Text [The Matrix] Chapter 249 Technical Attack and Defense——

"Meka, do you need help?" Iverson asked Meka after seeing that he had lost his first confrontation-

"Meka, let's do it together! Don't fight that pervert alone, let's work together!! A member of Organization X stood up at this time and said passionately-

Meka was already a little moved in his heart at this time, and then he looked at Pace, who was also looking at him, the two looked at each other, and then smiled, "Let's start, everyone, let's defeat Huaxia's 'God' together!" Meka shouted-

Then, under the leadership of Meka, the X organization attacked the main server again, and it was a confrontation between the strong, no one could avoid it, and none of them could guess who would win-

"Pace, you test to see if there are any cross-site vulnerabilities, it stands to reason that all websites now have cross-site vulnerabilities!!" Meka said to Pace-

Pace nodded, "I'll try!" Pace is also very happy, the reason why Meka gave this test to Pace is because Pace is an expert in detecting website vulnerabilities, and he wrote a sidenote tool that is a must-have tool for hackers in Europe and the United States! (There are two most commonly used website sidenote detection tools in Huaxia, Ming Xiaozi domain and Ah D, but the authors of these two tools are no longer updated!) Tools can be found by searching Baidu, but most of them have been shelled, and there are Trojans that steal numbers! You can find out the shell with peid this software,It is recommended that everyone download peid to install,After installation, the software will add peid key value to the right click,If you want to open some unknown software in the future, you can use peid to check the shell! ）-

Pace first used the double springboard to break through the restrictions of China's ban on access, and entered the Shanghai stock site, Pace executed the first method of site intrusion, which is an injection attack, which is a common security problem encountered by many sites, many network programmers did not pay attention to the URL access database when writing site programs, mainly to write the dynamic operation database ASP/ASP./PHP/JSP (the first choice for Sun enterprise use) and other languages. (That Xiaozhi gives a basic example, let's see that this is Xiaozhi's station: mxd.hk/show.asp, you can add a single quotation mark after the URL of this site and then open it to see, the page can not be displayed, and then enter and1=1, and then see the result; Then enter and1=2 and see the result. If the results returned by entering and1=1 and and1=2 are different, then the site has an injection vulnerability. There are several types of injection vulnerabilities: character injection and search injection. All kinds of injections are all inseparable, all for the purpose of enumerating the content of the database, and the main purpose of taking the database is to enter the background and transmit the web Trojan. Generally, many personal private server websites have a large number of injection vulnerabilities! Because the asp code is not safely filtered! ）-

Pace entered the injection code several times in a row, these codes are original to Pace, it can be said that because of these codes, Pace has mastered all the asp site injection vulnerabilities, but although this website is written by aspx, when Pace injection was executed, a message was suddenly fed back, "Can you be clever in your means!!" Of course, Pace knew that this injection loophole had been fixed by "God is stupid", but he was inevitably a little angry when he saw this sentence, which was too contemptuous of people!! -

"Pace, it's useless, I tried it just now! There are no vulnerabilities that can be injected into this website, do you remember that there were no security controls before our first intrusion, and now there are bank-specific security controls! Gypsy said helplessly-

After Meka heard Gypsy's words, she immediately entered the website, and sure enough, she saw that the login screen had enabled the secure AX control that must be downloaded when logging into the bank! "Browser security controls for banks!?" Meka read in his mouth, and then he immediately opened the sniffing tool, and directly downloaded the security control of Shanghai market login, from download to installation, Meka has been intercepting data, Meka casually registered an account, although the prompt prohibits registration, but Meka bypassed this restriction, or the registration was successful, Meka used that account to log in, and sure enough, I found the role of this security control, after Meka clicked on the login, the account and password information were encrypted by SSL on key data, Meka immediately used another tool at this time to pause the thread accessed by the browser, and after pausing the access thread of the browser, the encrypted SSL data sent to the server also stopped, and Meka immediately opened the sniffing tool to see what was intercepted, but the result surprised him, because he saw that the intercepted data were all garbled text-

"Damn, it's so hard!" Iverson stood behind Meka and watched Meka's operation and couldn't help but scold-

Huang Fei looked at the injected and intercepted data, and a faint smile appeared in his mouth, these are nothing in his eyes, because the number of vulnerabilities he found in this Shanghai stock website has reached hundreds, and the high-risk is injection and guessing, although this website is impossible to invade in the eyes of other hackers, but these are just their methods are not clever, if Huang Fei did not patch the security filtering files of the web code, The line of injection code that Pace used just now can definitely blow out the administrator's account password! -

Huang Fei hasn't fixed all the loopholes now, so it's not fun, and he wants to give the other party a chance to invade! Because he's going to fight back against Organization X in a minute-

"It's so strong! It's really powerful. Li Hua looked at the monitoring abnormal traffic data transmitted from the monitoring computer room of the Shanghai server, and sighed in his mouth, because it showed that in just 10 minutes, the Shanghai stock website was tried to be injected hundreds of times, and now the data of the website is still normal, and the website can be accessed normally, you must know that the intrusion is the X organization, the self-proclaimed powerful country M hacker organization! The gap between the Red Guest Alliance and the X organization is like a Windows98 system and the Windows XP system, the gap is not one or two points, even if the Shanghai stock website does not fix the vulnerability, the Red Guest Alliance is absolutely not sure to win the webshell. If you look at the database that took only a few minutes for Organization X to take away the entire website, you can see -

"The website can be registered, could it be that 'God' deliberately let us register?" Pace said-

Meka smiled bitterly, "Maybe, but we won't admit defeat, he looks down on us, let's prove it to him, is this website more difficult to defend than Dr. Rayson's Rayson system?" Meka said-

"Registered members post suggestion column, there is a function to upload pictures, I will try to use this." Pace immediately came up with a second method of invasion after failing to do so, in his eyes, methods are discovered by people, the important thing is innovation, and it is impossible to succeed with the same technology-

"Gypsy, borrow your pony and use it! Received from. Pace, who had never said a word to Gypsy, finally asked at this time, and the latter was stunned for a moment, and then smiled: "No problem, I'll pass it on to you!" Because Gypsy is a professional "Trojan writer", the web Trojan he changed can be as small as a few tens of bytes, which can be compared with those web pages, and all antivirus software! -

"Thank you!" Pace said, Gypsy hummed happily, cooperation is the most important thing at this critical juncture, because their opponent this time is extremely powerful, it is simply a computer super genius-

After Pace received the Trojan horse from Gypsy, he immediately clicked on the comment column on the webpage, because he needed to bypass the detection if he wanted to upload the pony to the server, so he executed the garbled message-

When the Chinese and English words "message successful" appeared on the screen, Pace began to feel a little nervous, and then he continued to enter the access path of the uploaded pony in the browser bar, but the reply to him was the 404 access failure page, and Pace's pony was killed-

It's certain that he will be killed, because Huang Fei has already installed "Feiqi antivirus software" in the server, you must know that antivirus puppies are everywhere! The moment the file was modified, the "Feiqi antivirus" immediately scanned the file, how could a small Trojan escape its surveillance, no matter how small you are, but you were still blacklisted-

"Damn it!" Pace couldn't help but scold the exit-

As you can see from his expression, this time the attempt to exploit the upload loophole also failed.

At this time, a cold sweat had already appeared on Iverson's forehead, because if he didn't hurry, all the investment funds of their organization would be lost at once. You know, that's 1.5 billion dollars, enough to buy a few New York City buildings-

"It's okay, since we can't start with the website, let's start with the server! Now check for server vulnerabilities! Meka said calmly, paused, and then continued to ask a member of the X organization, "We still have a few common vulnerabilities in the Windows system??" ”-

"8 2 common vulnerabilities, 46 exploitable vulnerabilities!" The member replied-

This book was first published from 17k, the first time to see the genuine content!.

qrcode{width:590px; margin:0auto; background:#fff; border:1pxsolidc; padding:15px20px; overflow:hidden; }.qrcodeimg{float:left; }.qrcodeul{margin-left:120px; font:14px/1.5"microsoftyahei"; padding-left:15px; }.qrcodeli{list-style:square; margin-bottom:5px; }

Scan the QR code to pay attention to the 17k official WeChat, and the latest chapters can also be seen on WeChat! Click on the + number in the upper right corner of WeChat, select Add Friends, and search for the official account "wap_17k" to follow us. Reply to "Grand Prize + Your QQ Number" to participate in the event. 10 iPhone6, 10,000 QQ members are waiting for you!