Font
Large
Medium
Small
Night
Prev Index    Favorite Next

Chapter 249 Technical Attack and Defense

Text [The Matrix] Chapter 249: Technical Attack and Defense-

-

"Meka, do you need help?" Iverson asked after seeing that Meka failed in the first confrontation.-

"Meka, let's come together! Don't fight that pervert alone, let's cooperate together!!" A member of the x organization stood up at this time and said passionately.-

Meka was beginning to feel a little moved at this time. Then he looked at Pace, who was also looking at him. The two looked at each other, and then smiled, "Let's start, everyone, let's bring China together."

'God' defeated!!" Meka shouted.-

Later, under the leadership of Meka, Organization

"Pace, please test whether there are cross-site vulnerabilities. It stands to reason that all websites now have cross-site vulnerabilities!!" Meka said towards Pace.-

Pace nodded, "I'll try it!" Pace was also very happy. The reason why Meka gave this test to Pace is because Pace is an expert at detecting website vulnerabilities. He wrote a side-note tool that is a must-have for European and American hackers.

Prepare tools! (There are two most commonly used website annotation detection tools in China, Mingxiaozidomain and Ad, but the functions of these two tools are

They are no longer updated! You can find the tool by searching on Baidu, but most of them have been added with shells and have account-stealing Trojans! You can use the peid software to find out the shells. It is recommended that everyone download peid and install it. After installation, the software will

Add the peid key value to the right click. If you want to open some unknown software in the future, you can use the peid to check the shell!)-

Pace first used two springboards to break through China's access restrictions and enter the Shanghai Stock Exchange website. Pace's first method of site intrusion was injection attacks. This is a common security question encountered by many sites. Many

When network programmers write website programs, they don’t pay attention to the number of URL visits.

The database is limited, mainly to write asp//php/jsp (the first choice for Sun enterprise-level use) and other languages ​​to dynamically operate the database. (Let Xiaozhi give a basic example. Let’s take a look. This is Xiaozhi’s website: mxd.

hk/show.asp, you can add a

Then open a single quote and take a look. The page will not be displayed. Then enter and1=1 and see the results. Then enter and1=2 and see the results again. If you enter and1=1 and and1=2, the page will return the results.

If they are not the same, then it means that the site has an injection vulnerability. There are several types of injection vulnerabilities.

Types: Including character type injection and search type injection. All kinds of injections are all the same, they are all for enumerating the contents of the database. The main purpose of using the database is to pass web Trojans into the background. Generally, many personal private server websites exist

A lot of injection vulnerabilities! Because the asp code is not safely filtered!)-

Pace entered the injection code several times in a row. These codes are all Pace's original creation. It can be said that it is because of these codes that Pace has mastered all ASP site injection vulnerabilities. However, although this website is written in ASPX, when Pace's injection is executed

Suddenly a message came back, "Can your methods be smarter!!" Of course, Pace knew that this injection vulnerability was fixed by "God is a fool", but when he saw this sentence, he still felt a little angry, which was too contemptuous.

Already!!!-

"Pace, it's useless. I just tried it! There are no vulnerabilities that can be injected into this website. Do you remember that there were no security controls before our first invasion, but now we have added bank-specific security controls!"

Gypsy said helplessly.-

After Meka heard what Gypsy said, she immediately entered the website and saw that the secure AX control that must be downloaded when logging in to the bank was enabled on the login interface! "The bank's browser security control!?" Meka muttered, and then

He immediately turned on the sniffer

Tool, directly downloaded the security control of Shanghai Stock Exchange login. From download to installation, Meka has been intercepting data. Meka randomly registered an account. Although it prompted that registration is prohibited, Meka bypassed this restriction and the registration was successful.

Yes, Meka used that account to log in.

After logging in, Meka discovered the role of this security control. After Meka clicked to log in, the account and password information were encrypted through SSL on key data. At this time, Meka immediately used another tool to pause the browser access thread.

After pausing the access thread of the browser, the encrypted SSL data sent to the server also stopped. Meka immediately opened the sniffing tool to see what was intercepted, but the result surprised him, because he saw

The intercepted data is all garbled text.-

"Damn, this is too difficult!" Iverson stood behind Meka and couldn't help but cursed as he watched Meka's operation.-

Huang Fei looked at the injected and intercepted data one by one, with a faint smile on his face. These were nothing in his eyes, because the number of vulnerabilities he found on this Shanghai Stock Exchange website reached hundreds, and

The high risk is injection and guessing, although this website has

In the eyes of hackers, it is impossible to invade, but these are just their methods are not clever. If Huang Fei had not patched the security filtering file of the web page code, the line of injection code just used by Pace could definitely inject the administrator.

The account password has been revealed! -

Huang Fei has not repaired all the loopholes now, which would not be fun. He has to give the other party a chance to invade! Because he will fight back against organization x later. -

"So powerful! Really powerful." Li Hua sighed as he looked at the abnormal traffic data coming from the Shanghai Stock Exchange Server Monitoring Room, because it showed that in just 10 minutes, the Shanghai Stock Exchange stock website was attempted to be injected.

Hundreds of times, but now the data of the website is still normal, and the website can be accessed normally. You must know that the intruder was organization x, the hacker from country m who claims to be powerful.

Organization! The gap between Hongke Alliance and organization

It took just a few minutes for the organization to seize the entire website's database, and you can tell. -

"The website can be registered. Did 'God' let us register on purpose?" Pace said.-

Meka smiled bitterly, "Maybe, but we won't admit defeat. He actually looks down on us. Let's prove it to him. Is this website more difficult to defend than the one built by Dr. Leisen's Leisen system?"

?" said Meka.-

"The registered member post suggestion column has the function of uploading pictures. I will try to see if I can use this." Once it failed, Pace immediately came up with the second intrusion method. In his eyes, the methods were discovered by people, and it is important.

Innovation is all about innovation, and it is impossible to succeed with unchanging technology.-

"Gypsy, let me borrow your pony! Send it over." Pace, who had never said a word to Gypsy, finally asked at this time. The latter was stunned for a moment, and then smiled: "No problem, I'm here

Just pass it on to you!" Because Gypsy is a professional "Trojan horse writing machine", the web page Trojans he modified can be as small as tens of bytes, which is comparable to those large web pages, and it can surpass all anti-virus software! -

"Thank you!" Pace said, and Gypsy hummed happily. Cooperation at this critical moment is the most important thing, because their opponents this time are extremely powerful, they are simply computer geniuses.-

After Pace received the Trojan sent from Gypsy, he immediately clicked on the comment box of the webpage. Because he needed to bypass detection if he wanted to upload the pony to the server, he left a garbled message.-

When the Chinese and English words "Message successfully" appeared on the screen, Pace began to feel a little nervous. Then he continued to enter the access path of the uploaded pony in the browser bar, but the reply to him was a 404 access.

Failed page, Pace's pony was killed.-

It is certain that he will be killed, because Huang Fei has already installed "Feiqi Anti-Virus Software" in the server. You must know that anti-virus puppies are everywhere! The moment the file is modified, "Feiqi Anti-Virus Software"

I immediately scanned the file. How could a small Trojan escape its surveillance? No matter how young you are, you are still blacklisted... -

"Damn it!" Pace couldn't help but cursed. -

It can be seen from his expression that this attempt to exploit the upload vulnerability also failed.-.

At this time, Iverson was already sweating on his forehead, because if he didn't hurry up, all the investment funds blamed by his organization would be lost at once. You must know that it was 1.5 billion U.S. dollars, enough to buy several New York City buildings.

The city building.-

"It doesn't matter. Since we can't start from the website, let's start from the server! Now check the server for vulnerabilities!" Meka said calmly, paused, and then continued to ask a member of the x organization

: "We still have several common vulnerabilities in Windows systems??" -
Chapter completed!
Prev Index    Favorite Next
Blogroll
I turned out to be a boss Starting from a genius, invincible The latest update of Ye Chen and Xiao Churan youth dead end natural secret language The myth of the otakus Sky-high price baby: the president of the empire loves deeply The Grammatical Investigator in Conan In the Qin Dynasty, the king ruled the world Jiuji Zidi