今天429是網絡安全日,本人雖然時間不多,但是還是要寫一篇關於網絡安全的科普文章。
首先,我先批判一下(畢竟本人寫文章,開頭的批判是本人的風格和亮點),今天要批判的是精緻的利己主義者。現在社會上有一種人,我看着就生氣,這種人只要是爲了自身的利益,什麼手段都能用的出來,踩着別人往上面爬,沒有道德和節操。最可怕的是往往現在這種人竟然能混的非常好,還誰都瞧不起,尤其是瞧不起我這種人。這太可怕了,必須採取一定措施限制!我爲什麼要批判這類人呢,很簡單,是因爲我愛我的祖國和人民。爲了祖國和人民,雖然有些話我沒有必要說,但勞資是必須要說出來!!!!!
接下來繼續根據上面的話題,如果這種人被人傳授了很強的技術能力,那就更可怕了,肯定會做出出賣別人什麼集體的事情。我們沒辦法剷除這羣han jian,但是我們必須想辦法保護好自己的隱私和安全。
接下來我就說說網絡安全及如何保護,我是大三上學期的時候研究這個東西的,那個時候,我的CET6和國二都已通過,沒有其它的壓力,於是就自學起了滲透技術。滲透技術是什麼意思呢,就是我們通過找到對方機器存在的漏洞,然後通過漏洞訪問對方的機器,從而竊取對方的文件的技術。
那麼滲透技術是如何進行的呢,首先最簡單的就是爆破。我們windows系統和3389號端口或者linux系統的22號端口是遠程登陸端口,我們如果有賬號密碼,那麼我們就可以登錄。如果沒有,那麼就採用爆破的方式,一個個的試,直到進去爲止。而有的時候我們的賬戶基本都是administrator或者root什麼的,密碼都是簡單的數字,我們有一個字典的話很快就破解成功了。
其次是SQL注入,這個東西是原理是,你在訪問網站的時候,你將你的一些數據傳送(POST)給服務器時候,這些數據會告訴服務器,我需要在數據庫中讀取什麼信息,然後服務器會把這些信息返回(GET)到網頁上去。如果我們的數據庫訪問權限比較大,那麼所有的數據庫信息都會被返回到網頁上去,這樣整個數據庫就一覽無餘了。
接下來講的是後臺登錄,我們僅僅拿到數據庫是不夠的,要想拿到更多的東西,那就得通過數據庫返回的後臺賬戶密碼登錄到後臺,然後上傳一個木馬,通過木馬把整個機器的目錄給獲取了。有的網站後臺直接暴露給了不法分子,還有一些隱藏的比較深。一般通過字典狂掃,或者爬蟲。就能找到後臺的登錄地址,登錄之後,上傳一個木馬,這樣就獲取機器的目錄了。
通過字典狂掃不但可以掃後臺,還可以掃描到網頁模板自帶的漏洞,找到這些漏洞,通過漏洞的上傳點,改包上傳木馬,肯定就能把站點拿下了。還有的時候,我們上傳木馬,但是沒有回顯地址,這時候爬蟲技術就用的上了,直接嘗試爬出回顯地址。
拿下後,接下來的任務就是提權,提權時候需要上傳一個CMD文件,這個文件很容易被殺毒軟件發現,因此我們需要加殼、加花(術語,可以百度)做一個免殺,也就是躲過殺毒軟件的追殺。通過CMD進行提權之後,整個服務器就歸你控制了。
總結一下,我們滲透技術一般步驟是:(1)對着服務器狂掃。(2)找出漏洞(包括SQL或者模板漏洞)(3)上傳木馬 (4)提權。
那麼我們怎麼防禦呢,首先是把後臺地址隱藏好,別被爬蟲或者狂掃找到。第二,我們一定要及時更新數據庫,設置好權限。第三,遠程登陸這種端口最好放到內網,不讓外網訪問(端口映射雖然防不住)。最後,也是最重要的,!!!!!!千萬不要把重要的資料放到服務器上面,比如隱私信息!!!!!!!!!
好了,這就是我的一些經驗,雖然我早就不再繼續研究了,但是總結一些經驗,可能會更好的幫助大家提防精緻的利己主義者,
謝謝!
小木
2020.4.29
Today is Internet security day in China (429). I want to share my experiences about the security of network, though my time is short.
I utmost disgust someone who looks down on others' gifts and kinds. They always plot some intrigues everywhere for suppressing others and contenting themselves. These people were called egoists. I very very dislike egoists because I love my country and people. It is the most terrible matter if egoists obtain the power.
We are not able to eliminate egoists but can stop ourselves from being attacked. Internet security should be first considered to protect our privacy that can not give egoists a chance to rob.
Penetrations technology is the way of searching network vulnerability and information interception when I had self-studied in my university life.
The most easily method of penetrations technology called burst, which used a dictionary to try to crack the account and password and to login the TELNET ports (such as 3389 on windows and 22 on linux). Some accounts are always set to the administator and root, and the password always are only numbers. In this condition, it can crack the computer fast using dictionaries.
Next, the SQL injection attack is a common way to penetrate the SQL database. We use the Url to input some SQL language and post them into the service. The service will return some database information to our website. All the database information will be exposed if database authority is not set.
The administator login can obtain further information of service though database can be acquired by SQL injection. We upload a Trojan in the administator login web. Then, service catalogues will be extracted. The administator login web can be obtained by the tech-reptile or the scanning.
The last method is called root. The root is not an account name. Root represents an authority for using the service. When we finished uploading a Trojan, the CMD file should be uploaded. However, CMD file is always found by the antivirus program. Therefore, a Trojan free to kill should be considered including shells and flowers.
In summary, penetrations technology contains 4 steps: (1) scan the service; (2) search the vulnerability; (3) upload a Trojan (4) root
Above all, it is my experience. I no longer study this technology but only in this way, can we protect ourselves from egoists under attack.
Thanks!
Peter Mu
4/29/2020