Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:6220066722
HistoryJan 26, 2006 - 12:00 a.m.

Fee resources my methods(invasion)-vulnerability warning-the black bar safety net

2006-01-2600:00:00
佚名
www.myhack58.com
7
JSON

In the previous article we have introduced the idea of the article, the techniques article search article and receive a new friends good feedback, the friends actively reflect the problems, the features proposed in this series of articles 末篇 then increase the Q & A article in to one reply. Below we continue to embark on for the realization of charge resources free of war!

Invasion article

First of all, let us recall the network security vulnerabilities generated with the use of relevant knowledge see Appendix 1. doc the document, the vulnerability of the generation and discovery based on a variety of reasons, ultimately be propagated, use, repair and even forgotten. A vulnerability of produce to disappear the process can be extremely short, it may be several years or longer. And the so-called charge resources of the Deposit or the spread of media mostly websites, servers, all kinds of server programs, etc., that is to say when the Deposit or the spread of media to produce vulnerability, the charging resource also can be of our handy. This is an extremely simple problem.
Invasion: a novice should be how to properly go down

In the invasion article, individuals get a charge of class resources, how many“absolute”depends on the mastering of the invasion of the skills, that is, if you’re more skilled at intrusion and security in the knowledge that you will get more security vulnerabilities, and learn how to use these security vulnerabilities to attack skills. The author believes that this will greatly influence your future ability to obtain fee resources, then how should the increasing personal invasion skills and get charged resources?

For most beginners, get exploit techniques, methods derived from the hacker magazine, network technology articles, hack animation teaching and technology learning exchange, for most people, get of charge resources will not publicly“share”, the best example is this: we invaded a Web server and give these websites a source or charge the member’s account, we would not be disclosed. At least in the author’s awareness of the circle, they are doing so.

I had to rehash to tell you a fact: the invasion of the skills required yourself in the hobby on the basis of actively learning and thinking. For most people, if you can be in the BBS, ASK questions and stay the time it takes to reasonable go to see a professional magazine, the search for answers, browse technical articles, learning basic invasion of knowledge as well as thinking about and keep an eye on you want to get this fee resources possible vulnerabilities and efforts to test, then you will have more likely to break the“charge”limit, and this also requires you understand the idea of the article, the search for the article of the author always refer to some point of view.

Having a clear invasion skills learning pathway is extremely important, which is related to whether you can grow and get you want to get charge of class resources, and astray does not known to return the final result can only be fancies. believe adding a certain hack website charges members of the readers most of the Ming which Samadhi? in. So the novices in the invasion article should be to understand the primary question is: how to study the invasion rather than how to get charge of resources.

!

Figure 1 learning and improving is always the intrusion of the basic questions

I recommend novices such learning:
1. Keep learning, careful observation, clear objectives, understand their inner thoughts and be able to keep walking; the
2. Search and collect some of the better hacker sites means can provide free technical articles, free animation teaching, can provide a new vulnerability and the use of Article sites and learning;
3. Pick a present suitable for their own hacking journals and stick to reading lessons in which the essence, as the hacker online action;
4. The selection of a technical study of strong QQ group or other types of learning groups;
5. Rough and a large area to browse the hack forums to ask questions paste, art paste is not necessary often to participate in discussions; and
6. Improve their own level, the novice is best to stick to learning a language such as Asp, PHP, C++, VB, etc.;
7. Give up expectations of a“teacher”with the idea. Most of the novice because the have this idea but just the opposite–not serious about learning would have been very easy to grasp things, in addition to“teachers”in General is not able to give you learn the method or the answer to the question, of course, good luck will encounter Ming division; and
8. Without the addition of the associated fee hack instructional classes, the fee hack website, of course you’re going to stick also nothing wrong in it.
For the average person is concerned, the author does not recommend you to study a certain class of languages, their delving into an unnamed vulnerability, it would be unrealistic and distant, unless you’re a fanatic and have been having some computer level.

Invasion: we can get what to charge resources

The search article tells us the long war, put the long-term, wide browse important, and this article is telling us to learn techniques, master the use of the vulnerability of important, compared to the premise, invasion Get of charge resources more targeted, more practical and has a value. For example, we want to get to a pay site of resources, after scanning, careful analysis, found that and no way to be invaded, and after a few months we found in the magazine or on the web revealed this type of website source code to build website, there is a certain vulnerability, and we in the first time of the invasion eventually get it–such a case believe the most common, because of to the Black anti -, for example, each issue of the publication of vulnerabilities and the variety of intrusion methods very much, you are sure to find what they want.

In addition, in the invasion process, we sometimes find a“surprise”fee resources, such as a presence Server RPC or Serv-U, etc. a vulnerability is done, we unexpectedly found that the above actually there are a lot of commercial template code or other charges, class website related resources available.
From the want to produce to achieve the aspirations of the process time required is not determined, but the goal is clear and persistent cases, get the fee resources the possibility has greatly increased. Generally speaking, technical, the stronger the website or associated resources would be the invasion of the possibility of lower, and Own the production of the source program and invade the possibility of more low, the use of Unix and other non-Windows Server is the invasion and get their fee resources likely to be lower, having a more hard-working and efforts of management or technician is to obtain fee resources the possibility of also lower, with the higher invasion capacity of people the likelihood of success is higher, and Vice versa.

No matter how charged the resource becomes free, get in the way, occupies a very important position and is one of the invasion. We get what kind of charge resources tend to depend on the domestic situation of the network security status with its own skills.

Examples: CGA-Ho party game portal vulnerability? VIP Membership free when!
As the country’s leading game platform, Hao Fang war platform CGA(Cga. com. cn claims the largest global eSports platform, it is difficult to imagine there is also a vulnerability? The author’s friend is a fan game, An air and ran to the CGA play the game, and the face of the non-VIP members having the room number of login restrictions, you can not use VIP Membership privileges, can not be free to use members show and other restrictions frustrated, one may find the author, in offering a number of beauty statement after the author’s ears weather the live, the the chin also fell to the ground, not on the mouth when went to cram several pieces of milk sugar, plus repeatedly to ensure the introduction of a PPMM to even under poor coupling still alone guarding the“space leap”, who called the crash will only write articles not to please MM, finally said a sentence“disabilities for friends who died”on the armored battle.

At the beginning when the author itself is also considered unlikely that, scanning its host failed, Hey, Hey–this is a matter of course, open their home to try to inject also unsuccessful, after N hours of effort, hair fall N the root, and finally confirmed the presence of the year before the end of discovery and in the last year is considered devastating ASP injection vulnerability to this article published so far, the author and the unknown will CGA officials, in fact, the author is a Lazy Bones tribe, furthermore also as long as it’s VIP Membership, a tell is not just a full bubble? Hope article was published after the complement.

Below we take a look at how implementation should be friends again instruction, and finally hide the actual URL address, the readers do not throw a brick Oh, after all, even the pain to understand it–just from a friend’s house for dinner back in, Oh it. The first serious analysis on a web page all about“asp? id=”statements, with the relevant tools to scan it, here’s the most important thing is careful, such as the home page, comments page, download page, published programs page, other pages, etc. are to be scanned, each of the sub-section also to sweep the bar, because the CGA is divided into many sections, such as counter-terrorism, Warcraft, star, software, hardware, VIP, etc…

!
Figure 2 swept to the CGA master Mssql database
!

Figure 3 sweep to CGA other part of the table

Believe that after a few hours you can also get to these forms, but want to cross-library or a puzzle, I test find can not be smoothly performed, and then whether to give up? Of course the answer is NO, then you need is the reference to“individuals get a charge of class resources, how many“absolute”depends on the mastering of the invasion of the skills”. If you do not go, then also it shows a problem, you to ASP SQL Inject is not a good grasp, go back and re-learn it. Finally, of course, is a Show about never pay money for the VIP account.

!

Figure 3 log in the platform Vip is a red digital display and has a Vip sign.

!

Figure 4 prove that is your account personal information

Write behind the words

The invasion article to a greater extent required you master a good invasion skills, learn and master it is also a hard and sustained a“Personal war”, the ability to obtain the outcome also depends on the readers whether they have support persistence, if you are a no perseverance, No a good idea to know people, and even expect something for nothing, then please skip the search for articles", " the invasion of the article for the next issue of the shared post will be allowed is more suitable for you.
Lines of hasty, omissions can hardly be avoided, shortcomings, welcome to mention the positive, Exchange Please email [email protected] the.

JSON