Text [Black World] Chapter 552 Full of Loopholes (Middle) Gocks cracked the ATM, as long as you gently press the enter key, the banknotes keep spitting out, highlighting the financial device that the public thinks is unbreakable, in fact, it can be easily cracked by hackers, and this news has also been reported by the official.

"Gocks succeeded in making the ATM drop money, the strength of the hacker is terrifying!" There was only this short piece of news in the official report, but it made netizens all over the world who were paying attention to this matter crazy.

"I'll wipe it, if I'm Gox, I'll get some money back every day, why use it to publish, this loophole is so loving!" Root couldn't help but shout.

"Don't think about it, people are not bad for money, find a loophole like this, the bank has to give him how much money, and he is an official BlackHat official, just a demonstration." The thin water replied.

"But it's so face-saving! Ha ha. Xiao Rong couldn't help but say.

"Wait, Huang Fei hasn't played yet, and more face is behind!" Yu Wen said.

Because of the demonstration of the ATM machine's automatic spit out of the loophole, Gox has been highly appreciated by the official, because this crack show makes everyone breathtaking, gently press the enter key, the money can be spit out automatically, looking at the money spit out one by one, how pleasant it is.

"Thank you!" Gokes' performance was over, and the ATM came down from where it came down, and Gokes stepped off the stage under the gaze of everyone.

Next up is the Nday organization, the first purpose of their coming here is to sell software, and the second purpose is to release 4 dangerous vulnerabilities in Microsoft's system.

The Nday organization took the stage again, and Alder smiled this time and greeted everyone, "The first vulnerability is Microsoft's IE vulnerability, please see the demo below." "Alder directly went to the field, inserted the USB flash drive, and directly ran the already written vulnerability EXP program from the USB flash drive," This is for IE6 and IE7 vulnerabilities, and IE8 is not affected by this vulnerability for the time being! I saw Alder open the program, the first line entered the IP segment, the second line entered the download address of the Trojan, clicked scan, and suddenly scanned a large number of IE6 users and IE7 users, and then he randomly selected an IP, clicked the "injection" button, and after a while, he opened a remote control software, and the computer user who was injected into the IP instantly became his broiler, and then he connected and selected multiple IPs, and the result was the same, relying on this extremely harmful vulnerability, There are countless users who will become hackers.

Boric was shocked at this time.

At the same time, Alder immediately said that under certain circumstances, IE may access memory objects that have been freed to cause arbitrary code execution, and the vulnerability can be used to carry out web trojans, that is, to remotely download hackers' Trojan files. "At the moment we have named the vulnerability "Aurora" (Aurora) 0day! After Alder finished speaking, he consciously left the EXP and related information of this vulnerability in the official special storage technology vulnerability information drive, and Alder created a new "Nday" folder, in which the vulnerability file is stored.

The news that Microsoft broke 0day quickly spread on the Internet, and this doesn't need to be spread! This time, the happiest ones are undoubtedly those antivirus software vendors in Huaxia, because they have to be busy again.

"The second vulnerability is Word overflow, in the process of using Word, the document will scan the hidden place of the system, there is a fatal attack vulnerability here!" After Alder finished speaking, he opened the USB flash drive letter again and ran the EXP of this vulnerability.

The results of the test are shocking.,It's still a killer vulnerability.,It seems that Microsoft is not feeling good this time.,The reason why the Nday organization released the vulnerability for free,That's because it's necessary to participate in the black hat conference.,If you want to join without an invitation,,You must be there to publish more than 3 vulnerabilities when you are present.。

"Mr. Borik, it doesn't look good, these two holes of ours are very serious!" The man sitting next to Boric said anxiously.

Boric was already very annoyed in his heart, but now that he says this, he is even more annoyed, "We will have an emergency patch when the time comes, no need to worry!" People outside can't get EXP and it's not useful.,There are more people who just know that IE has vulnerabilities.。 "Boric is still paranoid.

The second vulnerability was about to be introduced, and then Alder took a step back and asked Mark, a member of the organization, to demonstrate, "Mark, over to you!" Alder patted Mark on the shoulder, who nodded.

"Hi everyone, I'm Mark! The third vulnerability is still from Microsoft, and the scope of this vulnerability is relatively small, only for users in Huaxia, and it is also an IE vulnerability. Mark said.

Li Hua was stunned for a moment, it was IE vulnerability again, it seems that IE vulnerability is really easy to find, even he himself has found one, let alone these people.

"As we all know, Huaxia's online banking mechanism requires users to log in to the banking website through SSL certification, and SSL certificates currently only support IE kernel!" Mark moved the mouse and continued: "This vulnerability is a vulnerability of IE6, other versions do not have this vulnerability, because when verifying the SSL certificate, users who use IE6 will produce some cookies, and IE6 is not optimized, and provides cache, resulting in the phenomenon of browser stuck, at this time, you will want to jam the server of the web page to make a request, in this way, the vulnerability appears, as long as the server that requests a small Trojan file is fed back, the user will be hit immediately!" Mark followed the introduced function,Completely demonstrated,When people saw the results were really like this,One by one,IE vulnerabilities are really a lot.。

After introducing the third vulnerability, the Nday organization once again released a high-risk vulnerability, about the vulnerability of the Firefox browser, it seems that the Nday organization likes to delve into the vulnerability of the browser, and it is true, because the browser is a window for external communication, and everyone must use something, here, you can get huge benefits.

"Firefox has taken the function of JavaScript scripts to the extreme, the access speed is first-class, and the way to open the web page is to first appear text and then display pictures, and the next vulnerability we released is about, JavaScript script overflow!" Mark said.

"We didn't write an EXP for this vulnerability, but look at my demo, I'm sure everyone will understand!" Mark ran Firefox, because Firefox provides a wealth of script plug-ins, found a plug-in named NotJavaScript on the script, and installed it directly, so that all JavaScript scripts are banned after visiting the web page.

As long as you find a target through this, the target must have Firefox installed on the computer, directly enter the other party's IP address on the browser, plus port 3322, you can view the information of the other party's computer, which is fatal and can expose the user's privacy.

After the Nday organization introduced the three vulnerabilities, the scene burst into warm applause, although they are called the Internet time bomb by industry insiders, but this time bomb also has a mild side.

This time, Microsoft's three of the four vulnerabilities announced by the Nday organization, of which IE's vulnerabilities accounted for two, and it is conceivable that IE is a security risk, especially IE6, and it is urgent to stop the use of IE6.

In fact, Boric is relatively relieved, after all, every time it comes to this link, Microsoft's vulnerability occupancy has always reached 70%, that is, 7 out of ten must belong to Microsoft's vulnerabilities.

In this way, while improving the system, some vulnerability patches can be released every week, but only if the vulnerability does not harm the user before.

Next, the hacker representative of the country Umura Hiroji went up.,Today he's going to announce a vulnerability.,As soon as he went up, he smiled.,Actually, that's for sure.,Who called someone's software was bought by Google at a sky-high price of $100 million.。

"What I'm bringing below is a Microsoft information services vulnerability, through which hackers can be trotted on users' computers, and let's see the demo." After Umura Hongji finished speaking, he started to operate the computer, only to see him open the tool that had been prepared in his flash disk, in fact, this tool is very common, and it is a well-known scanning tool in the hacker world, and almost every hacker computer will have this scanning tool "S-can".

After running, enter the official IP address to scan,After about 1 minute,The results of the scan came out,There is no problem on the scanner,But I saw Umura Hongji open the official theme website of the Black Hat Conference,Use the SQL overflow method to detect whether the website has an overflow vulnerability,The result is still no problem,So where should he start to exploit this vulnerability?,There are many ways to play.,As long as you know where the disease is.,Of course,This disease refers to a vulnerability.。

Umura Hongji used the IIS server information sniffing needle, and sure enough, the specific information of the IIS information server was detected, because the official theme website was built on the Windows server, and the Windows server system was generally 2003 or the latest 2008, and the two system versions of the IIS information service must be installed.

But what puzzles everyone is, even if this information is discovered, what can be done?

I saw that Umura Hongji opened a hacking tool with the name of Yuwen again, and after entering some useful information fed back from the IIS server, an OK prompt popped up, and everyone didn't know what he was doing, and what kind of medicine was sold in the gourd.