Online official is to be brush library-vulnerability warning-the black bar safety net

2010-03-20T00:00:00
ID MYHACK58:62201026488
Type myhack58
Reporter 佚名
Modified 2010-03-20T00:00:00

Description

This and modify the score the same way.

Today comparing the stuffy, just up ripped two sentences, with regard to the brush library on this thing

The brush Gallery, is update money=1 0 0 0 0 0 0, a businessman used to call the brush points, sounds like a very NB, looks worship, in fact, also just then going on.

First statement, I have to wash your hands from a couple of years, I mentioned below are something that are relatively old, or outdated Technology, If you think you didn't help, don't shoot the bricks, I'm the rookie, I From.

Brush library with respect to the hanging horse industry, the technology is relatively a little higher, I've been of the view, the hanging horse is an individual the force to live, I lazy, so I didn't hang over the horse. But the brush library, it is not a difficult thing.

Five or six years ago, the domestic injection began to spread, truncated upload vulnerability begin to manifest its power, I tried the most simple brush library, you guess how simple, you must guess not to come out,

From the invasion to the brush library, with a ten minutes of it!!!!

In the official WEB site, upload webshell, turned the conn file, connect to the database, cross-database query gamedb,flip the table name, the update........ Fixed up, that's all.

Here someone will ask, that there is no more simple, there is!, the Simple to what extent, simple to link the invasion process are omitted, is said the year of the Saga, just the beginning, can be in the game interface's chat box injection!!!!that Of course, I also just hear a cow say.

Of course difficult, but also difficult, however, is the invasion of ideas is different, I'm here to talk, not write to technical details, I only speak I've ever used the methods, and I summarize the experience. The kind of special cow, 一个0day.exe ip port and then telnet ip port is not in the scope of


Brush library upfront


The beginning of the invasion official, is a positive breakthrough, looking for upload, looking for injection points, such as South Korea, the injection point of the process, almost there is a sequential, unique meaning

The beginning of the injection, is in the official article where injected, then the user logon point, and later to vote, then the background, then is a sub-station, or update the type of injection, a step-by-step, offensive and defensive are constantly in the upgrade, but Korea stick in the brain has been 少根筋, their common problem are almost.

The front break is unlikely, the development to the next note, the next note there are three

The first is with the server, but I was relatively confused, I then know, 只能查询.com . net . org international domain name, then the stick is. the kr suffix, later as a marginal note Station can query, then I'm unclear, but I can only scan with. com such to start with

The second is the sub-Station attack, stick to the Master Station, sub-Station security has not kept pace, so there's still a lot of to start with opportunity, how to break the sub-Station, Ibid.

The third one is the same C-segment attack, which is to sniff, and scored with the C-segment method, the same, upload+injection.

Just the beginning, next to the attack to take down the target Station, and then to the target data, is still relatively easy, why, password, basically all the same Ah, that time the habit is to get to the cmd permissions, the first for a net view, looking at a personal computer famous, like seeing a chicken like, when I compare silly, like put all the permissions to get the hand, also tried ipc planting machine, all machine via the ipc$kind of Trojan, so that to bring the harm that is likely to expose themselves.


Brush library mid -


Early on here, is not very simple, a hacker training course graduation, little black, have patience while all this can be done.

Offense and Defense is always dependent of the concomitant, cobs in China hack white guest honker gray guest JB customer effort culture, and finally evolution, and this time the official is not so easily scored

Mid-invasion official, the front of the basically, constantly renovated, but basically plus ça change, just injecting more twists and turns, upload more hidden, this time the dark ones, began to tap the stick commonly used programs, such as the one with the most what what what the message Board, asp, revision A, estimated now there are many black people in reading the code trying to find vulnerabilities in the brush library Mid-term of this period of time, basically stick with the program, have been studied for a through. Relatively high level of cattle, in the anti-compiled with the stick commonly used service programs, such as the egg-shaped compression software, FTP software, that Spider antivirus software what to find out the vulnerability to develop a killer app, in that era, the big kill is a one to stick in there smashed.


Brush the library of the late


In fact, the mid-with late of demarcation is not so obvious, a lot of divergent thinking and strong people, maybe in my writing brush library early times it has been used I will write to later brush library method. In this period, the brush library is really a technology live, the first requirement is to collect information. Some of the hackers, put the ncsoft,nexon these company's ancestors eighteen generations are turning out, including those Contracting online the official artwork for the company website, maintain the Code of the company, and what, what interface, what what applications, all with online game company ripped on the relationship of the network, are not let go, maybe about ten to a bend, only to Online companies within the network. I know, the Korean antivirus companies have to penetrate, including FTP software, NP software, payment interface, etc R & D of the company, are to penetrate. But these are all steps in network security the increasing popularity of the case, take down these heretical company, it is not so easy. This time, the most powerful osmosis method, start universal.------- social worker.

Speaking of social workers, really is a long story, a social worker, not only in the popular, in the future a long time, it has always been the most important of the penetration method. Many years ago, I worked with social workers scored Japan's second-ranked online game companies, step is also very simple google,"*@xxx.com" mail,then flipping through the pages, in Japanese, though I don't know, but posting two words, with the Chinese is the same, so I enthusiastically voted an e mail to their company email, someone to ask, you is not not Japanese? this is very simple lah, use google to put your Chinese title translated into Japanese, or simply in the web interface, copy a few Japanese+submissions on it, because it is many years ago, I don't remember which method, anyway I achieved my purpose.

When the social worker is 0day, Ani network horse knew not, the pointer of the overflow of that, with the written message, as long as the other opens the mail, it caught, don't Annex anything, the very cattle X. Well, the chickens on the line, there is no terminal, everything is in the CMD of operation, the later seems to be overrun with a server speaking the overflow up, which for many years used the 0day really many, at the time with the more is Symantec overflow, 27xxx what port, and then bounce the terminal, and later found a key server, the GM.

Find a folder, inside full is a terminal file, it's BT, each machine passwords are randomly generated and uppercase and lowercase letters+numbers, not one the same.


From the a long time, and temporarily think of the above, but always remember that there are many to add, there are a lot of cases, I think of it, I will gradually Supplement.

First a little summary, now the brush library method, from the development company began to penetrate from the sub-Station C segment began to penetrate, the social workers of the target company, the social workers target the top managers of google those IDS.

Which With to something, the target's habits folder file name naming Convention, the target of the important mailbox, the target side of the MSN, the phone, the managers of information, MSN, MSN password, the target party security software, etc

Great kill, I've seen a lot of, office series, pdf, etc. social worker, message, one by one. No big kill device, use chm Trojan, lnk, Backdoor, self-extracting package, do not think these method is very easy to see through, but is can.

I'm a social worker in a domestic target, with is a self-extracting package fixed up. Of course, a cow and more cows, more than a thousand dollars, looking for a lady to talk to the administrator between the video or something, and then let the Administrators solve the computer problem, then send a Trojan to allow the administrator to perform, fixed up。

Follow-up there is a lot of content, such as the invasion of the details, pay attention to the method, I first write to this bar, come back later to write!