Super-brain hacker
HOME / Romantic / Super-brain hacker / Chapter List

Chapter 208 Invasion List

Kevin was able to find Lin Hong, and it was only by chance that users on other bbs discussed the topic of cracking the sam association calculator. Following the address provided by the other party, he found the official bbs of the sam association. Kevin has been shopping on this bbs for a long time. I think the cracking project of this calculator is very interesting, but it's a pity that it's too simple to arouse his interest for the time being.

He checked the introduction of the Sam Association and found that these people from the Sam Association seemed to be the teenagers from the three Latin schools that went to him last time. The place and name are very consistent, and it can't be wrong.

Therefore, Kevin detected the security of the server by hand. The basic protection is indeed in place, which can basically prevent the intrusion of ordinary hackers, but in his eyes, of course, it is different. He has at least ten ways to successfully invade it without alarming the administrator's attention.

These loopholes were found by him alone and have not been circulated in the hacker circle. Maybe others have also found them, but relatively speaking, they are still relatively few.

Kevin invaded and checked, and found a running cqcq server on the server.

He downloaded the program from the official ftp and studied the software.

Although it is relatively simple, it is easier to use than the popular irc software on the Internet.

However, when Kevin knew that the software was written by Stone, he decided to wait online for a while to talk to Stone about security issues.

As a result, there was a previous forced friend chat.

He continued: [Your software itself is good, and the information is also encrypted, but it is not safe enough: first of all, the encryption algorithm. As far as I know, they already have plans to start monitoring the irc channel.]

Lin Hong noticed that the "monitoring" he used was not a commonly used word, but replaced by another English word.

[Is our current chat also being monitored?]

[No for the time being, but you should be careful. Information encryption alone is not enough, and the architecture of your software is not secure enough. This is based on the client and server architecture, but this architecture is not strong enough. As long as the other party invades your server, it can steal your information.]

Lin Hong thought for a moment, and what he said really made sense. No matter how the client is encrypted, as long as the server is broken, the entire chat network will be controlled by the other party, just like Kevin forced himself to be a friend before.

[Can't you prevent this situation by taking good security measures against the server? Can't fix the vulnerability to stop the intrusion?

The system on the sam association server has been optimized and reinforced by Arthur. Some unnecessary ports and services have been disabled, and the known unsafe settings that may be invaded have also been modified. Unexpectedly, it was still broken by Kevin.

[Remember, there is no absolutely safe operating system. Especially those operating systems that are currently popular on the market are full of loopholes and are too easy to be hacked. No matter how many patches there are, it is useless. This is a design defect of the operating system. A loophole is blocked, and new loopholes will be found.

And you don't know whether the underlying operating mechanism of these operating systems will not disclose all the details as announced by those engineers.

They themselves know many loopholes or unsafe mechanisms, but they will not take care of them until they are announced by hackers. Maybe they have no time for the time being, or the loopholes belong to the core level. Unless the system architecture is changed, it will not help at all, and changing the system architecture is It's not something you can do if you want to...]

Design defects of the operating system...

Lin Hong remembered the ongoing Linux development plan between him and Linus. He couldn't help but be moved and replied: [Then, we can design a sufficiently safe operating system by ourselves. Once the loophole is found, we can fix it in time. As long as we design a strong enough kernel, all other code can be compiled by users at any time, so that the security can be greatly improved?]

Maintaining a secure and stable enough kernel is much easier than maintaining the entire system.

Moreover, hackers with strong technology can modify their systems at will and fix all the vulnerabilities they know. As long as they are not kernel-level defects, once the vulnerabilities are found, they can be improved and remedied as soon as possible, so that the security can be greatly increased?

Lin Hong thought a lot at this moment, including the development route of Linux in the future.

[Develop an operating system by yourself? Are you kidding? The current operating system is no longer just a toy for children as before. Microsoft's Windows operating system began to be developed as early as 1985. They have more than 100 engineers and have been developing for several years. What do you think it looks like now? And Apple's systemsoftware operating system...

In Kevin's view, like in the early days of computers, the era when one or two people could write an operating system has long passed, and the current operating system has gradually developed into a huge thing. Without enough people and time, they are not qualified for this job. Which hacker doesn't want to write an operating system to use? But how is it easy to talk about it?

However, he didn't know at all that Lin Hong and his friends had actually started to do it.

Lin Hong did not continue on this topic. He knew that what he and Linus are doing now is exactly the project that many people want to do but have not done or dare not do because of various concerns.

No matter what, Lin Hong thought, anyway, he and Linus carried out that project for interest and learning. It's very good to be comparable to minix without asking how powerful the function of Linux is.

Taking this opportunity, Lin Hong raised a question that he had always wanted to ask in his heart: [I want to learn network intrusion technology more systematically. Where should I start?]

The other party is a super hacker. In his opinion, the intrusion system is as simple as following up his own home. Lin Hong felt that consulting the other party's opinions could make him take a lot of detours.

The reason why he wants to learn invasion technology is not to invade, but to understand how to defend better.

As the saying goes, "know yourself and know your enemy and win every battle", Lin Hong feels that if you want to become a "white hat" hacker, you must first understand the "black hat" technology.

Kevin seemed to have expected that Lin Hong would raise this question.

He soon sent a text document through cqcq.

[You invade according to the order of the IP addresses in it. When you contribute all the servers in this list, you will become a beginner. Although these servers are relatively safe, I still suggest that you do enough camouflage when you invade, otherwise it will not be a happy thing to be on the monitoring list of 'their'.]

Lin Hong opened it and found that there was a long list of IP addresses in this document. After a few, it turned out to be as many as thirty!

Lin Hong did not continue to ask. He immediately understood what the other party meant. Kevin wanted to let himself learn intrusion technology through specific practice and operation.

Kevin chatted with Lin Hong for a while, and finally told Lin Hong a little about how to avoid monitoring when he called.

His favorite way is to transfer the dial through the relay line.

Whenever he wants to call a special person, he first connects to some lines that the other party can't monitor, such as some special encrypted channels, and then keeps jumping around in these lines. In this way, after many jumps, the other party can no longer trace his source and whereing, and finally does not know. The famous line is used as an exit to connect with the person he wants to talk to.

After talking about this topic, Kevin went offline.

When he didn't know something, Lin Hong still felt nothing. However, when he heard Kevin talk about security issues, he felt an inexplicable sense of insecurity, as if every sentence he sent to the outside world had never been silently observed by someone somewhere in the login visit of bbs.

Sometimes Lin Hong also feels that Kevin is a little neurotic and always suspects that others are monitoring all channels 24 hours a day, including telephone and the Internet.

After all, there are so many people in the United States. Is there so many people in fbi or cia?

They can only monitor suspicious targets in a targeted manner at most.

But then again, Lin Hong can be sure that Kevin did not lie. The sas system must exist. After all, Lin Hong has seen it with his own eyes. And fbi is indeed chasing Kevin.

Although Lin Hong feels that he will not be the target of surveillance, who can be sure about this kind of thing?

Moreover, Lin Hong's original intention of writing cqcq was originally to use it for friends. It is also a meaningful thing to provide them with a communication software that is not easy to be monitored. What's more, the person who monitors the information on the Internet is not necessarily the government, but may also be a "black hat" hacker.

Another point, according to Kevin, the newly developed aurora network monitoring system of "their" seems to be much more advanced than the sas system, and it does not need much manpower to monitor and intercept all data traffic in and out of the United States.

After Kevin went offline, Lin Hong thought for a long time about whether to really design cqcq software as a software that cannot be monitored.

Judging from the current situation, if you want to add this feature, you may have to sacrifice the ease of use and performance of some software, and the difficulty of development will also be increased a lot.

In addition, the intrusion of the server is always much more difficult than the intrusion of the software, and Lin Hong can't find a better hosting server for the time being. He finally decided to do point-to-point software. The message was not relayed on the server. After the sending end message was encrypted, it was directly transmitted to the receiver.

Messages are sent from the computer, which is a bit like walking through the city gate. Computers are cities. If you want to transmit messages to the outside world, you must go through specific ports such as 8000 (city gate). For example, when entering a line of words in cqcq, the software will package the text according to the irc protocol and send it through the gate (port) of 8000, but sometimes there will be a wall (gatelet server) outside the city.

The network administrator is equivalent to a gatekeeper. He has the right to control the closing and opening of the "city gate" and has the right to check the packages passing through the gate. If he does not want you to deliver any messages to the outside world, he can block the message by closing the "city gate" No. 8000. If he wants to monitor the message, he can also open it through the package of this gate to see the contents.

There is a simple way to avoid the "gatekeeper", that is, to use a proxy server, which is equivalent to the "transfer city". The data package can not go to Exit 8000, which has been closed or monitored, but can choose No. 8001. After going out, enter the "transfer city", and then by this city To the target city.

But this method is sometimes unreliable. Experienced gatekeepers not only monitor one gate, but also send sententinels to monitor all exits. As long as a package passes through the gate, they will open it and check the contents of the package.

To ensure that the package is safe enough not to be intercepted by the other party, it is best to go through some infrequently used gates. Of course, this is not safe enough, because the gatekeeper's ability is very strong, and all the gates can't escape the surveillance of the other party.

It is safer to add a locked solid box (encryption) to the data package, so that even if the package is stopped by the other party, they can't see the contents of the package immediately and must smash the box.

There are not many gatekeepers who can smash boxes. Some boxes are hard enough that even if it takes ten days and ten nights, they may not be able to smash them. The gatekeepers don't spend so much time on it.

But this is still not safe enough. If either of the two parties who transmit the message package is found to be transmitting "forbidden information", the government can follow the vine, follow the route of the package, and catch the other one.

Therefore, not only to lock the box for the package, but also to completely disrupt the route of the message, so that the other party can't trace it.

The way Kevin told Lin Hong about avoiding phone monitoring inspired him.

As long as the locked package is relayed in the "secret stronghold" for many times, it can successfully confuse the other party's audio-visual, so that he can't touch the flow trajectory of the package in the end, thus cutting off the clues.

It is relatively simple to lock the package, which Lin Hong has noticed before, but after establishing a "secret stronghold", Lin Hong has not figured it out for the time being.

The package is to be transmitted in these "secret strongholds". How to confirm the identity of the other party? Otherwise, if the other party is disguised as a gatekeeper, it is likely to throw himself into the net.

Lin Hong has not figured it out for the time being. He still lacks the corresponding knowledge reserve. He put this problem aside for the time being and continue to read the source code of the v0.00 version of Linux received before.

Chapter List

Full Novel Website en.quanben5.com