今天429是网络安全日,本人虽然时间不多,但是还是要写一篇关于网络安全的科普文章。
首先,我先批判一下(毕竟本人写文章,开头的批判是本人的风格和亮点),今天要批判的是精致的利己主义者。现在社会上有一种人,我看着就生气,这种人只要是为了自身的利益,什么手段都能用的出来,踩着别人往上面爬,没有道德和节操。最可怕的是往往现在这种人竟然能混的非常好,还谁都瞧不起,尤其是瞧不起我这种人。这太可怕了,必须采取一定措施限制!我为什么要批判这类人呢,很简单,是因为我爱我的祖国和人民。为了祖国和人民,虽然有些话我没有必要说,但劳资是必须要说出来!!!!!
接下来继续根据上面的话题,如果这种人被人传授了很强的技术能力,那就更可怕了,肯定会做出出卖别人什么集体的事情。我们没办法铲除这群han jian,但是我们必须想办法保护好自己的隐私和安全。
接下来我就说说网络安全及如何保护,我是大三上学期的时候研究这个东西的,那个时候,我的CET6和国二都已通过,没有其它的压力,于是就自学起了渗透技术。渗透技术是什么意思呢,就是我们通过找到对方机器存在的漏洞,然后通过漏洞访问对方的机器,从而窃取对方的文件的技术。
那么渗透技术是如何进行的呢,首先最简单的就是爆破。我们windows系统和3389号端口或者linux系统的22号端口是远程登陆端口,我们如果有账号密码,那么我们就可以登录。如果没有,那么就采用爆破的方式,一个个的试,直到进去为止。而有的时候我们的账户基本都是administrator或者root什么的,密码都是简单的数字,我们有一个字典的话很快就破解成功了。
其次是SQL注入,这个东西是原理是,你在访问网站的时候,你将你的一些数据传送(POST)给服务器时候,这些数据会告诉服务器,我需要在数据库中读取什么信息,然后服务器会把这些信息返回(GET)到网页上去。如果我们的数据库访问权限比较大,那么所有的数据库信息都会被返回到网页上去,这样整个数据库就一览无余了。
接下来讲的是后台登录,我们仅仅拿到数据库是不够的,要想拿到更多的东西,那就得通过数据库返回的后台账户密码登录到后台,然后上传一个木马,通过木马把整个机器的目录给获取了。有的网站后台直接暴露给了不法分子,还有一些隐藏的比较深。一般通过字典狂扫,或者爬虫。就能找到后台的登录地址,登录之后,上传一个木马,这样就获取机器的目录了。
通过字典狂扫不但可以扫后台,还可以扫描到网页模板自带的漏洞,找到这些漏洞,通过漏洞的上传点,改包上传木马,肯定就能把站点拿下了。还有的时候,我们上传木马,但是没有回显地址,这时候爬虫技术就用的上了,直接尝试爬出回显地址。
拿下后,接下来的任务就是提权,提权时候需要上传一个CMD文件,这个文件很容易被杀毒软件发现,因此我们需要加壳、加花(术语,可以百度)做一个免杀,也就是躲过杀毒软件的追杀。通过CMD进行提权之后,整个服务器就归你控制了。
总结一下,我们渗透技术一般步骤是:(1)对着服务器狂扫。(2)找出漏洞(包括SQL或者模板漏洞)(3)上传木马 (4)提权。
那么我们怎么防御呢,首先是把后台地址隐藏好,别被爬虫或者狂扫找到。第二,我们一定要及时更新数据库,设置好权限。第三,远程登陆这种端口最好放到内网,不让外网访问(端口映射虽然防不住)。最后,也是最重要的,!!!!!!千万不要把重要的资料放到服务器上面,比如隐私信息!!!!!!!!!
好了,这就是我的一些经验,虽然我早就不再继续研究了,但是总结一些经验,可能会更好的帮助大家提防精致的利己主义者,
谢谢!
小木
2020.4.29
Today is Internet security day in China (429). I want to share my experiences about the security of network, though my time is short.
I utmost disgust someone who looks down on others' gifts and kinds. They always plot some intrigues everywhere for suppressing others and contenting themselves. These people were called egoists. I very very dislike egoists because I love my country and people. It is the most terrible matter if egoists obtain the power.
We are not able to eliminate egoists but can stop ourselves from being attacked. Internet security should be first considered to protect our privacy that can not give egoists a chance to rob.
Penetrations technology is the way of searching network vulnerability and information interception when I had self-studied in my university life.
The most easily method of penetrations technology called burst, which used a dictionary to try to crack the account and password and to login the TELNET ports (such as 3389 on windows and 22 on linux). Some accounts are always set to the administator and root, and the password always are only numbers. In this condition, it can crack the computer fast using dictionaries.
Next, the SQL injection attack is a common way to penetrate the SQL database. We use the Url to input some SQL language and post them into the service. The service will return some database information to our website. All the database information will be exposed if database authority is not set.
The administator login can obtain further information of service though database can be acquired by SQL injection. We upload a Trojan in the administator login web. Then, service catalogues will be extracted. The administator login web can be obtained by the tech-reptile or the scanning.
The last method is called root. The root is not an account name. Root represents an authority for using the service. When we finished uploading a Trojan, the CMD file should be uploaded. However, CMD file is always found by the antivirus program. Therefore, a Trojan free to kill should be considered including shells and flowers.
In summary, penetrations technology contains 4 steps: (1) scan the service; (2) search the vulnerability; (3) upload a Trojan (4) root
Above all, it is my experience. I no longer study this technology but only in this way, can we protect ourselves from egoists under attack.
Thanks!
Peter Mu
4/29/2020