Fee resources my methods(invasion)-vulnerability warning-the black bar safety net

ID MYHACK58:6220055042
Type myhack58
Reporter 佚名
Modified 2005-12-03T00:00:00


In the previous article we have introduced the idea of the article, the techniques article search article and receive a new friends good feedback, the friends actively reflect the problems, the features proposed in this series of articles 末篇 then increase the Q & A article in to one reply. Below we continue to embark on for the realization of charge resourcesfreeof the war!

Invasion article

First of all, let us recallwebsecurityvulnerabilityto generate and use relevant knowledge see Appendix 1. doc the document, thevulnerabilityto produce and discovery-based for a variety of reasons, ultimately be propagated, use, repair and even forgotten. Avulnerabilityto produce to disappear the process can be extremely short, it may be several years or longer. And the so-called charge resources of the Deposit or the spread of media mostly websites, service, all kinds ofserviceprogram, etc., that is to say when the Deposit or the dissemination of media producedvulnerability, the fee resources also can be our handy. This is an extremely simple problem. Invasion: a novice should be how to properly go down

In the invasion article, individuals get a charge of class resources, how many“absolute”depends on the mastering of the invasion of the skills, that is, if you're more skilled at intrusion and security in the knowledge that you will get more securityvulnerability, and master how to use these securityvulnerabilityfor attack skills. The author believes that this will greatly influence your future ability to obtain fee resources, then how should the increasing personal invasion skills and get charged resources?

For most beginners, get thevulnerabilitythe use of techniques, methods derived fromhackermagazine, Internetartarticles, hackersanimation teaching andtechnologylearning exchanges, for most people, get of charge resources will not publicly“share”, the best example is this: we invaded a certain website, serviceand give these websites a source or charge the member's account, we would not be disclosed. At least in the author's awareness of the circle, they are doing so.

I had to rehash to tell you a fact: the invasion of the skills required yourself in the hobby on the basis of actively learning and thinking. For most people, if you can be in the BBS, ASK questions and stay the time it takes to reasonable go to see a professional magazine, the search for the answer, browsing theartarticle, learning basic invasion of knowledge as well as thinking about and keep an eye on you want to get this fee resources may existvulnerabilityand efforts to test, then you will have more likely to break the“charge”limit, and this also requires you understand the idea of the article, the search for the article of the author always refer to some point of view.

Having a clear invasion skills learning pathway is extremely important, which is related to whether you can grow and get you want to get charge of class resources, and astray does not known to return the final result can only be fancies. believe adding XYZhackwebsite membership fees readers the most Ming in which Samadhi? in. So the novices in the invasion article should be to understand the primary question is: how to study the invasion rather than how to get charge of resources.


Figure 1 learning and improving is always the intrusion of the basic questions

I recommend novices such learning: 1. Keep learning, careful observation, clear objectives, understand their inner thoughts and be able to keep walking; the 2. Search and collected some goodhackersthe website refers to be able to providefreeartarticles, freeanimation teaching, can provide a newvulnerabilityand the use of Article sites and learning; 3. Pick a present suitable for their ownhackjournals and stick to reading lessons in which the essence, as thehackingonline action; 4. Pick onetechniqueto study strong the QQ group or other types of learning groups; 5. Rough and a large area to explorehackForum questions posted, thetechnicalthe patch is not necessary often to participate in discussions; and 6. Improve their own level, the novice is best to stick to learning a language such as Asp, PHP, C++, VB, etc.; 7. Give up expectations of a“teacher”with the idea. Most of the novice because the have this idea but just the opposite--not serious about learning would have been very easy to grasp things, in addition to“teachers”in General is not able to give you learn the method or the answer to the question, of course, good luck will encounter Ming division; and 8. Without the addition of the associated feehackclasses, payhackweb site, of course you're going to stick also nothing wrong in it. For the average person is concerned, the author does not recommend you to study a certain class of languages, own delve into a Unnamed of thevulnerability, it would be unrealistic and distant, unless you're a fanatic and have been having some computer level.

Invasion: we can get what to charge resources

The search article tells us the long war, put the long-term, wide browse important, and this article is telling us to learn techniques, master the use of thevulnerabilityimportant, compared to the premise, invasion Get of charge resources more targeted, more practical and has a value. For example, we want to get to a pay site of resources, after scanning, careful analysis, found that and no way to be invaded, and after a few months we found in the magazine or on thenetworkto disclose such type of website source code to build website, there is somevulnerability, and we are at the first time of the invasion eventually get it--such a case believe the most common, because of to the Black anti -, for example, each issue published a variety ofvulnerabilityand various intrusion method very much, you are sure to find what they want.

In addition, in the invasion process, we sometimes find a“surprise”fee resources, such as aservicethe presence of the RPC or Serv-U, etc. avulnerabilityis done, we unexpectedly found that the above actually there are a lot of commercial template code or other charges, class website related resources available. From the want to produce to achieve the aspirations of the process time required is not determined, but the goal is clear and persistent cases, get the fee resources the possibility has greatly increased. Generally speaking, thetechnicalthe stronger the website or associated resources would be the invasion of the possibility of lower, and Own the production of the source program and invade the possibility of more low, the use of Unix and other non-Windowsserviceis the invasion and get their fee resources likely to be lower, having more diligence and effort of the NMS orartpost is to give fee resources the possibility of also lower, with the higher invasion capacity of people the likelihood of success is higher, and Vice versa.

No matter how, fee resources into afree that gets in the way, occupies a very important position and is one of the invasion. We get the kind of Fee resources often depends on the domestic status of thenetworkthe security situation and their own skills.

Examples: CGA-Ho party game portalvulnerability to it? VIPfreewhen! As the country's leading game platform, Hao Fang war platform CGA(Cga. com. cn claims the largest global eSports platform, it is difficult to imagine there is also avulnerability? The author's friend is a fan game, An air and ran to the CGA play the game, and the face of the non-VIP members having the room number of login restrictions, you can not use VIP Membership privileges, can notfreeto use the membership show and other restrictions frustrated, one may find the author, in offering a number of beauty statement after the author's ears weather the live, the the chin also fell to the ground, not on the mouth when went to cram several pieces of milk sugar, plus repeatedly to ensure the introduction of a PPMM to even under poor coupling still alone guarding the“space leap”, who called the crash will only write articles not to please MM, finally said a sentence“disabilities for friends who died”on the armored battle.

At the beginning when the author itself is also considered unlikely that, scanning its host failed, Hey, Hey--this is a matter of course, open their home to try to inject also unsuccessful, after N hours of effort, hair fall N the root, and finally confirmed the presence of the year before the end of discovery and in the last year is considered devastating ASP injectionvulnerabilities to this article published so far, the author and the unknown will CGA officials, in fact, the author is a Lazy Bones tribe, furthermore also as long as it's VIP Membership, a tell is not just a full bubble? Hope article was published after the complement.

Below we take a look at how implementation should be friends again instruction, and finally hide the actual URL address, the readers do not throw a brick Oh, after all, even the pain to understand it--just from a friend's house for dinner back in, Oh it. The first serious analysis on a web page all about“asp? id=”statements, with the relevant tools to scan it, here's the most importantIs careful, such as the home page, comments page, download page, published programs page, other pages, etc. are to be scanned, each of the sub-section also to sweep the bar, because the CGA is divided into many sections, such as counter-terrorism, Warcraft, star, software, hardware, VIP, etc.......

! Figure 2 swept to the CGA main MssqlDatalibrary !

Figure 3 sweep to CGA other part of the table

Believe that after a few hours you can also get to these forms, but want to cross-library or a puzzle, I test find can not be smoothly performed, and then whether to give up? Of course the answer is NO, then you need is the reference to“individuals get a charge of class resources, how many“absolute”depends on the mastering of the invasion of the skills”. If you do not go, then also it shows a problem, you to ASP SQL Inject is not a good grasp, go back and re-learn it. Finally, of course, is a Show about never pay money for the VIP account.


Figure 3 log in the platform Vip is a red digital display and has a Vip sign.


Figure 4 prove that is your account personal information

Write behind the words

The invasion article to a greater extent required you master a good invasion skills, learn and master it is also a hard and sustained a“Personal war”, the ability to obtain the outcome also depends on the readers whether they have support persistence, if you are a no perseverance, No a good idea to know people, and even expect something for nothing, then please skip the search for articles", " the invasion of the article for the next issue of the shared post will be allowed is more suitable for you. Lines of hasty, omissions can hardly be avoided, shortcomings, welcome to mention the positive, Exchange Please email whitewebmaster@gmail.com.