Chapter 227 Start the invasion
Lin Hong originally thought that Richard was the kind of person who knew the secret plan of U.S. government surveillance like Kevin, but after his many side attacks, the other party did not show any signs of knowing the plan. In the end, Lin Hong had to admit that the other party might only think so intuitively. Richard told Lin Hong that "free software is a weapon to resist evil government and defend freedom", but Lin Hong has no feelings about it. Although he feels that there is a certain connection, it does not seem to have reached this level.
Richard soon gathered a lot of followers who expressed support for free software. They all gathered here and listened to Richard's surging speech.
Because it was a little noisy, Lin Hong originally wanted to find another place to read, but later the librarian came to suggest Richard to another place to give his speech, and the group of people quickly left the library.
Lin Hong looked at Richard's back thoughtfully. He could confirm that the person himself did have a convincing appeal. He guessed that this may also be a manifestation of strong mental strength, which is especially obvious in the face of Richard.
shook his head, and Lin Hong continued to immerse himself in reading books.
He soon put aside the posix standard and began to quickly read several other books about unix and the Internet.
Time passed quickly, and Lin Hong once forgot to have lunch.
After four o'clock in the afternoon, he put the other books back in place, borrowed two volumes of posix Standard, and then went to the rest area and contacted his left hand with a calculator.
......
In the evening, Lin Hong began to officially try to learn to invade.
His basic knowledge has been quite stable, but it lacks sufficient practice.
In addition to reading books, he has also read some hacking knowledge in many technical forums, of which the biggest bbs is the internal bbs of Blue Eagle.
Because he knew Hawkeye, he asked Arthur to help him and opened an account for himself. This account was only used to browse the technical knowledge and documents shared by others, but he never published any posts.
Lin Hong opened the list of server addresses that Kevin sent to him before, found the first address, then switched to the ms-dos interface, and began to analyze the target.
According to the order of intrusion, the first thing to do is to "step on the point", that is, to collect information about the target that needs to be invaded as much as possible. This information can be the whois data of the domain name or all possible information on the website.
For example, through its domain name registration information, you can find the contact's name, address, phone number, email and other information. Through the content on the website, it is also possible to find useful information from some words posted by the administrator, such as the nickname of the other party.
From the descriptions of many hackers, we can know that this step seems simple and has no technology, but in fact it is very important, and sometimes it can often achieve unexpected results.
Lin Hong recorded the information collected.
Lin Hong found a proxy shared on bbs and began to invade through this proxy.
Although it is not safe to say this, he does not intend to do anything in the first place. It is purely for learning, and there is no need to make it too complicated.
Besides, he is not skilled now. Even if he wants to be more complicated, there is nothing he can do.
"Yes, can't my bit messenger be anonymous?"
Lin Hong suddenly came to the inspiration. If he uses the bit messenger as a proxy for network service access, can't he achieve real anonymity?
Network access is also a kind of data flow, which is essentially the same as the message, so the bit messenger can also be used as a proxy.
"Unfortunately, in order to make the Bit messenger safely released, I'm going to learn network intrusion now."
Lin Hong couldn't help feeling a little ironic when he thought of this.
Next, he began to test which services were running on the server, and found that the system running on this server turned out to be unix. Although Lin Hong has never really operated unix, he is already very familiar with it. After all, minix is written in imitation of unix, and Lin Hong has also read a lot of unix books and knows its orders very well.
Since it has been determined that the target system is unix, Lin Hong began to try to use some of the knowledge target systems he has learned to continue detection, trying to find out which services and ports the target host has opened.
He uses manual methods to test common ports one by one.
However, Lin Hong also heard Arthur say that now someone has written tools that can automatically scan ports and services, but it's just heard that no one has shared them on the Internet.
Looking at the information of various target hosts constantly flashing in the interface, Lin Hong has an inexplicable sense of excitement and excitement at this moment. This feeling is like he is in an unknown secret corner, peeping at the information in the house while the master is asleep, and he wants to make a hole in the wall. Go in and have a visit.
Lin Hong somewhat understands why so many people prefer to be a cyber hacker. This feeling of finding the other party's loopholes and invading is really wonderful and addictive.
Because it was the first invasion, Lin Hong's progress was very slow, but he proceeded very well. He remembered what kind of results his every step would produce one by one. There were many superfluous actions, and he would not waste time on the next invasion.
"Port 21 is turned on!"
After several probes, Lin Hong suddenly refreshed.
21 port is usually used as a port for ftp service.
In the unix server, the configuration of ftp server software is very complicated. Generally, only experienced administrators can do this job. If the administrator's technology is not in place, it is likely to retain some default settings, which are very unsafe and are often taken advantage of as a breakthrough to get the management of the whole server.
In Blue Eagle's internal bbs, the most common way to invade is to upgrade permissions through the ftp terminal, because many ftp external services allow anonymous users to access, while anonymous users only have the minimum permissions, that is, to browse the specified directory and download files.
But through specific commands and methods, hackers can upgrade the permissions of anonymous users and even create a new account in it.
So, Lin Hong transferred the ftp software and began to link the target server anonymously.
Connected!
Encouraged by Lin Hong, he began to use the known ftp power-up vulnerability to improve his permissions, so that he could set up his own user in it, and then log in.
What Lin Hong didn't expect was that this ftp server was obviously patched by the server administrator and played thoroughly. He tried several known loopholes that could raise power, and found that these loopholes had been filled.
I tried several other methods again, and the result was still the same.
The ftp service on this server is like an extremely well-defended fortress, solid and watertight.
Lin Hong was not discouraged. He gave up the ftp invasion, and then began to try other completely different ways. He even tried the uncommon remote overflow loopholes. As a result, he still failed. This made him feel a little helpless. Did his first invasion actually encounter Waterloo?
The address of this server was given to him by Kevin. I thought that the address in the first place would be the simplest, but I didn't expect it to be so difficult.
The administrator technology of this server seems to be very good. He seems to know all the methods shared in bbs and plugs up these possible vulnerabilities one by one.
Invasion is a meticulous work that requires great patience. Lin Hong finally has a deeper understanding of what he saw on bbs.
After a short rest, Lin Hong looked back and thought about the whole process. Finally, he decided to use the most commonly used intrusion method of novice hackers - guessing the password - to try again.
The meaning of guessing the password is to guess the password of the administrator or user by luck.
This is the last way Lin Hong wants to use. Although many people have succeeded, Lin Hong always feels that this is not the right way to invade with his own technology.
But now he really has nothing to do, let's try it.
Lin Hong directly used telnet to connect to the unix host, and then used root login to guess the password. The result could be imagined and failed.
Then Lin Hong used the finger command to get some user information.
finger is a utility used to query users in the unix system. The unix system saves the details of each user, including e-mail address, account number, real name in real life, login time, whether there are unread letters, the last time to read e-mail, and messages when going out.
When querying with the finger command, the system will display the above information one by one on the terminal or computer.
And most importantly, there is also such a command under dos.
When Lin Hong queries the ip of the target server according to the finger's syntax and parameters, he immediately listed all the user information in the server.
The contents of the first line are "login name", "name", "terminal name", "login time" and "login ip".
Next is a total of 13 user information displayed in this order.
Lin Hong looked all the way from top to bottom.
"sys", "root", "jimmy", "nsadmin", "bin", "eric"...
“eric?”
After Lin Hong saw this nickname, he suddenly cheered up.
Because when he first stepped on the point, he had collected the same information as this, and the other party's email began with this nickname.
Lin Hong immediately used the information he collected to log in and guess the password of this user. After five attempts, he finally successfully logged in!