Reborn Super Hacker
Chapter 551
The main text [Black World] Chapter 550 A lot of loopholes are often in the hands of hackers. This sentence is true. Hacker is now a neutral word. People used to distinguish between hackers and hackers. combined together.
Why does Microsoft release a vulnerability patch every week? It is because there are too many system vulnerabilities, and most of the vulnerabilities are discovered by hackers. The previous vulnerability trading platform no longer exists. Microsoft claims to find system vulnerabilities. Giving rewards, in fact, this is changing ways to buy vulnerabilities from hackers, buy them back to repair, and then make vulnerability patches.It just sounds better.
Borik must work hard in this session. A total of 12 system vulnerabilities were released at the last conference, all of which were five-star hazard vulnerabilities. I don’t know if there will be so many more this year. I prayed in my heart.
"Hi everyone, I'm the chief moderator of the open source community, Jack!" A blond man walked onto the stage.
"With the rapid development of the Internet today, our open source community has ushered in new vitality. We need all program enthusiasts to join in and share your program source code. Well, I don't want to say so much. Today I represent our community and Linux The foundation released the latest linux version for free, the version number is linux2.6c0484." Jack said.
"The patch will also be available for download on the websites of our community and the Linux Foundation at a later date." Jack added.
As the leader of the open source system in the world, Linux has always been very low-key. Linux enthusiasts all over the world are looking forward to the update. Finally, after waiting for 2 years, there is finally a new version, and as before, it is still open source and free! .
This session is open to the public, so the reports of this session are particularly exciting. Vulnerabilities will also be announced to the world through the official website report, and the content of the speeches at the meeting will also be transparent.
The news that linux has been updated to a new version quickly spread to all over the world through the Internet, and a lot of linux fans are looking forward to it.
"Linux has finally been updated. Grandma's I thought they wouldn't update it anymore." Qingfeng said.
"Qingfeng, when did you play linux, why don't we know?" Asked slowly.
"It's already started, you just don't know it. Hehe." There was a trace of mystery in Qingfeng's tone.
After Jack finished speaking, he directly introduced the functions of the new version of linux. After all, the official system is the standard, but linux cannot be compared with cheetah bh for the time being.
After Jack finished the introduction, he went down, and the next one was Gox, what was he going to do?
"Hi everyone, I'm Gaux, and I'm also the project design director of this conference. Let me demonstrate to you, 'how to make the ATM machine automatically spit out money'! I have submitted this huge loophole to the World Bank. I believe Most of them have been repaired, and this time I'm only doing a demonstration!" Gaux smiled, and then clapped his hands.
At this time, an ATM deposit and withdrawal machine rose in the middle of the stage.
"Thanks to Citibank for the ATM machine!" Gaux said.
Everyone on the field was stunned, and Huang Fei couldn't help being interested, as far as he knew. There are 5 loopholes in the ATM machine that can be exploited to make it dispense money automatically. Will it be the same as what Huang Fei thought?
"My god, the ATM machine is throwing money!" In the Jianmeng chat room, major forums and websites immediately released this news.
This also aroused the interest of netizens. When it comes to money, many people are also interested, and let the ATM machine automatically spit out money. It is exciting to think about it. If you really have such an ability, you will get rich. Many people With such a fluke in mind, I can't wait.
Gaokes connected the official computer to another computer, then he took out a CD from his pocket, and said to everyone: "This is the bank's ATM control program, and all operations of the machine are based on this program. Controlled, thanks to Citibank for providing the CD! I am now going to install atmserver on this computer connected to the ATM machine!" Gaux said.
Afterwards, Gaux put in the CD, opened the drive letter of the CD, and installed the program directly. After a while, the program was installed, and the computer displayed that new hardware was found, and the available driver was being loaded. The driver still had to After installing on the CD and installing the driver, the atmserver is built like this.
Run the installed software, the screen of the ATM machine is on at this time, the software interface running on the computer is completely the same as the interface of the ATM machine, except that the computer cannot touch the screen.
"The computer is a carrier. We have installed the program now. Now I want to assign an ip address to the ATM. Different from the general ip address, this ip address must use the ip assigned to the bank by the National Internet Information Department. This is based on the country code. (Our code name in China is 86) The ip at the beginning is absolutely safe! Of course, thanks again to Citibank for providing it.” Gaokes said.
The next moment is the most eye-catching moment. The computer shows that the ip is already in the check range, that is, this computer is in the m domestic network and will not be open to the outside world. The internal network ip cannot be accessed from the outside.
Gaokes took out a bunch of money from his pocket, and then said to everyone with a smile: "This is 1 US dollars, everyone knows, of course, this is not provided by Citibank, it is my own!" Gaokes Si's humorous words made everyone laugh out loud, he is really not the taciturn Gaux before, he has really changed.Meka felt very relieved to see Gox's bright smiling face.
Gaokes inserted the 1 US dollars into the credit card according to the usual operation of everyone, and deposited it in the bank twice. After all, the IP is on the intranet and connected to the bank's general database, so Gaokes' deposit this time is also considered .
"Haha, the money has been deposited, the preparations are complete, and my presentation is about to begin!" Gaux laughed, and everyone present was already extremely excited.
Gaokes walked into another computer prepared by the official, "Everyone is watching, don't blink your eyes, the fun begins now! You don't need to go to the ATM to insert a credit card, skip the verification, and just let it 'spit out money' !” After Gaux finished speaking, he began to move the mouse.
I saw that Gaokes first opened the command prompt and entered a very commonly used command, the ping command. The ping command is the ip of the computer connected to the atm machine. When everyone sees the result showing that the returned data failed, then That is to say, this ip address does not exist.
The reason Gaux demonstrates this is nothing more than to show that the ip cannot be pinged. I saw that he ran the browser, entered the ip address, and it showed that the page did not exist, but when he clicked to view and view the source, Actually found something.
Just a few lines of code can be seen by careful people. After one line, there is an extra number, 6840. Hackers are sensitive to numbers. Since there are loopholes, try it. The first thing that comes to mind for 6840 is the port. Add a quotation mark and 6840 to the end of the ip address, visit it again, and the page becomes a 404 error, that is to say, this address has source code, "Everyone saw this, did you think of something, then we go further !" Gox followed the original steps and checked the source code again, this time not only found a new port number, but also more than one.
Gaokes entered the first port number again, and found that nothing was displayed, and the second one did not work, and the third one, tested one by one, and finally found it again when he tried the sixth one. The page is available.
Use the same steps to check the source code again, this time nothing can be seen, just when everyone thought that there is no rule to follow, Gaux opened a sql injection tool, with the tool, it is definitely faster than manually entering codes one by one There are too many places, I saw that Gaokes entered the address, added the port, and clicked the injection, the first time, no response, the second time, still no response, the third time... the fourth time... still no response, this time Let everyone think whether Gaux has got it right.
Gaux directly copied a line of code from the tool and added it to the end of the URL. The test result was no response. "Are you surprised? Why is there no response every time?" Gaux said.
There was a lot of discussion at the meeting, and Gaux continued to add: "As the name suggests, the ATM machine is used for deposits and withdrawals. After the deposit, there will be background data. What if I add an integer after this code? What will happen to the result? ?” The more Gaux spoke, the calmer he became, and everyone in the venue fell silent.
I saw that Gaux directly entered an integer into the injection code, for example, the feedback is an equation, adding =% 1000, Gaux gently pressed the Enter key, and then a miracle happened, I saw the ATM machine There was no response on the screen, but there was a response from the banknote outlet, and one after another US dollars were spit out from the banknote outlet. The atmosphere in the venue suddenly reached its climax, and many people exclaimed.
"Let's have a little more!" Gaokes entered "=%9000", because he had already spit out 1000 before, and only 10000 dollars remained after depositing 9000 dollars. With the press of the Enter key, the 100-yuan denomination of U.S. dollars Continuously spit out from the banknote outlet.
"My God, it's amazing!" Even Avril Lavigne couldn't help but make a sound of surprise.
While Huang Fei was sitting calmly, the loophole used by Gaokes was exactly as he thought. The use of the ATM control terminal was not rigorously filtered, and the distribution of intranet IPs was uneven, leading to fatal loopholes, not only in this area of country m The ATM cash machine, this vulnerability kills ATMs all over the world in seconds, if it is released, it will be very harmful, but Gaux has discovered it long ago, and notified the World Bank, and he omitted some specific key steps , so there is no need to worry about causing major harm.
Why does Microsoft release a vulnerability patch every week? It is because there are too many system vulnerabilities, and most of the vulnerabilities are discovered by hackers. The previous vulnerability trading platform no longer exists. Microsoft claims to find system vulnerabilities. Giving rewards, in fact, this is changing ways to buy vulnerabilities from hackers, buy them back to repair, and then make vulnerability patches.It just sounds better.
Borik must work hard in this session. A total of 12 system vulnerabilities were released at the last conference, all of which were five-star hazard vulnerabilities. I don’t know if there will be so many more this year. I prayed in my heart.
"Hi everyone, I'm the chief moderator of the open source community, Jack!" A blond man walked onto the stage.
"With the rapid development of the Internet today, our open source community has ushered in new vitality. We need all program enthusiasts to join in and share your program source code. Well, I don't want to say so much. Today I represent our community and Linux The foundation released the latest linux version for free, the version number is linux2.6c0484." Jack said.
"The patch will also be available for download on the websites of our community and the Linux Foundation at a later date." Jack added.
As the leader of the open source system in the world, Linux has always been very low-key. Linux enthusiasts all over the world are looking forward to the update. Finally, after waiting for 2 years, there is finally a new version, and as before, it is still open source and free! .
This session is open to the public, so the reports of this session are particularly exciting. Vulnerabilities will also be announced to the world through the official website report, and the content of the speeches at the meeting will also be transparent.
The news that linux has been updated to a new version quickly spread to all over the world through the Internet, and a lot of linux fans are looking forward to it.
"Linux has finally been updated. Grandma's I thought they wouldn't update it anymore." Qingfeng said.
"Qingfeng, when did you play linux, why don't we know?" Asked slowly.
"It's already started, you just don't know it. Hehe." There was a trace of mystery in Qingfeng's tone.
After Jack finished speaking, he directly introduced the functions of the new version of linux. After all, the official system is the standard, but linux cannot be compared with cheetah bh for the time being.
After Jack finished the introduction, he went down, and the next one was Gox, what was he going to do?
"Hi everyone, I'm Gaux, and I'm also the project design director of this conference. Let me demonstrate to you, 'how to make the ATM machine automatically spit out money'! I have submitted this huge loophole to the World Bank. I believe Most of them have been repaired, and this time I'm only doing a demonstration!" Gaux smiled, and then clapped his hands.
At this time, an ATM deposit and withdrawal machine rose in the middle of the stage.
"Thanks to Citibank for the ATM machine!" Gaux said.
Everyone on the field was stunned, and Huang Fei couldn't help being interested, as far as he knew. There are 5 loopholes in the ATM machine that can be exploited to make it dispense money automatically. Will it be the same as what Huang Fei thought?
"My god, the ATM machine is throwing money!" In the Jianmeng chat room, major forums and websites immediately released this news.
This also aroused the interest of netizens. When it comes to money, many people are also interested, and let the ATM machine automatically spit out money. It is exciting to think about it. If you really have such an ability, you will get rich. Many people With such a fluke in mind, I can't wait.
Gaokes connected the official computer to another computer, then he took out a CD from his pocket, and said to everyone: "This is the bank's ATM control program, and all operations of the machine are based on this program. Controlled, thanks to Citibank for providing the CD! I am now going to install atmserver on this computer connected to the ATM machine!" Gaux said.
Afterwards, Gaux put in the CD, opened the drive letter of the CD, and installed the program directly. After a while, the program was installed, and the computer displayed that new hardware was found, and the available driver was being loaded. The driver still had to After installing on the CD and installing the driver, the atmserver is built like this.
Run the installed software, the screen of the ATM machine is on at this time, the software interface running on the computer is completely the same as the interface of the ATM machine, except that the computer cannot touch the screen.
"The computer is a carrier. We have installed the program now. Now I want to assign an ip address to the ATM. Different from the general ip address, this ip address must use the ip assigned to the bank by the National Internet Information Department. This is based on the country code. (Our code name in China is 86) The ip at the beginning is absolutely safe! Of course, thanks again to Citibank for providing it.” Gaokes said.
The next moment is the most eye-catching moment. The computer shows that the ip is already in the check range, that is, this computer is in the m domestic network and will not be open to the outside world. The internal network ip cannot be accessed from the outside.
Gaokes took out a bunch of money from his pocket, and then said to everyone with a smile: "This is 1 US dollars, everyone knows, of course, this is not provided by Citibank, it is my own!" Gaokes Si's humorous words made everyone laugh out loud, he is really not the taciturn Gaux before, he has really changed.Meka felt very relieved to see Gox's bright smiling face.
Gaokes inserted the 1 US dollars into the credit card according to the usual operation of everyone, and deposited it in the bank twice. After all, the IP is on the intranet and connected to the bank's general database, so Gaokes' deposit this time is also considered .
"Haha, the money has been deposited, the preparations are complete, and my presentation is about to begin!" Gaux laughed, and everyone present was already extremely excited.
Gaokes walked into another computer prepared by the official, "Everyone is watching, don't blink your eyes, the fun begins now! You don't need to go to the ATM to insert a credit card, skip the verification, and just let it 'spit out money' !” After Gaux finished speaking, he began to move the mouse.
I saw that Gaokes first opened the command prompt and entered a very commonly used command, the ping command. The ping command is the ip of the computer connected to the atm machine. When everyone sees the result showing that the returned data failed, then That is to say, this ip address does not exist.
The reason Gaux demonstrates this is nothing more than to show that the ip cannot be pinged. I saw that he ran the browser, entered the ip address, and it showed that the page did not exist, but when he clicked to view and view the source, Actually found something.
Just a few lines of code can be seen by careful people. After one line, there is an extra number, 6840. Hackers are sensitive to numbers. Since there are loopholes, try it. The first thing that comes to mind for 6840 is the port. Add a quotation mark and 6840 to the end of the ip address, visit it again, and the page becomes a 404 error, that is to say, this address has source code, "Everyone saw this, did you think of something, then we go further !" Gox followed the original steps and checked the source code again, this time not only found a new port number, but also more than one.
Gaokes entered the first port number again, and found that nothing was displayed, and the second one did not work, and the third one, tested one by one, and finally found it again when he tried the sixth one. The page is available.
Use the same steps to check the source code again, this time nothing can be seen, just when everyone thought that there is no rule to follow, Gaux opened a sql injection tool, with the tool, it is definitely faster than manually entering codes one by one There are too many places, I saw that Gaokes entered the address, added the port, and clicked the injection, the first time, no response, the second time, still no response, the third time... the fourth time... still no response, this time Let everyone think whether Gaux has got it right.
Gaux directly copied a line of code from the tool and added it to the end of the URL. The test result was no response. "Are you surprised? Why is there no response every time?" Gaux said.
There was a lot of discussion at the meeting, and Gaux continued to add: "As the name suggests, the ATM machine is used for deposits and withdrawals. After the deposit, there will be background data. What if I add an integer after this code? What will happen to the result? ?” The more Gaux spoke, the calmer he became, and everyone in the venue fell silent.
I saw that Gaux directly entered an integer into the injection code, for example, the feedback is an equation, adding =% 1000, Gaux gently pressed the Enter key, and then a miracle happened, I saw the ATM machine There was no response on the screen, but there was a response from the banknote outlet, and one after another US dollars were spit out from the banknote outlet. The atmosphere in the venue suddenly reached its climax, and many people exclaimed.
"Let's have a little more!" Gaokes entered "=%9000", because he had already spit out 1000 before, and only 10000 dollars remained after depositing 9000 dollars. With the press of the Enter key, the 100-yuan denomination of U.S. dollars Continuously spit out from the banknote outlet.
"My God, it's amazing!" Even Avril Lavigne couldn't help but make a sound of surprise.
While Huang Fei was sitting calmly, the loophole used by Gaokes was exactly as he thought. The use of the ATM control terminal was not rigorously filtered, and the distribution of intranet IPs was uneven, leading to fatal loopholes, not only in this area of country m The ATM cash machine, this vulnerability kills ATMs all over the world in seconds, if it is released, it will be very harmful, but Gaux has discovered it long ago, and notified the World Bank, and he omitted some specific key steps , so there is no need to worry about causing major harm.
Tap the screen to use advanced tools
Tip: You can use left and right keyboard keys to browse between chapters.
You'll Also Like
-
Douluo Jue Shi: Ghost Rider, Heavenly Sword Burning Soul!
Chapter 93 4 hours ago -
Douluo: Wuhun World Tree, I am an evil soul master
Chapter 95 4 hours ago -
Zombie King: Picking up two babies turned out to be the reincarnation of the Empress
Chapter 104 4 hours ago -
Versatile Mage: One evolution point per second
Chapter 119 4 hours ago -
Fights Break Sphere: Huolin Flying Template, Three Days Appointment!
Chapter 113 4 hours ago -
Zhu Xian: The way of heaven collapses, and I only have one sword!
Chapter 96 4 hours ago -
Douluo: Thundergod descends to the world, Wuhun Lei Yi
Chapter 92 4 hours ago -
Jackie Chan Adventures: I have everything I need now
Chapter 112 4 hours ago -
Douluo: This soul master has a little bit of luck
Chapter 83 4 hours ago -
Goddess Atlas, Starting from the Queen
Chapter 99 4 hours ago
