Chapter 470: Chess Meets Opponents
readx;
Spillage, as the name suggests, is when the container is full and something runs out of it. Pen, fun, pavilion www. biquge。 info
In computing, overflow generally refers to the overflow of a "stack" structure in memory. A "stack" is a bottle-like data structure in memory that holds variables and instructions according to the "first-in, last-out" rules.
Normal code, when the stack is full, will be judged, and then processed accordingly, will not continue to press data into it after it is full, but will stop pressing, or empty the data in the stack, and then continue to press.
Many programmers tend to ignore this step or forget to check it when writing programs.
Everyone knows the dangers of overflow, but there are still many such examples, the reason is that this process is carried out automatically by programming functions, such as C language, as long as the programmer writes a function by himself, then there must be a "stack" structure is established, and all the variables and data in this function are pressed into this stack, and then popped up step by step according to the order of execution.
Functions are inevitably used in programs, and they are used a lot, that is, the stack structure can be found everywhere, but if you don't do a strict check on the boundary conditions in it, it is likely to cause overflow vulnerabilities, especially those that involve manipulating core data.
Lin Hong's exploitation of this vulnerability is simply handy, when he first cracked Texas Instruments' calculator, the way he used it was a buffer overflow crack, which successfully caused one of the calculator's buffers to overflow, and then executed his cracking code.
And this time, what he wants to do is the same, now that he has discovered such a spillover possibility, what he will do next. It's about finding a way to plug your code in. Then, by way of overflow, execute your own unauthorized code.
It's a bit like giving a bottle and constantly pressing something in. Then, when the other party is full, another curved tube is connected to the mouth of the bottle to guide the data stream through its own tube. The data stream is then channeled back into the bottle.
In order to make Apache run, Lin Hong directly mounts the UNIX-compatible file system, and then installs the same version of Apache locally as the Blues, and then uses debugging tools to trace and debug.
This is a meticulous job, and what you see from the debugging tool is hexadecimal machine code, and you want to understand the key code in it. Must be fairly familiar with assembly and machine code.
Lin Hong debugged this overflow vulnerability in a targeted manner, and the progress was relatively fast, approaching the result he wanted step by step.
Lin Hong is debugging code. Others were not idle.
Liu Hui continued to flood the Blues' targets. Not only did he install the software on his own machine, but he also installed it on several other machines running Windows. Increase the strength of your attacks.
It's a pity that his method is too simple. Continuously using the same machine to attack, it is easy for the other party to add their IP to the filter blacklist and respond to all his fake requests, so that what he does is useless.
Moreover, Lin Hong has a general understanding of the software he uses, and his big data flood attack is too primitive, and the effect of such a machine attack is definitely not good.
If you really want to achieve the effect of denial of service on the other side, you must use DDoS, that is, distributed denial of service attacks, using hundreds or thousands of machines to bombard the target with data storms at the same time, so that the other party cannot identify the correct IP source, so that it can have some effect.
In addition, there are actually many kinds of flood attacks, and the one used by Liu Hui is the most basic and simple, which is a simple syn flood, that is, it is a fake application when the first handshake is made, and there is no valid source address.
This situation is somewhat similar to when someone suddenly makes a phone call and hangs up, and when the server calls back, they find that the other party's phone number does not exist at all.
But the brain on the server side is not very smart, or rather, the people involved in him have not taken this into account for the time being, so he really thought that someone was calling him, so he took the phone and hung up, waiting for the other party to answer. And he himself can only answer a certain number of calls at the same time, when such a large number of people, all his phones are picked up, and others cannot call in, which is equivalent to his refusal to serve.
The function of Liu Hui's software is the process of making fake phone calls.
This principle is correct, but it is not suitable for use in this situation, just a few phone numbers, as long as the administrator on the server side tells him that these numbers are fake, leave him alone, and avoid the denial of service.
Liu Hui himself should know about this situation, but he can't help it, there are limited things he can do, most of the systems used by the other party are non-Windows series, he has no place to use it at all, and he can only highlight his existence and importance in this way.
Xiao Jiang has also configured his own system, and he now begins to carry out the task assigned to him by Captain Qian, drawing out the network topology of the Blue Army, so that everyone can have a reference.
The network topology is actually the connection mode of the computer, and look at the other party's computer, whether it is a star connection, a ring, or a cross connection.
Each computer can be regarded as a point, and the network cable in the middle is a connected line segment, so that the entire structure is abstracted and the topology of the network is formed.
If you want to explore this structure, you can go to the field to see it, and of course, you can also do it through technical means.
The principle is to trace the path of the node where the data flows, and from the data it returns, the entire structure can be inferred.
By scanning the surviving machines on the network, the IP of the other party was obtained. If you want to know how many nodes have passed between the other party's machine and yourself, you can use specific network commands in the system to do so.
For example, in the UNIX system, you can directly use the traceroute command to explore the path between yourself and the target machine.
With this feedback, it is easy to map out the topology of the entire network.
It's just that if it's manual, the process is a bit complicated, but fortunately, there are many of them, and it's easy to do.
What is Lao Wang doing at the moment?
He scanned the other party's machine for a while, but found no exploitable loopholes, normal methods didn't work, so he thought about making something special. His old profession is to study viruses, so he naturally wants to make up his mind on this.
It's certainly unrealistic to write a virus on the fly, viruses don't just come up casually, there are too many things involved, and sometimes it depends on luck and talent.
What he thought in his heart was to modify a worm he had studied before, and then find an opportunity to secretly plant it for the other party, so as to obtain the opponent's combat intelligence.
Thinking like this, Lao Wang said to Lin Hong: "They are really well guarded, and there is no opportunity to take advantage of it at all." How's it going on your end? Is there any way to do it? ”
Lin Hong said truthfully: "They are using Apache, but it is not the latest version, I found an overflow vulnerability, and now I am researching how to make good use of this vulnerability." ”
"Oh?" Lao Wang's eyes lit up when he heard this, "If you can do it...... I'm going to change one of the worms I've studied before. ”
"That's a good idea." Lin Hong smiled slightly, "It should be soon, I'm almost done with it." ”
After Lin Hong and Lao Wang discussed, the two continued to work on their own work.
Little by little, time passed.
The Reds can't do anything about the Blues for the time being, and the same goes for the Blues.
"How's it going, have you found the other party's server?" Li Yushan came to Ding Huahui's side and asked.
"Found it!" Ding Huahui breathed a sigh of relief and said, "The other party is really cunning, he must have used a program to disguise his response, and I have ignored this machine several times." ”
The people of the Blue Army's information confrontation brigade did not find the IP address of the opponent's server for a long time, and at the beginning, they thought that the other party had violated the regulations and did not connect the server to the network.
But the strange thing is that the director did not prompt that the other party had violated the rules. This shows that the other party must have used some means to hide this server.
So, Li Yushan asked his disciple Ding Huahui to personally take charge of the investigation. After careful analysis, Ding Huahui finally discovered the abnormality and successfully determined the other party's server.
Ding Huahui continued: "According to the information I found out, their system should be freeBSD. ”
"It seems that the other party also has a master!" Li Yushan said with some surprise.
This is not consistent with the information they had before.
According to the information provided by the Blue Army's intelligence department, it is said that the other party should not have any masters, but only invited a few miscellaneous troops from the local area to help, compared to them, I don't know how to mention it.
Now it seems that the situation is different.
"A master indeed." Ding Huahui nodded, "Their server has opened port 80, but IP verification is required for login, and this verification is not based on web programs, but based on packet IP verification, and the services opened are also very few, which can be said to be solid." ”
What Ding Huahui means is that he has no way to take this server at all. Except for port 80, all other ports have been closed, and this port 80 is still based on packet IP verification, even if it is a fake IP to enter, you have to enter the username and password, if you want to break through, it is even more difficult. (To be continued)