Social engineering is psychology
In an ever-growing network society, each of us becomes one of them. When you turn on your computer and connect to the network, one day, you find that all your personal archives are well known by the uninvited customers in a certain corner of the earth, and even your personal privacy, what do you think? Maybe you don't think it's just an alarmist. If you are a completely isolated person from the Internet, you don't have to worry about it. But if you were a trendy person in the Internet Society, you may need to be careful. Let's look at a practical example!
I only know the name of a person (of course, the name is not very common). How can I deal with his personal information (such as Email, phone number, address, and password )? Prerequisites: This person accesses the Internet and has multiple emails and QQ accounts. (This is a simple condition. Which of the following webworms does not have several emails, several QQ accounts, and which does not frequently fill the forum ?). Next we will achieve this goal!
Objective: To know a person's name (this is assumed to be Michael Jacob), and now you need to find out his common network identity!
Note: The name of this person (zhangsan) is not too common and cannot contain too many duplicate names. Otherwise, You Need To Know additional information!
The procedure is as follows:
I. Collect information
Because you only know its name, you need to know its online activities! First, log on to www.google.com and www.baidu.com and enter its name for search. However, no search results are displayed. This is quite expected because, after all, people generally cannot search engines, So where can I find more information?
Open www.chinaren.com. After logging on to Alibaba Cloud, Alibaba Cloud record provides a good function, that is, "Searching for students", entering names, and clicking search, but prompting users not bound to mobile phones, you cannot use this "classmate searching" function. You have to bind your mobile phone and search again. The result is displayed, as shown in:
Figure 1
We can see that by searching, we have obtained the graduation school information! Next, open the links of various classes in the search results. Because many classes have set their classes to non-public, the guest login will not be able to see the transcript message, fortunately, there are two classes in the above search results that are set to public. You can view the recorded messages and the class's personal address at will, and view the personal information of Michael Jacob in the personal address, the system prompts non-class members who cannot view the information. Well, join the class without approval. Next, view the personal information and obtain the registered account of Michael Jacob in the course: aaa@chinaren.com, commonly used e-mail: bbb@163.net, QQ: 3 *******.
Next, open www.5460.net. As we all know, chinaren and 5460 are two of the most popular and popular albums. Go to 5460 to see if you can get more information. The student search function is still used in 5460. The difference is that this function does not need to be bound to a mobile phone as www.chinaren.com does. As expected, on 5460 quickly found its information, registered account for aaa111, Email is still bbb@163.net.
Ii. determine breakthrough points
So far, we have obtained the frequently-used Email, QQ, registered account and other network information only when we know its name. How can we find a breakthrough point next, further details? Of course, you can use brute-force password cracking to access your Email address or QQ account, but I do not recommend using brute-force password cracking: no technical knowledge at all ). What should I do next?
Next we will use the forgotten password to check whether the password can be found or related information. Open 163.netand click forgot password. The system prompts you to enter the date of birth, month, and day, and enter the birthday information of Michael Jacob obtained from the transcript. after entering the correct information, the system prompts "who are you ", the answer is the same as the question. If you try it, you will find that it is incorrect! In QQ's forgotten password, the "who are you" prompt is "who are you", so he will certainly not answer the same question. The password retrieval function of Chinaren can be changed to manual, and naturally cannot be used. The Retrieval password on 5460.net is interesting, as shown in the figure below!
Figure 2
On this page, click "View Source File" on IE to view the following content:
In this way, we know the email address to which the password is sent. At the same time, we know that the 5460 password is definitely saved in the database. Unlike QQ, we just send a link to change the password! Then we will know that if we can access his mailbox, we will be able to get his password!
Next, I knew his registered account, and thought whether he would use this account to register and log on to many forums? Google and baidu are still used, but this search keyword uses his registered account instead of his real name. This time the search results are available, and the first one is Tianya Forum. Open the link, open the personal information of this account in Tianya and search for articles on Tianya forum. It seems that he is still active, by analyzing the forum where he posted his post, he will know his personal interests in surfing the internet! However, it is still far from our goal. Check Michael's registration information in the transcript again to find out the name of his university and middle school. Take this as a breakthrough to see if it can be achieved?
First, I went to the university homepage and browsed it. It is estimated that there are not many vulnerabilities that can be exploited, and there should be no personal information, search www.google.com for the name of the middle school, and find that the middle school has its own website. Open its homepage and find that the news and articles publishing system adopts asp, I am very happy that there may be SQL injection. I can see that there is still a transcript board built by my school on its home page. At first glance, I know that it is definitely using those free record programs on the Internet, it seems that this website has a very high chance of winning the game. After waiting, you just need to determine whether Michael Jacob has registered in this record and open the middle school class of Michael Jacob in the record, the member list shows that he has registered and logged in. Well, he has selected a breakthrough. As long as he can get the database of this website, he can get the password of Michael Jacob, if the password is the same as the mailbox password on 163.net, you will be able to get further information.
First, let's look at the news system on the homepage. Use the asp program to open a piece of news http: // www. ***. net/include/shownews. asp? Id = 453, add and 1 = 1 after the URL, and there is no error. Obviously, there is SQL injection. Take out nbsi2. the scan results are as follows:
Figure 3
You can see that the website uses the SQL Server database and uses sa for login. In the automatic guessing, the logon database is known as alumni_user. In the column name, select name, truename, and password to crack the database, enter truename = 'zhang san' for the cracking condition, and the password will be cracked immediately. Success!
Iii. Win-win pursuit
Use the cracked password to log on to its 163.net mailbox. The password is the same. After entering it, check its inbox and find that it has registered eBay and Dangdang online bookstore, and forgot to send the password to the mailbox, such:
Figure 4
As you can see, the password registered on Dangdang is inconsistent with the current email password. Next, log on to Dangdang and use the account and password to log on. At this time, the personal information on Dangdang includes the personal ID card number, mobile phone numbers and home addresses are all at a glance.
In this mailbox, view the personal information in the mailbox settings. If you forget the password, the answers to the questions are displayed in plain text. Here, we will explain that the 163.net mailbox saves the answer to the forgotten password in the plain text in personal information, which increases the security risk. In the 163.com mailbox and some other password forgot answer settings such as QQ, the answer is not displayed. If you want to change the answer, you need to enter the original answer and the new answer to modify it.
After logging on to QQ with the obtained two passwords, the system prompts that the password is incorrect. Go to the QQ homepage and use the forgot password function. The password uses the 163.net password to prompt the answer, in addition, the link for modifying the QQ password is sent to the 163.net mailbox. It seems that this penetration has gained a lot. Not only has it obtained the e-mail, QQ, and frequently logged on to the Forum information he commonly used on the Internet, but also has successfully obtained its frequently-used password!
Iv. Summary
Summary of the Penetration Process, information collection is a key. The more information you obtain, the higher the hope of success, and the more Breakthrough points you can choose. On the internet, collecting and analyzing information is an important part.
During this Penetration Process, he obtained a lot of information on the Internet, including passwords, through his real name. What's more serious is that this is not an accidental phenomenon, in the last three infiltration processes, I tried to obtain information successfully. The reason is very simple. Most people register on other forums or websites, and the registered accounts or passwords are often the same, who can ensure that the forum or website you registered is 100% secure? Not to mention that many websites sell their registered user information. Therefore, when registering your personal information on the Internet, you must consider it with caution. Otherwise, one day your personal privacy will not be shown in front of others, it's an iron fact!
Note: The main purpose of this article is to introduce such threats. No one can use this article to do anything illegal.