Chapter 469 Overflow Vulnerability

Lao Wang is also a technical person and has rich experience. He is more accurate when he is middle-aged. Among the so many people present, Lao Wang only valued Lin Hong more, and only his level was higher than himself.

Lao Wang's personality is relatively restrained, and he rarely takes the initiative to talk to others, but he has an impulse in his heart to meet Lin Hong. This young man is so abrupt. The most important thing is that he is still very young.

Looking at him, Lao Wang even has a kind of faint envy and jealousy. Youth is the biggest capital!

In the face of Lao Wang's inquiry, Lin Hong smiled and did not hide it. He replied, "My brother and I have opened a company specializing in the development of embedded systems."

At this time, Lin Hong noticed that Lao Wang's right leg was a little inconvenient, or deformed. When he walked, he limped.

Seeing Lin Hong's eyes on his right leg, Lao Wang said indifferently, "The disability of polio when I was a child."

Lin Hong nodded slightly.

Polio is also known as polio. In the past, the medical conditions were poor, and children were rarely vaccinated. The proportion of people with this disease is relatively high, and it will leave very serious sequelae. Lao Wang should be one of these people.

"Lao Wang, which company do you work in now?" Lin Hong also asked curiously.

Lao Wang shook his head: "Like you, he also set up a small company specializing in anti-virus software. By the way, this is my business card. Maybe our two companies will have a chance to cooperate in the future.

With

, Lao Wang pulled out a white business card from his pocket.

The business card is very simple. There is no pattern, only the name, contact number and company name are printed. It says "Beijin Dongming High Technology Co., Ltd."

"It's funny. It's called high technology. In fact, the scientific and technological content is not high. It's just that I'm a disabled person. It's not easy to open a company, and the relevant departments take special care of me. Lao Wang's face showed a trace of self-deprecating look.

Naturally, Lin Hong will not express any opinions on this. He put away Lao Wang's business card, put it in his pocket, and said, "After the exercise is over. I'll visit your company. There should be opportunities for cooperation in the future.

"Very welcome!"

Then, they also began to scan and detect the opponent's servers and equipment.

When Lao Wang saw the feedback, he immediately said, "Yes. They also use the UNIX system!"

When Lin Hong heard his words, he also used network command detection to detect from all angles. Lao Wang is right. One of the systems used on one of the devices is OPENBSD. The version of this branch is shorter than FREEBSD, and it was officially launched last year.

However, because this system is based on NETBSD, the progress is also very fast. Version 1.2 was released in July last year, and only three months later, version 2.0 came out.

This system can even be said to pay more attention to security performance.

"It seems that the Blue Army also has masters." Lin Hong nodded, "But it's more interesting to do this!"

"You're right!" Lao Wang was deeply impressed by Lin Hong's words. Meeting opponents is the thing that makes them happy.

Then, they gathered everyone together and rearranged the task. Everyone was responsible for part of the content, and then began to detect each other's goals.

The next thing is very boring, that is, constantly exploring the other party's information. Then analyze it and find loopholes in it.

Lin Hong found that the other party also opened port 80 and opened the APACHE service. It seems that the other party's way of communication is through WEB service.

From this point of view alone, the convenience is a little behind the Red Army.

If APACHE is well configured, although there are few loopholes and relatively safe, there are still loopholes after all. At least Lin Hong has several ways to successfully break through. SOME OF THE VULNERABILITIES HE MASTERED ARE APACHE ITSELF, WHILE OTHERS ARE DEFECTS WITHIN THE PROGRAMMING LANGUAGE.

However, Lin Hong was not in a hurry to do it, but slowly explored to see how many ways could successfully break through, and also estimated the level of the other party.

There are some loopholes that can't be made up if the other party wants to make up. The existence of these loopholes does not mean that the other party's level is not good, but the platform itself exists, such as the loopholes in the router. If you haven't been specially studied, you don't know that you can still

While Lin Hong and Lao Wang were detecting each other, others were not idle.

Some of them, such as Xiao Jiang, continue to increase the defense of his system and configure security strategies, while others, such as Liu Hui, are busy showing themselves. From their private "treasury", they take out "big killers" and start to attack the other party crazily.

The principle of data storm attack, that is, flood attack, is to use the defects of the three handshake protocol to forge a large number of connection requests.

Because these requests for connection are forged and the source address is fake, after the application is sent, the other party's server will always respond to the broadcast to the outside world, asking the applicant to confirm or refuse again. If no one responds again, the server will continue like this, forming a large number of semi-connection states. In this way, the half-connection queue of the port will soon be full, and other valid requests will not be able to be provided.

Therefore, this kind of flood attack is also called a denial-of-service attack.

With Liu Hui's current level of flood attack, it is not very effective for the bandwidth of their servers. Only a distributed denial-of-service attack, that is, DDOS, can have the greatest effect. However, if you want to use DDOS attacks, a large number of machines must be involved.

Of course, it is also good to consume some of the other party's network resources. It can't be said that Liu Hui's attack at this moment is meaningless, at least it also disturbs the other party's sight.

Lin Hong doesn't like data storm attacks very much, because this kind of attack has no technical content and lacks skills, just like fighting with his own brute force to fight with the other party, but less wisdom.

He didn't want to use too shocking secular loopholes, so he decided to start from a normal perspective and set up an overflow attack program against the other party's system. ALTHOUGH HE DOES NOT HAVE MUCH RESEARCH ON OPENBSD, IT IS CERTAIN THAT THERE IS A UNIX SERIES SYSTEM, AND THERE MUST BE SUCH OVERFLOW ATTACK VULNERABILITIES.

This is not determined by the system, but by the programming language.

UNIX series systems are all written in C language, and an important feature of C language is that it is prone to overflow vulnerabilities. This is not a defect in the language, but a result of the laxity of programmers.

There are too many programs in the system, and the code is also thousands of lines. There will always be careless and do not strictly check various memory boundaries, which leaves the attacker with an opportunity to take advantage of.

Lin Hong inquired through the other party's server through specific instructions, obtained the version number of the other party's APACHE, and found that it was not the latest version. He remembered that when he set up the website, he found a spillover vulnerability of APACHE, and did not study it in depth at that time.

He downloaded this version from the FTP of the official website, and then debugged and tracked it directly on his own machine. I tested the overflow vulnerability directly according to my memory, and finally found that the vulnerability has not been fixed so far.

It is very likely that this overflow vulnerability is too small and secretive, which has not attracted the attention of the development team or caused any harm, so it has not been found.

Since there is such a breakthrough, Lin Hong did not think of other ways, but continued to analyze the overflow vulnerability to see if it could execute its own specific overflow program.