Text [Black World] Chapter 551 Full of Loopholes (I) Vulnerabilities are often in the hands of hackers, this sentence is right, hackers are now a neutral word, people used to distinguish between hackers and hackers, but now they simply combine the two.

Why does Microsoft release a vulnerability patch every week, it is because there are too many system vulnerabilities, and most of the vulnerabilities are found by hackers, the previous vulnerability trading platform no longer exists, Microsoft claims to find out the system vulnerabilities, give rewards, in fact, this is a way to buy vulnerabilities from hackers, buy them back to fix, and then make vulnerability patches. It's just nicely said.

Boric must be in this link to cheer up the spirit, the last conference released a total of 12 system vulnerabilities, all of which are five-star hazard vulnerabilities, I don't know if there will be so many more this year, he can only pray in his heart.

"Hello everyone, I'm the general moderator of the open source community, Jack!" A blonde man walked onto the stage.

"Today, with the rapid development of the Internet, our open source community has ushered in new vitality, we need all program enthusiasts to join, share their own program source code, well, I don't want to say so much, today I release the latest Linux version for free on behalf of our community and the Linux Foundation, the version number is Linux2.6C0484." Jack said.

"The patch will also be available for download from our community and the Linux Foundation's website at a later date." Jack added.

As the leader of the world's open source system, Linux has always been very low-key, Linux enthusiasts around the world are looking forward to the update, finally, after waiting for a full 2 years, there is finally a new version, and as always, it is still open source and free!.

This session is for the general public, so the coverage of this session is particularly exciting, the loopholes will be announced to the world through the official website report, and the content of the speeches at the meeting will be transparent.

The news of the new Linux update quickly spread around the world through the Internet, and a large number of Linux fans were very much looking forward to it.

"Linux has finally been updated, and grandma's I thought they weren't updating it." Qingfeng said.

"Qingfeng, when did you play Linux, why don't we know?" Shui Changliu asked.

"It's all started, you don't know. Hey. There was a hint of mystery in Qingfeng's tone.

After Jack finished speaking, he directly introduced the functions of the new version of Linux, after all, the official system is the guideline, but Linux cannot be compared with Cheetah BH for the time being.

After Jack's introduction, he went down, and the next one to play was Gokes, what was he going to do?

"Hello everyone, I'm Gocks, and I'm also the project design director of this conference, and I'm going to show you how to make an ATM automatically spit out money! This huge vulnerability, I have submitted to the World Bank, I believe most of it has been fixed, this time only for a demonstration! Gookes smiled, then clapped his hands.

At this time, an ATM deposit and withdrawal machine rose in the middle of the stage.

"Thanks to Citibank for the ATM machine!" Gocks said.

Everyone on the field was stunned, and Huang Fei couldn't help but be interested, as far as he knew. There are 5 vulnerabilities in the ATM machine that can be exploited to make it automatically spit out money, will it be the same as Huang Fei thought?

"Oh my god, the ATM machine spits out money!" In the Sword Alliance chat room, major forums and major websites released this news for the first time.

This has also aroused the interest of netizens, when it comes to money, many people are interested, and let the ATM machine automatically spit out money, think about it is exciting, if you really have such a ability, then you will be rich, many people have such luck in their hearts, they can't wait.

Gox connected the official computer to another computer, and then he took out a CD from his arms and said to everyone: "This is the bank's ATM control program, and all the operations of the machine are controlled by this program, thank Citibank for providing the CD!" I'm going to install ATMServer on this computer connected to an ATM machine! Gocks said.

Subsequently, Gox put in the disc, and then opened the disk letter of the disc, and directly installed the program, and after a while, the program was installed, and the computer showed that new hardware had been found, and the available drivers were loaded, and the driver still had to be installed on the disc, and after the driver was installed, ATMServer was set up in this way.

Run the installed software, the screen of the ATM machine is lit up at this time, and the software interface running on the computer is exactly the same as the interface of the ATM machine, but the computer can not touch the screen.

"The computer is a carrier, we have installed the program now, and now I want to assign an IP address to the ATM, which is different from the general IP address, this IP address must use the IP assigned to the bank by the Ministry of Internet Information of the People's Republic of China, which is based on the IP that starts with the country code (our Chinese code is 86), which is absolutely safe! Of course, thanks again to Citibank for the offer. Gocks said.

Next is the most eye-catching moment, the computer shows that the IP is already the number segment, that is, the computer is in the M domestic network, will not be open to the public, and the internal network IP can not be accessed externally.

Gokes took out a bundle of money from his pocket, and then said to everyone with a smile: "This is $10,000, everyone knows, of course, this is not provided by Citibank, it is my own!" Gokes's humorous words made everyone laugh, he really wasn't the taciturn Gokes he used to be, he had really changed. Meka looked at Gocks' bright smiling face and felt relieved.

Gocks inserted $10,000 into the credit card according to the usual operation and deposited it into the bank in two installments, after all, the IP is an intranet, and it is connected to the bank's general database, so Gocks also counted as a deposit this time.

"Haha, the money has been deposited, the preparations are complete, and my presentation is about to begin!" Gokes laughed, and everyone present was already excited.

Gox walked to another computer prepared by the official, "Everyone, look at it, don't blink, the excitement starts now!" You don't need to go to the ATM to insert a credit card, skip the verification, and just let it 'spit out money'! After Gocks finished speaking, he began to move the mouse.

I saw that Gox first opened the command prompt and entered a very common command, Ping command, Ping is the IP of the computer connected to the ATM machine, when you see the result showing that the return data failed, that means that the IP address does not exist.

The reason why Gox demonstrated this is nothing more than to show that the IP can't be ping, I saw that he ran the browser, entered the IP address, and the page did not exist, but when he clicked to view and view the source, he found that there was content.

Just a few lines of code,Careful people can see it,Behind a line,There is an extra number,6840,Hackers are sensitive to numbers,Since there are vulnerabilities,Then try it,6840The first thing that comes to mind is the port,Add a quotation mark to the IP address plus 6840,Visit it again,The page has become a 404 error,That is,This address has a source code,"Did you see this is something that comes to mind,Then let's go further!" Gocks followed the original steps and looked at the source code again, and this time found not only a new port number, but more than one.

Gocks typed in the first port number again, and found that nothing was displayed, and then the second, no, and third, tested one by one, and finally when he tried the sixth, he finally found a page that could be used again.

I used the same steps to check the source code again, this time I couldn't see anything, just when everyone thought there was no rule to follow, Gox opened a SQL injection tool, with a tool must be much faster than manually entering a code, only to see Gox enter the address, plus the port, click on the injection, the first time, no response, the second time, still no response, the third time... Fourth ...... Still unresponsive, which makes everyone think if Gocks has messed up.

Gox copied a line of code directly from the tool, added it to the back of the URL, and the test result was unresponsive, "Isn't it weird that everyone? Why is there no response every time? Gocks said.

There was a lot of discussion at the meeting, and Gocks continued to add: "ATMs are used to deposit and withdraw money as the name suggests, and there will be background data after the deposit, what if I add an integer to the end of this code?" What will be the result? The more Gocks spoke, the calmer he became, and the people in the room fell silent.

I saw that Gox directly entered an integer into the injection code, such as the feedback is the equation, added =%1000, Gox gently pressed the enter key, and then a miracle happened, only to see that the screen of the ATM machine did not react, but the cash outlet reacted, and the dollar was spit out from the cash outlet, and the atmosphere in the venue reached the climax at once, and many people exclaimed.

"Let's have a little more!" Gocks typed "=%9000" because he had already spit out 1,000 and only $9,000 was left for the $10,000 deposit, and with the press of the enter key, the $100 denomination of dollars was constantly spit out from the outlet.

"Oh my God, that's amazing!" Even Avril could not help but let out a sound of surprise.

And Huang Fei sat calmly, the loophole used by Gox was really the same as he thought, using the ATM control end to filter loosely, and the uneven distribution of intranet IP, which led to a fatal loophole, not only ATM ATMs in this area of country M, this loophole kills ATMs around the world, if it is released, it is very harmful, but Gocks has already discovered it and notified the World Bank institutions, and he omitted some specific key steps, so there is no need to worry about causing major harm.