Chapter 470 Chess Meets the Enemy
Overflow, as the name implies, that is, the container is full and the thing runs out of it.
In the computer field, overflow usually refers to the "stack" structure overflow in memory. "Stack" is a data structure similar to that of a bottle in memory, in which various variables and instructions are saved according to the "first-in-out" rule.
Normal code, when the stack is full, will be judged and then processed accordingly. It will not continue to press the data into it after it is full, but will stop pressing in, or empty the data in the stack, and then continue to press in.
And many programmers often ignore this step when writing programs, or forget to check this step.
Everyone knows the harm of overflow, but there are still many such examples. The reason is that this process is carried out automatically by programming functions, such as C language. As long as the programmer writes a function by himself, there will definitely be a "stack" structure, and the variables and numbers in this function Press all of them into this stack, and then pop up step by step according to the order of execution.
Thefunction is bound to be used in the program and is used a lot. That is to say, the structure of the stack is also visible everywhere. However, if the boundary conditions in it are not strictly checked, it is likely to cause overflow vulnerabilities, especially some functions involving the operation of core data.
Lin Hong's use of this vulnerability is simply handy. When he cracked the calculator of Texas Instruments, he used the buffer overflow cracking, successfully overflowing a buffer of the calculator, and then executing his cracking code.
And this time, what he wants to do is the same. Now that he has found the possibility of such overflow, the next thing he has to do is to find a way to insert his own code in it and then execute his unauthorized code through overflow.
This way. It's a bit like constantly pressing things into a bottle, and then when the other party is full, connect a curved tube at the mouth of the bottle and guide the data flow through your own pipe. Then bring the data stream back into the bottle.
LINX has an advantage. Many things can be installed in the form of plug-ins. In order to make APACHE run, Lin Hong directly mounts the UNIX-compatible file system, then installs the same version of APACHE as the Blues locally, and then uses the debugging tool to enter Line tracking and debugging.
This is a detailed work, seen from the debugging tool. They are all hexadecimal machine codes. If you want to understand the key code, you must be quite familiar with assembly and machine code.
Lin Hong debugged this overflow vulnerability in a targeted manner. Relatively speaking, the progress is still very fast, and he is close to the result he wants step by step.
When Lin Hong was debugging the code, others were not idle.
Liu Hui continued to carry out flood attacks on Blue Army targets. He not only installed this software on his own machine, but also installed it for several other machines running Windows systems. Increase the strength of the attack.
Unfortunately, his method is too simple. Continue to use the same machine to attack. It is easy for the other party to add his IP to the filter blacklist and respond to all his forged requests. In this way, all he can do is useless work.
Moreover, Lin Hong roughly understood the software he used. His big data flood attack is really too primitive. Such a little machine attack is definitely not effective.
If you really want to achieve the effect of making the other party refuse service, you must use DDOS. That is, a distributed denial-of-service attack, using hundreds of machines to bomb the target at the same time, so that the other party cannot identify the correct IP source, so that it can have some effect.
In addition, there are actually many kinds of flood attacks. The one used by Liu Hui is the most basic and simplest one. It is a simple SYN flood, that is, it is a false application when shaking hands for the first time, and there is no valid source address.
This situation is a bit similar. Suddenly, a person called and hung up. When the server called back, he found that the other party's phone number did not exist at all.
However, the brain on the server side was not very smart, or the people involved with him did not consider this for the time being, so he really thought that someone called him, so he took the phone and waited for the other party to answer. And he can only answer a certain number of calls at the same time. When there are so many people, all his calls are picked up, and others can't call in, which is equivalent to his refusal of service.
The function implemented by Liu Hui's software is the process of forging phone calls.
This principle is correct, but it is not suitable for use in this current situation. It is just a few phone numbers. As long as the server administrator tells him that these numbers are fake, leave him alone, and the denial of service can be avoided.
Liu Hui himself should know this situation, but he can't do anything about it. What he can do is limited. Most of the systems used by the other party are non-WINDOWS series. He has no place to use it at all. He can only highlight his existence and importance in this way.
Xiao Jiang has also configured his own system. He is now starting to carry out the task assigned to him by Captain Qian to draw the network topology of the Blue Army, so that everyone can have a reference.
The network topology is actually the connection method of the computer. Let's see if the other party's computer is a star connection, a ring, or a cross connection.
Each computer can be regarded as a point, and the network cable in the middle is a connected line segment, so that the whole structure is abstracted to form the topology of the network.
If you want to explore this structure, you can check it on the spot, and of course it can also be achieved by technical means.
The principle is to track the node path of data flow. Through the returned data, the whole structure can be inferred.
By scanning the surviving machine on the network, you can know the other party's IP. If you want to know how many nodes have passed between the other party's machine and yourself, you can use the specific network commands in the system.
For example, under the UNIX system, you can directly explore the path of yourself and the target machine by using the Traceroute command directly.
Through these feedback information, it is easy to draw the topology of the entire network.
However, if it is manual, the process is a little complicated. Fortunately, there are many people and it is convenient to do.
What is Lao Wang doing at this moment?
He scanned the other party's machine for a while and found no exploitable loopholes. The normal means didn't work, so he wanted to do something special. His old job is to study viruses, so he naturally wants to think about it.
It must be unrealistic for two people to write a virus at the last minute. The virus can't be made casually. There are too many things involved, and sometimes it depends on luck and talent.
What he thought was to modify a worm virus he had studied before, and then find an opportunity to secretly plant it for the other party to get the other party's combat intelligence in this way.
Thinking like this, Lao Wang said to Lin Hong, "They are really well guarded, and there is no chance to take advantage of it. How are you doing here? Is there any way?"
Lin Hong said truthfully: "They are using APACHE, but not the latest version. I found an overflow vulnerability, and now I am studying how to make good use of this vulnerability."
"Oh?" Lao Wang's eyes lit up when he heard the words, "If I can do it... I'm going to change a worm I studied before."
"That's a good idea." Lin Hong smiled and said, "It should be soon. I'm almost debugged."
After Lin Hong and Lao Wang discussed, the two continued to start their own work.
Time goes by little by little.
The Red Army has nothing to do with the Blue Army for the time being, and so is the Blue Army.
"How's it going? Did you find the other party's server?" Li Yushan came to Ding Huahui's side and asked.
"I found it!" Ding Huahui said with a sigh of relief, "The other party is really cunning. He must have used a program to disguise the response. I have ignored this machine several times."
The people of the Blue Army Information Confrontation Brigade did not find the IP address of the other party's server for a long time. At the beginning, they thought that the other party had violated the regulations and did not connect the server to the network.
But strangely, the director's department did not prompt that the other party had violated the rules. This shows that the other party must have used some means to hide the server.
Therefore, Li Yushan asked his disciple Ding Huahui to personally investigate. After careful analysis, Ding Huahui was finally found abnormal by him and successfully identified the other party's server.
Ding Huahui continued: "According to the information I found, their system should be FREEBSD."
"It seems that the other party also has masters!" Li Yushan said unexpectedly.
This is not in line with the information they have before.
According to the information provided by the Blue Army's intelligence department, it is said that the other party should not have any master, but just invited a few miscellaneous troops from the locality to help. Compared with them, I don't know.
Now it seems that the situation is different.
"It's really a master." Ding Huahui nodded, "Their server has opened port 80, but the login requires IP verification, and this verification is not based on the WEB program, but on packet IP verification, and there are very few services, which can be said to be solid."
Ding Huahui means that he has no way to take this server at all. Except for port 80, all other ports have been closed, but this port 80 is still based on packet IP authentication. Even if it is a fake IP entry, you have to enter the user name and password. It is even more difficult to make a successful breakthrough.