Font
Large
Medium
Small
Night
Prev Index    Favorite Next

Chapter 47: Community Competition (4)

The third update today! It's down from the recommendation list soon, please vote ~ smash it hard

===================================

In fact, Liu Yueshuang's proposal was her own considerations because she knew that Du Shaofeng had been in contact with the school's website construction since her freshman year. Later, other seniors left, and he officially took charge of the maintenance of the school's website. Therefore, Liu Yueshuang believed that he should be more familiar with this aspect.

The experts look at the tricks, while the lay people watch the fun.

Experts will know if there is any one.

In everyone's eyes, Du Shaofeng and Mo Tian suddenly started to move, and they kept operating their keyboards and mouse. In the monitor, various strange windows opened one after another, and then they frequently switched back and forth in each window. Sometimes when they opened a certain software and didn't know what they did, they called up the command line console, entered a few commands that they didn't know what function they were, and then they returned a lot of information that they couldn't understand...

Han Feng stayed behind Du Shaofeng for a while, shook his head, and focused on Mo Tian.

Han Feng saw Du Shaofeng's technical level last time in the library. To be honest, it's a waste of time. Just because he has a few hacking software that is quite appropriate, he can call himself a hacker? A real hacker will blatantly say to everyone, "I want to compete with you in hacking technology"?

In Han Feng's eyes, such behavior is undoubtedly very childish and idiotic. He has no interest in it. He just wants to do whatever he wants and just treat it as a farce.

Mo Tian still has some skills, and the invasion process has been consistent. If he continues to follow his current process, he believes that the invasion will be successful soon.

Du Shaofeng got off several software needed from his network hard drive early, including scanning tools, injection vulnerability discovery tools, attack detection tools, etc.

Using these tools, he has successfully invaded many websites and forums, and these tools were all brought by him from his master.

In addition, Du Shaofeng also has a lot of experience in website programming, so he is very confident in this competition, because he has almost all the right time, place and people.

Scanning is the basic skill of all invasions. Only by knowing oneself and the enemy can one be invincible. The same is true for invasions. First of all, you must collect as much information as possible on the target server, including determining whether the host is alive, what type of operating system is installed on the host, Windows or Linux or others. In addition, you can also know which ports the other host is using, what services are provided to the outside world, and even the software version of related services... and so on. Only after mastering this information can you prescribe the right medicine and discover relevant vulnerabilities.

Open the scanner, enter the domain name of the Nanjing University website into the scanning software, and after running it for a while, the result came out, including the server's IP address, and no vulnerabilities can be easily exploited.

It seems that the other party is responsible for website construction and his basic security awareness is quite good.

Du Shaofeng clicked on the website of Nanjing University and slowly started shopping on it.

Through the link address, he was a little happy to find that the website program of Nanjing University was actually written in ASP.

Like PHP and JSP, ASP is a very old web programming language. With the upgrade of Microsoft's server products, ASP has been newly upgraded to ASP.net. The latter has great advantages over the former, so gradually, ASP has been gradually replaced by it.

Because ASP is relatively old, there are quite a lot of loopholes discovered by others in this programming language, and Du Shaofeng happens to be quite familiar with ASP, so this discovery made him happy.

Of course, the key to whether a program is safe or not does not depend on what language it is written in. It mainly depends on who is writing and who is using it. It does not mean that the older the language, the more loopholes there are. The opposite example is assembly language, which is a real ancient programming language, but it still plays an important role. Programs written in this language are basically very safe.

Du Shaofeng looked at every web page of this website, including the source code seen in the browser, and did not find any version information of the website system. It seems that it was a system he wrote. The reason he did this was because he wanted to find out whether the website system was publishing the source code on the Internet. If it was downloaded from the Internet, it is very likely that someone had discovered some vulnerabilities. He just searched with a search engine and might find a way to invade.

This idea didn't work, so he had to change his mind.

At this time, he suddenly saw a page with a link to the principal's mailbox message board.

When I clicked in, I found that it was a message board system. Many students had already left messages on it and reported that they were not satisfied with the school network center, canteen and other departments.

The message board has an administrator login portal.

Du Shaofeng was inspired and immediately ran his injection tool, and then conducted a series of injection tests on this entrance.

SQL injection is a very ancient method of invasion. After it was released, it caused a wave of invasion around the world. Countless websites or forums did not filter relevant input information when programmers wrote programs, so they were successfully invaded by some novices who had just learned this invasion method. Faced with this kind of attack, no matter how many luxurious firewalls are installed on the server, it has no effect at all, because this is a completely legal SQL access. To prevent it, you can only strictly check the input content when submitting data to filter characters that may cause security problems (the more common ones are single and double quotes and equal signs).

Basically, if there is this vulnerability on the website, as long as you understand the SQL query language, you can easily log in to everyone's account, because as long as you know the username, the password has been bypassed.

Due to this kind of vulnerability, there are basically only a few attack methods, so a hacker later summarized these attack methods and wrote them into his own software. After discovering that a certain website has such vulnerability, there is no need to manually enter complicated code. As long as you use this software and press a button, you can traverse the attack methods against this website and it will come out in a flash.

The software Du Shaofeng uses is exactly such an injection software.

Unfortunately, the programmer who wrote this message board system is obviously very researching on SQL injection attacks, and he filtered all the special characters that could cause this harm.

Du Shaofeng's forehead began to sweat a little. He looked up at Mo Tian opposite him and found that he was looking at his monitor calmly, and his hands were typing on the keyboard very coherently.

After wiping the hot sweat quietly, Du Shaofeng began to continue looking for another method.

His focus is still on this message board.

After repeatedly checking the structure of this message board, Du Shaofeng suddenly found that the naming rules of this message board file seemed to be quite different from the naming rules of the previous news system.

Is this message board an independent program?

Based on this idea, he checked the web page source code of the message board.

Damn, there is!

Du Shaofeng was overjoyed. He found that this message board was actually a widely circulated message board on the Internet. Because the interface style changed just now, he had not seen it for a while.

The reason why he was impressed by this message board program was because his master taught him a lesson before, and the examples used were conducted for this message board.

He immediately entered a URL in his browser, and the result was that the address could not be found on the web page. Then he changed the suffix name of the web page and returned to the car. As a result, a large piece of garbled code appeared on the web page.

Du Shaofeng was greatly energetic, and he already knew exactly how to invade!

And just when he wanted to show off his skills, a light voice suddenly came out in his ears-

"I've done it."

===================

recommend:

Xiao Hei Mi's Another World Continent, "Magic Kirin" book number 1001104: See how the protagonist with Qilin constitution travels across the continent
Chapter completed!
Prev Index    Favorite Next
Blogroll
mountain village owner I practiced low martial arts into immortal martial arts Liu Pingqiu, the king of urban medicine and martial arts, is elegant Great husband of the Northern Song Dynasty The protagonist is Li Erdan Ji Xinyu's super enlightenment The villain queen has come out Ma'am, she's a big boss fertile blood Rise of South America through 1630