Today's third update!It's about to get off the recommendation list.,Ask for votes~ Smash it hard.

=========================

In fact, the reason why Liu Yueshuang proposed this is still her own consideration, because she knows that Du Shaofeng has been in contact with the school's website construction since his freshman year, and later when other seniors left, he officially took over the maintenance of the school's website, so Liu Yueshuang thinks he should be more familiar with this aspect.

Insiders look at the doorway, and laymen look at the liveliness.

As soon as the connoisseur makes a move, he will know if there is one.

In everyone's eyes, Du Shaofeng and Mo Tian suddenly started to move, only to see that their keyboard and mouse operations were non-stop, in the monitor, all kinds of strange windows opened one after another, and then frequently switched back and forth in each window, sometimes open a certain software and don't know what to do, and then call up the command line console, enter a few instructions that don't know what the function is, and then return a lot of information that I don't understand what it means......

Han Feng stayed behind Du Shaofeng for a while, shook his head, and then focused on that Mo Tian.

Du Shaofeng's technical level, Han Feng saw it in the library last time, to be honest, very vegetable, just relying on a few hacker software that is okay, so he can call himself a hacker?

This kind of behavior, in Han Feng's eyes, is undoubtedly very naïve and idiotic, he has no interest in it, no matter how he tosses, just treat it as a farce.

This Mo Tian, there is still a bit of technology, the process of invasion has been decent, according to his current process, I believe that the invasion will be successful soon.

Du Shaofeng downloaded several software that he needed from his network hard disk early, including scanning tools, injection vulnerability discovery tools, attack detection tools, etc.

Using these tools, he has successfully hacked into many websites and forums, and these tools are all from his master.

In addition, Du Shaofeng also has a lot of experience in website programming, so he is very confident in this competition, because the time and place are favorable, and he almost occupies all of them.

Scanning is the basic skill of all invasions, knowing oneself and knowing the other can be invincible, and intrusion is the same, first of all, you must collect as much information as possible about the target server, including determining whether the host is alive, what type of operating system is installed on the host, Windows or Linux or others, in addition, you can also know which ports are being used by the other host, what services are provided to the outside world, and even the software version of related services...... And so on, after mastering this information, we can prescribe the right medicine and then find the relevant loopholes.

I opened the scanner, entered the domain name of the Nanjing University website into the scanning software, and after running it for a while, the results came out, including the IP address of the server, and no easy exploits were found.

It seems that the other party is responsible for the construction of the website, and its basic security awareness is relatively good.

Du Shaofeng clicked on the website of Nanjing University and slowly walked around it.

Through the address of the link, he was somewhat pleased to find that the website program of Nanjing University was still written in ASP.

ASP is the same as PHP and JSP, it is a fairly old web programming language, with the upgrade of Microsoft's server products, and at the same time, ASP is newly upgraded to, the latter has great advantages over the former, so gradually, ASP is gradually replaced by it.

It is precisely because ASP is relatively old that there are quite a lot of vulnerabilities in this programming language that have been discovered by others, and Du Shaofeng happens to be quite familiar with ASP, so this discovery makes him so happy.

Of course, whether a program is safe or not, the key is not what language it is written in, it mainly depends on who is writing and who is using it, not that the older the language, the more vulnerabilities, the opposite example is assembly language, this language is a real ancient programming language, but it still plays an important role today, and the programs written in this language are basically very safe.

Du Shaofeng read every page of this website, including the source code seen from the browser, and did not find any version information of this website system, thinking that it should be a system written by himself. The reason why he did this is because he wants to find out whether the source code of this website system is open on the Internet, if it is downloaded from the Internet, then it is very likely that some vulnerabilities have been found, and he only needs to use the search engine to search, maybe he can happen to find a way to invade.

The idea didn't work, so he had to think differently.

At this moment, he suddenly saw a page with a link to the principal's mailbox message board.

Click in and take a look, and find that it is really a message board system, and many students have left messages on it, giving feedback on their dissatisfaction with the school's network center, canteen and other departments.

There is an administrator login portal on the message board.

Du Shaofeng came to the spirit and immediately ran his own injection tool, and then conducted a series of injection tests on this entrance.

SQL injection is a very old means of intrusion, after it was announced, it simply caused a wave of invasion around the world, countless websites or forums because the programmer wrote the program, did not filter the relevant input information, so that some rookies who just learned this way of intrusion successfully invaded. In the face of this kind of attack, no matter how many luxurious firewalls are installed on the server, it will not do anything at all, because this is a perfectly legitimate SQL access, and the only way to prevent it is to strictly check the input content at the time of data submission, and filter out those characters that may cause security problems (the more common ones are single and double quotation marks and equal signs).

Basically, if there is this vulnerability on the website, as long as you know the SQL query language, you can easily log in to everyone's account, because as long as you know the username, the password has been bypassed.

Because of this vulnerability, there are basically only a few ways to attack, so some hackers later summarized these attack methods, and then wrote their own software, so that after finding that a website has such a vulnerability, there is no need to manually enter complicated code, as long as you use this software, press a button, you can traverse the attack methods for this website, and it will come out at once.

The software used by Du Shaofeng is exactly one such injection software.

Unfortunately, the programmer who wrote the message board system was obviously also very knowledgeable about SQL injection attacks, and he filtered out all the special characters that could cause this harm.

Du Shaofeng's forehead began to sweat, he looked up at Mo Tian opposite, and found that he was looking at his monitor with a calm face, and his hands were tapping the keyboard very coherently.

Quietly wiping away the hot sweat, Du Shaofeng began to continue looking for another way.

His focus was again on the message board.

After repeatedly checking the structure of this message board, Du Shaofeng suddenly found that the naming rules of this message board files seemed to be quite different from the previous news system naming rules.

Could it be that this message board is a standalone program?

With that in mind, he looked at the message board's web page source code.

Damn, there it is!

Du Shaofeng was overjoyed, he found that this message board turned out to be a widely circulated message board on the Internet, because the interface style had just changed, he hadn't seen it for a while.

The reason why he was impressed by this message board program was because his master had taught him a lesson before, and the example he used was for this message board.

He immediately typed a URL into his browser, and it was said that the page could not find the address, and then he changed the suffix of the page, and pressed back into it, and there was a large piece of garbled characters in the page.

Du Shaofeng's spirits were greatly lifted, he already knew how to invade at this moment!

And just when he wanted to show off his skills, a light voice suddenly came out of his ears-

"I've got it done. ”

==============

Recommend:

Xiao Heimi's otherworldly continent, "Magic Qilin" ISBN 1001104: See how the protagonist with the Qilin physique crisscrosses the continent

The alternate history of honor and loyalty, "Strong Man", is being strongly promoted, ISBN 188417: In that time and space, there is a superpower, the country name: Strong Man