Reborn Super Hacker
Chapter 552
Main text [Black World] Chapter 550 Full of loopholes Gaux cracked the automatic teller machine (ATM), as long as the enter key is lightly pressed, banknotes will be spit out continuously, highlighting that the financial device that the public thinks is unbreakable can actually be Hackers easily cracked it, and the news was also officially reported.
"Gaux successfully made the ATM machine drop money, the strength of the hacker is terrifying!" The official report only had this short message, but it made netizens all over the world who were paying attention to this incident go crazy.
"Damn it, if I were Gox, I would get some money back every day, why would I use it to publish it, this bug is so cute!" Root couldn't help shouting.
"Don't think about it, he is not short of money. If he finds such a loophole, how much will the bank have to pay him, and he is an official employee of Blackhat, just for a demonstration." Shui Changliu replied.
"But it's so good to save face! Haha." Xiao Rong couldn't help but said.
"Wait, Huang Fei hasn't played yet, the one with more face will come later!" Yu Wen said.
Gaux was highly praised by the officials for demonstrating the loophole of the ATM machine automatically spitting out money, because this cracking show made everyone amazed, just press the Enter key lightly, and the money can be automatically spitting out. What a pleasant thing it is to spit out the money.
"Thank you everyone!" Gaux's performance was over, the ATM came down from where it came up, and Gaux walked off the stage under the gaze of everyone.
Next came the nday organization. Their first purpose of coming here was to sell software, and their second purpose was to release four more dangerous vulnerabilities in the Microsoft system.
The nday organization took the stage again. This time, Alder smiled and greeted everyone, "The first vulnerability is Microsoft's IE vulnerability. Please see the demo below." Run the vulnerability exploit program that has already been written on the disk, "This is a vulnerability for ie6 and ie7, currently ie8 is not affected by this vulnerability for the time being!" Alder opened the program, the first line entered the ip segment, the second Enter the download address of the Trojan horse, click scan, and scan a lot of ie6 users and ie7 users at once, then he chooses an ip at random, clicks the "inject" button, and after a while, he opens the A remote control software, the computer user with the injected IP just now became his rogue in an instant, and then he connected and selected multiple IPs, the result was the same, relying on this extremely harmful loophole, countless users will become Hacking Broiler.
Borik was startled at this moment.
At the same time, Alder immediately stated that under certain circumstances, ie may access released memory objects and lead to arbitrary code execution. This vulnerability can be used to mount a web page, that is, to remotely download a hacker's Trojan horse file. "At present, we have named the vulnerability "aurora" (Aurora) 0day!" Alder consciously left the exploit and related information of this vulnerability in the official special storage technology vulnerability information drive letter after finishing speaking, and Alder established a new "nday" folder, where the vulnerability files are saved.
The news of Microsoft's 0day explosion spread rapidly on the Internet, and there is no need to spread it!This time, the happiest ones are undoubtedly the antivirus software manufacturers in Huaxia, because they are busy again.
"The second vulnerability is word overflow. When the user is using word, the document will scan the hidden parts of the system. There is a fatal attack vulnerability here!" After Alder finished speaking, he opened the U disk and ran this Vulnerability exp.
The result of the test is shocking. It is still a pass-through vulnerability. It seems that Microsoft is not feeling well this time. The reason why the nday organization releases the vulnerability for free is because it is a must for participating in the Black Hat Conference. There are no uninvited people If you want to join, you must publish more than 3 bugs when you arrive.
"Mr. Boric, it doesn't look good. Our two loopholes are serious!" The man sitting next to Boric said anxiously.
Boric was already very annoyed in his heart, but now he said it like this, it was even more annoying, "We will release an emergency patch at that time, there is no need to worry! It is useless for people outside to get the exp, just knowing that ie There are too many people with loopholes." Borik was still paranoid.
The second vulnerability was about to be introduced, and then Alder took a step back and asked Mark, a member of their organization, to demonstrate, "Mark, I leave it to you!" Alder patted Mark on the shoulder, and the latter nodded .
"Hi everyone, I'm Mark! The third vulnerability still comes from Microsoft. This vulnerability is relatively small in scope and only targets users in China. It is also an IE vulnerability," Mark said.
Li Hua froze for a moment, another IE loophole, it seems that IE loopholes are really easy to find, even he himself found one, not to mention these people.
"As we all know, Huaxia's online banking mechanism requires users to pass ssl authentication to log in to the bank's website through certificate verification, and ssl certificates currently only support the ie kernel!" Mark moved the mouse and continued: "This vulnerability is ie6 The vulnerability of other versions does not have this vulnerability, because when verifying the ssl certificate, users using ie6 will generate some cookies, but ie6 is not optimized, and provides caching, causing the browser to be stuck. At this time, it will want to be stuck The server that hosts the webpage sends a request, so that a loophole appears, as long as the requested server returns a small Trojan file, the user will be tricked immediately!" Mark demonstrated the function completely according to the introduction After reading it again, when people saw that the result was really like this, they all exclaimed that there are really many loopholes in ie.
After introducing the third vulnerability, the nday organization released a high-risk vulnerability again. Regarding the vulnerabilities of the Firefox browser, it seems that the nday organization likes to study the vulnerabilities of the browser. Indeed, because the browser is a window for external communication, Everyone must use something, here, can get great benefits.
"Firefox browser maximizes the functions of javascript scripts, and its access speed is top-notch. The way to open a web page is to display text first and then display pictures. The next vulnerability we released is about javascript script overflow!" Mark said.
"We didn't write an exploit for this vulnerability, but after watching my demonstration, I believe everyone will understand it!" Mark ran the Firefox browser. Since the Firefox browser provides a wealth of script plug-ins, he found a plug-in named notjavascript on the script. , After installing it directly, in this way, all javascript scripts are prohibited after visiting the webpage.
As long as you find a target through this, the Firefox browser must be installed on the target's computer, and you can directly enter the other party's IP address on the browser, add port 3322, and you can view the information of the other party's computer. This is a fatal, It can expose users' privacy.
After the nday organization introduced the three vulnerabilities, there was warm applause at the scene. Although they are called Internet time bombs by industry insiders, this time bomb also has a gentle side.
This time, among the four vulnerabilities announced by the nday organization, Microsoft's accounted for three, and IE's vulnerabilities accounted for two. It is conceivable that IE is a security risk, especially IE2. It is urgent to stop the use of IE6.
In fact, Borick is quite relieved. After all, every time this link is reached, Microsoft's vulnerability share has always reached 70%, that is, 7 out of [-] vulnerabilities must belong to Microsoft.
In this way, while improving the system, some vulnerability patches can be released every week, but the premise is that the vulnerabilities do not harm users.
Next, the Japanese hacker representative Umura Hiroji went up, and today he also announced a loophole, and he smiled all over his face as soon as he went up, in fact, this is for sure, who asked someone else’s software to be bought by Google at a sky-high price of 1 million U.S. dollars Already.
"The next thing I bring is the vulnerability of Microsoft's information service. Through this vulnerability, hackers can install horses on the user's computer. Please see the demonstration below." After Umura Koji finished speaking, he started to operate the computer. In fact, this tool is very common. It is a relatively well-known scanning tool in the hacker world. Almost every hacker computer will have this scanning tool "s-can".
After running, enter the official ip address to scan. After about 1 minute, the scan result came out, and the scanner showed that there was no problem, but I saw Umura Hiroji opened the official theme website of the Black Hat Conference, using The sql overflow method is used to detect whether there is an overflow vulnerability on the website, and the result is still no problem, so where should he start to exploit this vulnerability? Refers to loopholes.
Umura Hiroji used the iis server information sniffing needle, and sure enough, he detected the specific information of the iis information server, because the official theme website is built on the windows server, and the windows server system is generally 2003 or the latest 2008, the two systems The version iis information service must be installed.
But what puzzles everyone is, even if such information is found, what can be done?
I saw Umura Hiroji opened another hacking tool with a Japanese name, and after inputting some useful information fed back from the IIS server, an ok prompt popped up. what medicine.
"Gaux successfully made the ATM machine drop money, the strength of the hacker is terrifying!" The official report only had this short message, but it made netizens all over the world who were paying attention to this incident go crazy.
"Damn it, if I were Gox, I would get some money back every day, why would I use it to publish it, this bug is so cute!" Root couldn't help shouting.
"Don't think about it, he is not short of money. If he finds such a loophole, how much will the bank have to pay him, and he is an official employee of Blackhat, just for a demonstration." Shui Changliu replied.
"But it's so good to save face! Haha." Xiao Rong couldn't help but said.
"Wait, Huang Fei hasn't played yet, the one with more face will come later!" Yu Wen said.
Gaux was highly praised by the officials for demonstrating the loophole of the ATM machine automatically spitting out money, because this cracking show made everyone amazed, just press the Enter key lightly, and the money can be automatically spitting out. What a pleasant thing it is to spit out the money.
"Thank you everyone!" Gaux's performance was over, the ATM came down from where it came up, and Gaux walked off the stage under the gaze of everyone.
Next came the nday organization. Their first purpose of coming here was to sell software, and their second purpose was to release four more dangerous vulnerabilities in the Microsoft system.
The nday organization took the stage again. This time, Alder smiled and greeted everyone, "The first vulnerability is Microsoft's IE vulnerability. Please see the demo below." Run the vulnerability exploit program that has already been written on the disk, "This is a vulnerability for ie6 and ie7, currently ie8 is not affected by this vulnerability for the time being!" Alder opened the program, the first line entered the ip segment, the second Enter the download address of the Trojan horse, click scan, and scan a lot of ie6 users and ie7 users at once, then he chooses an ip at random, clicks the "inject" button, and after a while, he opens the A remote control software, the computer user with the injected IP just now became his rogue in an instant, and then he connected and selected multiple IPs, the result was the same, relying on this extremely harmful loophole, countless users will become Hacking Broiler.
Borik was startled at this moment.
At the same time, Alder immediately stated that under certain circumstances, ie may access released memory objects and lead to arbitrary code execution. This vulnerability can be used to mount a web page, that is, to remotely download a hacker's Trojan horse file. "At present, we have named the vulnerability "aurora" (Aurora) 0day!" Alder consciously left the exploit and related information of this vulnerability in the official special storage technology vulnerability information drive letter after finishing speaking, and Alder established a new "nday" folder, where the vulnerability files are saved.
The news of Microsoft's 0day explosion spread rapidly on the Internet, and there is no need to spread it!This time, the happiest ones are undoubtedly the antivirus software manufacturers in Huaxia, because they are busy again.
"The second vulnerability is word overflow. When the user is using word, the document will scan the hidden parts of the system. There is a fatal attack vulnerability here!" After Alder finished speaking, he opened the U disk and ran this Vulnerability exp.
The result of the test is shocking. It is still a pass-through vulnerability. It seems that Microsoft is not feeling well this time. The reason why the nday organization releases the vulnerability for free is because it is a must for participating in the Black Hat Conference. There are no uninvited people If you want to join, you must publish more than 3 bugs when you arrive.
"Mr. Boric, it doesn't look good. Our two loopholes are serious!" The man sitting next to Boric said anxiously.
Boric was already very annoyed in his heart, but now he said it like this, it was even more annoying, "We will release an emergency patch at that time, there is no need to worry! It is useless for people outside to get the exp, just knowing that ie There are too many people with loopholes." Borik was still paranoid.
The second vulnerability was about to be introduced, and then Alder took a step back and asked Mark, a member of their organization, to demonstrate, "Mark, I leave it to you!" Alder patted Mark on the shoulder, and the latter nodded .
"Hi everyone, I'm Mark! The third vulnerability still comes from Microsoft. This vulnerability is relatively small in scope and only targets users in China. It is also an IE vulnerability," Mark said.
Li Hua froze for a moment, another IE loophole, it seems that IE loopholes are really easy to find, even he himself found one, not to mention these people.
"As we all know, Huaxia's online banking mechanism requires users to pass ssl authentication to log in to the bank's website through certificate verification, and ssl certificates currently only support the ie kernel!" Mark moved the mouse and continued: "This vulnerability is ie6 The vulnerability of other versions does not have this vulnerability, because when verifying the ssl certificate, users using ie6 will generate some cookies, but ie6 is not optimized, and provides caching, causing the browser to be stuck. At this time, it will want to be stuck The server that hosts the webpage sends a request, so that a loophole appears, as long as the requested server returns a small Trojan file, the user will be tricked immediately!" Mark demonstrated the function completely according to the introduction After reading it again, when people saw that the result was really like this, they all exclaimed that there are really many loopholes in ie.
After introducing the third vulnerability, the nday organization released a high-risk vulnerability again. Regarding the vulnerabilities of the Firefox browser, it seems that the nday organization likes to study the vulnerabilities of the browser. Indeed, because the browser is a window for external communication, Everyone must use something, here, can get great benefits.
"Firefox browser maximizes the functions of javascript scripts, and its access speed is top-notch. The way to open a web page is to display text first and then display pictures. The next vulnerability we released is about javascript script overflow!" Mark said.
"We didn't write an exploit for this vulnerability, but after watching my demonstration, I believe everyone will understand it!" Mark ran the Firefox browser. Since the Firefox browser provides a wealth of script plug-ins, he found a plug-in named notjavascript on the script. , After installing it directly, in this way, all javascript scripts are prohibited after visiting the webpage.
As long as you find a target through this, the Firefox browser must be installed on the target's computer, and you can directly enter the other party's IP address on the browser, add port 3322, and you can view the information of the other party's computer. This is a fatal, It can expose users' privacy.
After the nday organization introduced the three vulnerabilities, there was warm applause at the scene. Although they are called Internet time bombs by industry insiders, this time bomb also has a gentle side.
This time, among the four vulnerabilities announced by the nday organization, Microsoft's accounted for three, and IE's vulnerabilities accounted for two. It is conceivable that IE is a security risk, especially IE2. It is urgent to stop the use of IE6.
In fact, Borick is quite relieved. After all, every time this link is reached, Microsoft's vulnerability share has always reached 70%, that is, 7 out of [-] vulnerabilities must belong to Microsoft.
In this way, while improving the system, some vulnerability patches can be released every week, but the premise is that the vulnerabilities do not harm users.
Next, the Japanese hacker representative Umura Hiroji went up, and today he also announced a loophole, and he smiled all over his face as soon as he went up, in fact, this is for sure, who asked someone else’s software to be bought by Google at a sky-high price of 1 million U.S. dollars Already.
"The next thing I bring is the vulnerability of Microsoft's information service. Through this vulnerability, hackers can install horses on the user's computer. Please see the demonstration below." After Umura Koji finished speaking, he started to operate the computer. In fact, this tool is very common. It is a relatively well-known scanning tool in the hacker world. Almost every hacker computer will have this scanning tool "s-can".
After running, enter the official ip address to scan. After about 1 minute, the scan result came out, and the scanner showed that there was no problem, but I saw Umura Hiroji opened the official theme website of the Black Hat Conference, using The sql overflow method is used to detect whether there is an overflow vulnerability on the website, and the result is still no problem, so where should he start to exploit this vulnerability? Refers to loopholes.
Umura Hiroji used the iis server information sniffing needle, and sure enough, he detected the specific information of the iis information server, because the official theme website is built on the windows server, and the windows server system is generally 2003 or the latest 2008, the two systems The version iis information service must be installed.
But what puzzles everyone is, even if such information is found, what can be done?
I saw Umura Hiroji opened another hacking tool with a Japanese name, and after inputting some useful information fed back from the IIS server, an ok prompt popped up. what medicine.
Tap the screen to use advanced tools
Tip: You can use left and right keyboard keys to browse between chapters.
You'll Also Like
-
Douluo Jue Shi: Ghost Rider, Heavenly Sword Burning Soul!
Chapter 93 4 hours ago -
Douluo: Wuhun World Tree, I am an evil soul master
Chapter 95 4 hours ago -
Zombie King: Picking up two babies turned out to be the reincarnation of the Empress
Chapter 104 4 hours ago -
Versatile Mage: One evolution point per second
Chapter 119 4 hours ago -
Fights Break Sphere: Huolin Flying Template, Three Days Appointment!
Chapter 113 4 hours ago -
Zhu Xian: The way of heaven collapses, and I only have one sword!
Chapter 96 4 hours ago -
Douluo: Thundergod descends to the world, Wuhun Lei Yi
Chapter 92 4 hours ago -
Jackie Chan Adventures: I have everything I need now
Chapter 112 4 hours ago -
Douluo: This soul master has a little bit of luck
Chapter 83 4 hours ago -
Goddess Atlas, Starting from the Queen
Chapter 99 4 hours ago
