How the online game official library is flushed

This is the same method as modifying scores.

Today, I'm bored. I just want to come up with a few simple comments about the library.

The database is updated with money = 1000000. Merchants are used to reading data. It sounds like NB, and it looks so awesome.

First of all, I have been washing my hands for several years. All the things I mentioned below are old or outdated technologies. If you think it is not helpful to you, don't make a brick, i'm a cainiao, so I'm a good guy.

Compared with the trojan industry, the technology for database scalping is relatively higher. I have always thought that it is a kind of physical activity and I am lazy, so I have never been involved. However, it is not very difficult to refresh the database.

Before October year 56, the injection in China began to become popular, and the cut-off Upload Vulnerability began to reflect its power. I tried the simplest database flushing. You can guess how simple it is. You can't guess it,

It took 10 minutes from intrusion to database flushing !!

On the official WEB site, upload webshell, flip the conn file, connect to the database, query gamedb across databases, flip the table name, update ......... get started. That's all.

Someone may ask, is there anything simpler !, To what extent is simple, and even the intrusion process is omitted. It is said that the legends of the year can be injected into the chat box on the game interface at the beginning !!!!, Of course, I just heard from some cool people.

Of course it is difficult and difficult, but it is just a different idea of intrusion. I will not write the technical details below. I will only talk about the methods I have used, and my summary. That special guy, a 0day.exe ip port, and then telnet the ip port is not in the scope of the discussion.

**********************
Pre-Refresh
**********************
The first official intrusion was a positive breakthrough. The process of searching for uploads and injection points, such as South Korea and injection points, was almost sequential and interesting.

The initial injection was injected in the official article, followed by the user logon point, followed by the vote, followed by the background, followed by the sub-station, or update injection, step by step, attack and Defense are constantly being upgraded, but Korean experts have always had less brains, and their common problems are similar.

There is little possibility of a positive breakthrough, so we will develop to the field, and there are three types of field descriptions.

The first type is the same server, but I was confused at the time. What I knew at the time was that I could only query. com. net. org's international domain names are all. kr suffix. Later, it seems that there is a bypass site to query, so I don't know, but I can only aim at it. com

The second type is substation attacks. The stick has completed the main station, but the security of the substation has not kept up, so there are still many opportunities to break through the substation.

The third type is the same as the C-segment attack, which is prepared for sniffing. The method of winning the same C-segment is as old as upload + injection.

At the beginning, it was quite easy to attack the target site and then to the target data. Why is the password basically the same? At that time, after obtaining the cmd permission, let's start with a net view and look at the names of each computer, just like seeing a zombie. At the beginning, I was stupid. I liked to get all the permissions and tried ipc growers, implant all the Trojans through ipc $. The disadvantage is that you are easy to expose yourself.

**********************
Middle stage of library refreshing
**********************

I mentioned this in the early stage. Is it very simple? If you are patient and have a hacker training class, you can do this.

Attack and Defense are always accompanied by one another. with the efforts of the White Hacker, the Red Hacker, and the gray hacker, and the JB hacker, the hacker finally evolved. At this time, the Official Website won't be so easy to win.

The mid-stage invasion of the official website basically continued to be renovated in the early stage, but basically it never changed. It was just a bit more twists and turns, and the upload was more concealed. At this time, black and black people, I started to explore the commonly used programs, such as the most used messaging board and asp, which were revised one by one, it is estimated that there are still a lot of black guys reading code to find out the vulnerabilities. During this period of time during the library refreshing, basically all the programs used by the stick have been thoroughly studied. A relatively high-level cool-man is decompiling frequently-used service programs, such as the egg compression software, FTP software, and anti-virus software of the spider to find out the vulnerabilities and develop a big killer, in that era, the kill was one by one hitting the stick.

**********************
Post-Refresh
**********************
In fact, the demarcation between the middle and the later stages is not so obvious. Many people with strong divergent thinking, maybe I have used the method of refreshing the database I wrote in the early stage.
In this period, database flushing is actually a technical activity. The first requirement is to collect information.
Some hackers have turned over the s of ncsoft and nexon companies, including the websites of companies that contract online game official artists, companies that maintain code, and what interfaces do they have, what are the applications? All the networks connected to online gaming companies have never been used. Maybe they have been bent around for more than a dozen times before they have reached the internal network of online gaming companies. I know that all anti-virus software companies in South Korea have penetrated, including FTP software, NP software, and payment interfaces.
However, these are all steps. It is not that easy to win these companies with increasingly popular network security. At this time, the most powerful penetration method began to become widespread ------- social engineering.

Speaking of social engineering, it is really a long term. Social engineering is not only popular nowadays, but will also be the most important penetration method for a long time in the future.
Many years ago, I used social engineering to win the second-ranked online game company in Japan. The process was also very simple.
Google, "* @ xxx.com" mail, and then look at the page. Although I do not understand Japanese, I have contributed two words, which are the same as Chinese, so I enthusiastically sent an email to their company's mailbox. Someone asked, don't you know Japanese? It's very easy. google translates your Chinese title into Japanese, or simply copy a few Japanese and contribute files on the website interface, because many years ago, I did not remember which method it was. I achieved my goal.

At the beginning, the social worker used 0 days. The wanhe network horse knew no, And the pointer overflows. He used the email he wrote. As long as the other party opened the email, he would be lucky. No attachment required, x.
Well, the bots went online without terminals, and everything was done in CMD. Later it seemed like a server was overflowing (speaking of overflow, there were a lot of 0-day programs used in many years, at that time, Symantec overflow and port 27xxx were mostly used.) then, the terminal rebounded and a key server was found for GM.

I found a folder which contains all terminal files. It is BT. The passwords of each machine are randomly generated, with uppercase and lowercase letters and numbers. None of them are the same.

**************************************** **************************************** *
I have been thinking about the above for a long time, but I always remember that there are many to be supplemented and there are still many cases. After I think about it, I will gradually supplement it.

Let's take a look at a small summary. The current method of database flushing begins to penetrate from the Development Company, and begins to penetrate from Section C of the substation. The target company of the social engineering company, social engineering target party administrator (google ID information ).

The things used here are the habits of the target party (naming conventions of folder names, important mailboxes of the target party, MSN of the target party, telephone, information of management personnel, MSN and MSN passwords, security software used by the target party, etc)

I have seen a lot of kill tools, office series, pdf and other social engineering emails, one by one.
If there is no kill, use the chm Trojan, lnk backdoor, and decompress the package. Do not think these methods are easy to understand, but they can.

A goal of my social engineering in China is to use self-decompress packages. Of course, a cool man paid more than one thousand yuan. He asked a lady to make friends with the Administrator, and then asked the Administrator to solve the computer problems, then a trojan is sent to the Administrator for execution.

There will be a lot of content in the future, such as the details in the intrusion. Pay attention to the method. I'll write it here first and write it later!