A security check with weak user security awareness

[IT expert network exclusive]

Psychology, Sociology

The network is virtual. When you open your computer, you can't see anything. The network is really true. Every action you make on the network leaves traces or marks. This is like opening Pandora's box, and you have almost no way to erase it. So there will be some stories. There is a saying that "you are afraid of being stolen by thieves, and you are afraid of being missed by thieves". The clues you leave on the Internet may be exploited by some people with ulterior motives, playing with some tricks similar to "Li Gui? Don't be surprised. Let's see how they found you by following your clues.

1. Click "step on" to determine the target and task.

Enter a forum and determine the user ID. This user cannot be too common or have too many duplicate names. Otherwise, You Need To Know additional information.

Target: a user whose user ID is "Zhang.

Task: collect sensitive information such as Email, phone number, address, QQ, MSN, and some accounts and passwords based on a user ID (N or more in any forum.

Ii. Collect information

1. Search Engine: Because you only know its name, you need to know its online activities. First, log on to www.google.com and www.baidu.com and enter its name for search, but no search results are displayed. This is basically what we expect, because generally people cannot search engines, So where can we get more information?

2. Record:

(1) Open www.chinaren.com and log on. Alibaba record provides an interesting feature-"Big searching for students". Enter "Zhang #" And click "Search" to prompt "users not bound to mobile phones, you cannot use the Alibaba Cloud account search function!" It's no big deal, so bind it, search again, and the result is displayed.

(Comment: "Searching for classmates" is a double-edged sword for the convenience of "some people !)

You can see the graduation school information! Next, open the links for each class in the search results. Because many classes do not disclose their classes, visitors cannot log on to the logon system to view the recorded messages, fortunately, we found that two classes in the above search results were set to "public", and you can view the recorded messages and the class's personal address at will. In the personal address, view the personal information of "Zhang #", prompting non-class members that cannot be viewed. Well, click "join class" and join this class without approval! Next, view your personal information and obtain the following information in the Transcript:

Registered account: zhang * @ chinaren.com

Basic Information

Real name: Zhang ##
Gender: male
Birthday: 1982-10-27 (Scorpio)
Nationality :-
Current location :-
Industry :-
Work Unit :-
Contact info
Mobile phone number :-
QQ: 3841 ***
MSN :-
E-mail: zhang * @ 163.net
Contact number :-
Personal Homepage :-
Note:-Indicates Blank

(2). Open www.5460.net. As we all know, chinaren and 5460 are two of the most popular and popular referers. Go to 5460 to see if more information can be obtained. The student search function is still used in section 5460. However, unlike www.chinaren.com, this function requires mobile phone binding. As expected, the following information was quickly searched on 5460:

Registered account: aaa111,

Email: zhang * @ 163.net.

Note: Email and chinaren are the same!

Iii. Breakthrough

So far, we have obtained network information such as frequently-used Email, QQ, and registered accounts only when we know their user IDs. How can we find a breakthrough point, what about further details? Of course, you can use brute-force password cracking to access your Email or QQ account, but we cannot do this. We can detect friendship. In addition, this does not match our personality. the reference of a popular word is: no technical content! So what should we do next?

(1). Frustrated

Next we will use "forgot password" to check whether the password can be found or related information. Open mail.163.net and click "forgot password". Then, the system prompts you to enter the date of birth, the birthday information of "Zhang #" obtained from the transcript, and then click "Next". The system prompts you to enter the correct information! Then the system prompts the question "who are you". After trying a few answers, they are all wrong. This cannot be done!

In QQ's "forgot password", the "who are you" prompt is "who are you", so you can think of his answer is certainly not the same as the question. The password retrieval function of Chinaren is changed to manual, so it cannot be used anymore.

(2). Transfer

Open the "forgot password" page at www.5460.net. on this page, click "View Source File" on IE to view the following content:

<Strong> 2 </strong>. If you cannot answer questions, you can also send your password to the email address of your registered account: <br>
<Form name = "" action = "getPsByMail. jsp">
<Input type = "submit" name = "Submit2" value = "Send me the password! ">
<Input type = "hidden" name = "nId" value = "13455732">
<Input type = "hidden" name = "email" value = "zhang * @ 163.net">
<Br> </form>

In this way, we know the email address to which the password is sent. At the same time, we know that the 5460 password must be stored in the database. Unlike QQ, we just send a link to change the password! Then we will know that if we can access his mailbox, we will be able to get his password!

(3 ).

Next, as I knew his registered account, I thought whether he would use this account to register and log on to many forums? Google and baidu are still used, but this search keyword uses his registered account instead of his real name. This time, with the search results, the first one is Tianya Forum. Open the link, open the personal information of this account in Tianya and search for his articles on Tianya forum. It seems that he is still active, by analyzing the forum where he posted his post, he will know his personal interests in surfing the internet! However, it is still far from our goal. Check the registration information of "Zhang #" in the transcript again to find out the name of his university and middle school. Take this as a breakthrough and check whether it can be implemented?

First, go to the university homepage and check it out. It is estimated that there are not many vulnerabilities that can be exploited, and there should be no "Zhang ##" personal information, search www.google.com for the name of the middle school, and find that the middle school has its own website. Open its homepage and find that the news and articles publishing system adopts asp, I am very happy that there may be SQL injection. I can see that there is still a transcript board built by my school on its home page. At first glance, I know that it is definitely using those free record programs on the Internet, it seems that the chance of winning this website is already very high. Wait and you just need to determine whether "Zhang #" has been registered on this record. Open the middle school class "Zhang #" in the transcript. The member list shows that he has registered and logged on. Well, we have found a breakthrough. As long as we can get the database of this website, we can get the password of "Zhang, if the password is the same as the password in the mailbox on mail.63.net, it will be done. If it is different, further information can be obtained.

First, let's look at the news system on the homepage. Use the asp program to open a piece of news http: // www. ***. net/include/shownews. asp? Id = 453, add and 1 = 1 after the URL, and there is no error. Obviously there is SQL injection. Take out nbsi2. scan the website using the SQL Server database, in addition, log on using SA. In the automatic guessing solution, you already know that the logon database is alumni_user. In the column name, select name, truename, and password for cracking, enter truename = 'zhang ##' for the cracking condition. The password is successfully cracked and we are done!

4. Win-win pursuit

Use the cracked password to log on to its mail.163.net mailbox. The password is the same. after entering the password, check its inbox and find that it has registered eBay and Dangdang online bookstore, in addition, I used the "forgot password" function to send the password to my mailbox.

Next, enable Dangdang and use the account and password sent by Dangdang in its inbox to log on to Dangdang. In this case, "Zhang ##" shows the personal information of Dangdang, including the ID card number, mobile phone number, and home address.

At the same time, I found some personal sensitive account and password information in my mailbox, including QQ accounts and passwords for some forums. It seems that this old man is very forgetful and has a positive and optimistic attitude towards our network security. Maybe he also believes that there is no thief in the world!

Conclusion: You may not be surprised now! What do people complain about? We don't seem to have to get angry with the Internet, or even blame others. The root cause is our lack of security awareness, giving others a chance. In combination with this security test, we should pay attention to the following points:

1. Do not use the same account and password in the Forum, email address, or website service registration. Otherwise, the same account and password will be broken and all will be compromised.

2. Do not store sensitive information such as accounts and passwords in your mailbox. Otherwise, you will be pleasantly surprised.

3. Some sensitive emails, such as "password retrieval", must be completely deleted after reading them.

4. Do not register on some websites that have security risks or are not formal. Do not enter your own real information for registration.

To a certain extent, you can protect your privacy.