent to the server. The data stopped accordingly, and Meka immediately opened the sniffing tool to see what was intercepted, but the result surprised him because he saw that the intercepted data were all garbled characters. -
"Damn it, this is too difficult!" Iverson stood behind Meka and watched Meka's operation and couldn't help cursing. -
Huang Fei looked at the injected and intercepted data, with a faint smile on his mouth. These were nothing in his eyes, because the number of loopholes he found on this Shanghai Stock Exchange website reached hundreds, and The high-risk ones are injection and guessing. Although this website is impossible to invade in the eyes of other hackers, these are just their methods. That line of injection code can definitely explode the administrator's account password! -
Huang Fei hasn't fixed all the loopholes now, so it won't be fun, and he has to give the other party a chance to invade!Because he will fight back against the x organization after a while. -
"It's so strong! It's really powerful." Li Hua looked at the monitoring abnormal traffic data transmitted from the Shanghai Stock Exchange server monitoring room, and sighed in his mouth, because it showed that in just 10 minutes, the Shanghai Stock Exchange stock website was tried to inject Hundreds of times, but now the data of the website is still normal, and the website can also be accessed normally. You must know that the intruder is the x organization, the self-proclaimed powerful hacker organization of m country!The gap between the Honker Alliance and the x organization is like a windows98 system and a windows xp system, the gap is not one or two points. Even if the Shanghai stock market website does not fix the loopholes, the Honker Alliance will definitely not be able to take down the webshell.Look at the fact that the x organization took only a few minutes to take away the database of the entire website, and you can see it. -
"The website can be registered, did 'God' deliberately let us register?" Pace said. -
Meka smiled wryly, "Maybe so, but we won't admit defeat, even if he looks down on us, let's prove it to him. Could it be that the defense of this website is more difficult than the website built by Dr. Leisen's Leisen system?" ?” Meka said. -
"Registered members post suggestions column, there is a function of uploading pictures, I will try to see if I can use this." Pace immediately came up with the second intrusion method after one failure. What matters is innovation, and it is impossible to succeed with immutable technology. -
"Gypsy, borrow your pony and use it! Send it here." Pace, who had never said a word to Gypsy, finally asked at this time. The latter was stunned for a moment, and then smiled: "No problem, I I'll pass it on to you!" Because Gypsy is a professional "Trojan horse writing machine", the web Trojan horses he modifies can be as small as tens of bytes, which can be compared with those web page horses, and all anti-virus software has been passed! -
"Thank you!" Pace said, and Gypsy hummed happily. The most important thing is to cooperate at this critical moment, because their opponent this time is extremely powerful, and they are simply computer super geniuses. -
After receiving the Trojan horse sent by Gypsy, Pace immediately clicked on the comments section of the webpage, because he needed to bypass the detection if he wanted to upload the pony to the server, so he executed a garbled message. -
When the Chinese and English words "Message successful" appeared on the screen, Pace began to feel a little nervous. Next, he continued to enter the access path of the uploaded pony in the browser bar, but the reply to him was a 404 access On the failure page, Pace's pony was actually killed. -
It is certain that he will be killed, because Huang Fei has already installed "Feiqi antivirus software" in the server. You must know that antivirus dogs are everywhere!The moment the file was modified, "Feiqi Antivirus Software" immediately scanned the file. How could a small Trojan horse escape its monitoring? No matter how small you are, you are still blacklisted. . -
"Damn it!" Pace couldn't help cursing. -
From his expression, it can be seen that this attempt to exploit the upload vulnerability also failed. -.
At this time, cold sweat was already appearing on Iverson's forehead, because if he didn't hurry up, all the investment funds blamed by them would be lost in one fell swoop.You know that is 15 billion US dollars, enough to buy several buildings in New York City. -
"It doesn't matter, since we can't start from the website, let's start from the server! Now check the server's loopholes!" Meka said calmly, paused, and then continued to ask a member of the x organization : "We still have a few common vulnerabilities in the windows system?" -
"8 2 common vulnerabilities, 46 exploitable vulnerabilities!" the member replied. . -
Tap the screen to use advanced tools
Tip: You can use left and right keyboard keys to browse between chapters.
You'll Also Like
-
Douluo Jue Shi: Ghost Rider, Heavenly Sword Burning Soul!
Chapter 93 9 hours ago -
Douluo: Wuhun World Tree, I am an evil soul master
Chapter 95 9 hours ago -
Zombie King: Picking up two babies turned out to be the reincarnation of the Empress
Chapter 104 9 hours ago -
Versatile Mage: One evolution point per second
Chapter 119 9 hours ago -
Fights Break Sphere: Huolin Flying Template, Three Days Appointment!
Chapter 113 9 hours ago -
Zhu Xian: The way of heaven collapses, and I only have one sword!
Chapter 96 9 hours ago -
Douluo: Thundergod descends to the world, Wuhun Lei Yi
Chapter 92 9 hours ago -
Jackie Chan Adventures: I have everything I need now
Chapter 112 9 hours ago -
Douluo: This soul master has a little bit of luck
Chapter 83 9 hours ago -
Goddess Atlas, Starting from the Queen
Chapter 99 9 hours ago
