Hxai11 2013/08/20 men
Today, I have nothing to do, so I will write an article. I haven’t written an article for a long time. I don’t know whether the technology has declined or why (the technology is not so good anyway).
Must have a lot of people will encounter all sorts of trouble in the process of osmosis, some of these problems can be solved, while others won’t solve, that we may be at an impasse, at this time that a bad effect on the back of the penetration, in fact, the gap between Daniel and we rest is based on technology, penetration, but not limited to the technical area may be a bit confusing the words, Then everyone will say, social engineering, that’s for sure, of course, it is very important to social engineering, from the development of the Internet to now, from the earliest well-known Kevin mitnick to now familiar snowden, they are all more or less use of social engineering, especially Kevin mitnick, they did a social worker or network security techniques come from where, What’s going to help you other than you have some very sophisticated technology, which is philosophy, and why Snowden exposed Prism is because he doesn’t want to live in a world where people are spying, right? All right, let’s move on.
So, what I want to talk about today is how to find the inspiration of infiltration from high IQ movies or books. Some people may ask, what is the relationship between high IQ movies and infiltration invasion? In my opinion, there is no direct relationship between this, but there is an indirect relationship.
First let’s sort out some of the more common penetration techniques
SQL injection 2 XSS cross-site attack (including blind calls) 3 Weak password attack 4 Configuration file leakage (similar to.svn, RAR file,.history) 5 Download any file 6 command execution 7 Phishing attack 8 Social engineering 9 traversalCopy the codeThe only ones I have in mind so far, I mean the common ones, without going into detail.
Okay, let’s take a look at some of the more well-known smart movies
1. Mulholland Drive 2. Shutter Island 3. Horror Cruise 4. The Prestige 5. Inception 6Copy the codeFirst we see the first film, mulholland drive, I think a lot of people have seen that movie, the plot, no correlation between, so that you know the truth until the last, and is the director was taking you out of the truth, actually mulholland drive plot said simple point is a large section of the front is a dream, so that the audience look not to come out, in the end, Actress in a dream, everything is too late, killed same-sex couples, finally his suicide, in fact, in the penetration testing, we would like the film some of the same problems, for example, a web site, you are after a series of detection, found a SQl injection vulnerability, then you begin to SQl injection, but you found that the SQl injection seems to have a problem, How to list the names are garbled errors, hence you tangle on this issue for a long time, for a long time, finally ended in failure, after that, you inadvertently found a backstage, you speculate, absolutely not, absolutely can’t be weak password is so great, but you still take a chance, finally learned that the original into the background has really weak passwords, Test 123456. Sometimes, during an attack, you think you’ve found a fatal vulnerability, and you get stuck on it for so long that you end up with nothing fixed, until you realize that the site was not using SQL injection at all, but something else!
And then there’s the second film, Shutter Island, which you can tell from the title,” Confinement “, must be related to what the imprisoned or closed, that’s right, shutter island of the story is about a detective, beginning from other places to observe the mental patient, on an island because of contact between the disappearance of a pile, but with further investigation of the agents, more and more found himself out of the question, Agent itself is actually on the island of severe mental illness, because want treatment, so that everyone on the island with him, he also slowly found the problem, in the end, agents and another agent, accompanied by his agent (also don’t know is still on the island of doctor) on the steps, most agents cannot recognize myself whether severe mental illness or brainwashed by these people, In the end, the detective chose the first, still thinking he was a serious patient, so he had a lobotomy. Actually this movie tells us that in the penetration testing, there are times when we are too seriously as a result, that cause the failure of your invasion, how to say, for example, you find a site command execution vulnerability, then you started to use tour, when you execute a command, may be on a command also can succeed, but to how to perform this command is not echo, So you start depressed, not ah, just to be able to perform successfully, why not this command, so you struggle for a long time, this is not what you want as a result, then you begin to give up this method invasion, at this time, I feel sad for you, why you don’t want to, this may be executed a success, but the period of delay due to server problems, no echo? This problem really exists. I remember a time when I tried to execute a Struts2 command, threw it into the tool, and started ipconfig execution smoothly, but failed to execute the NET command, which was frustrating and ended up losing
net localgroup administrators hx /add
Copy the codeLater, holding the state of mind to try on the link 3389, not or landed on it, the original is not back to show, in fact, what to say here is, do not care too much about the result, too much about will only let you lose the opportunity, the important is the process, do the process well, naturally can succeed, the results themselves will appear in front of you ~!!
Cruise ships have a look at the third, terror, light look from the name you might think that this is a horror movie, but you are wrong, it is also a high IQ movies, first talk about the film itself, the film itself actually see what all understand, the last film is about a woman, in the sea and a group of friends to play at the same time, the storm, see his own ship quickly flooded, See with the arrival of the ship, and our friends are all very happy, but I do not know this is also a rebirth in the infinite, the cruise ship, find someone to kill a line of them, every friend finally died, only themselves, and vowed to kill the murderer, but found that in the subsequent struggle is killing people is yourself, Then the heroine began to understand what, he was immersed in infinite reincarnation, the only thing that can save himself is not to let the next oneself aboard a ship. Because there are lots of places difficult to speak, first introduced to here, hope everyone is to know well about screenings, in fact, this film is about a truth, tell us, sometimes want to liberation, but not necessarily can relief, actually many times in the same way in the penetration testing, for example, we have collected a lot of information about the site, including social worker class, class, But in the end you suddenly discovered that oneself can’t invasion, had everything looks good, but is not successful invasion, why, in fact, when you’re desperate straits, you’re the direction of the invasion is not what you already know, that is to say, don’t walk according to the information you collect, to change the idea, according to the information before the walk only failure, Maybe you can hack it soon after you change your mind!!
When IT comes to my favorite director’s work, the Prestige, the Prestige is by Christopher. Nolan film (Nolan is niubility, like to like to do all of the high IQ in philosophy) film, the film’s story happened in the Victorian era, the film is about two famous magician, in order to transcend the opposing, began to seek the highest magic skills, this is becoming more and more increase between two people hate, was a disciple of the two people is the same teacher, But because all want to go beyond the other side, A, hope more quick access to the super magic, so to find the special cow force (even if died, now many people still worship him) of nicola tesla, asking him to teach A moment transfer technique, in the beginning, tesla is not willing to teach A this technique (actually finally didn’t also teach), but under A begged, Tesla offers advanced technology, teleportation, creational intelligence! So A began to think that they finally want to surpass B, began to prepare A magic show, then A magic show, are using Tesla’s machine, think that they surpass B, in fact, B itself will also this magic, but the real will, because B has A twin brother, so. You know, but because of jealousy and hatred, A ended up at B’s hands. Bring us the sense of infiltration is the story, in the process of penetration testing, may encounter all sorts of problems, some good solve, some hard to solve, but in this, it is very important, don’t worry, some play penetration, it is carrying on this site, is nasty, one urgent will mess, what a mess do bad, this time, you should keep calm, Step by step analysis, in the end will be able to succeed, the most taboo is to take the station is not hard to take, the last hurt only yourself!
To the inception, the movie is my favorite, no one of the film everyone’s familiar with, not introduced, just tell me about truth, the film tells us that in the penetration testing, you may encounter a lot of similar environment, or a similar case, we may be involved, however, does not perceive the difference between this, so as a result, Invasion of slow, so tell everybody is here, the accumulated knowledge, don’t let similar things slip from your hands, there is a similar problem in the XSS, such as you find a site somewhere can output, so you start test, found in the testing process, web filtering, then suddenly you feel this and once you do, but you can’t remember all the time, In fact, here as long as the structure can be successful, but you always can not remember, I a tragedy, so say, do not be deceived by the environment, in fact, this environment may be the same as you last time, do not be trapped in it!! .
Last, deadly id, the movie, the ending, the killer was a child, really depressed, kids can put the whole of each die, tragedy, drama itself is about a group of people who lived in a remote small hotel, with the passage of time, this group of people, one died, the end of the day, even the hero died, is the most important of these people die, Who all don’t know who killed, the last was a woman and a child, so a few months, and female flowers in your garden, suddenly, the boy and he survived, and killed her, it turns out that all people are killed the boy. The boy has a split personality, two personality is not controlled by him, in fact, the general plot, in addition to the end, Elsewhere, all is so-so, but tell us is the ending, in the process of penetration test, especially in social work, don’t believe in anything not harm, all the information of social workers are suspect, from the domain name registrant information to the BBS of the first picture, all suspect, the suspect will lead you to success invasion of the road, Why do you even need to see the pictures on the forum? Id = 1, this url to jump to really address, that’s a good guess pictures, and why do we need to guess the picture, for a large site, in the beginning there will be a lot of tests, including address bug feedback and the background such as screenshots, we can start from the beginning of the id = 1 to check, which have the information you want, very good! Don’t think it’s impossible, anything is possible during an invasion, and be skeptical! No, you just like the movie, the end of the very sad ~!
The above analysis is finished, many places of invasion have been mentioned, there are also many not mentioned, but also need you to understand from these movies, not to mention movie books and other things did not help invasion, help lies in, you learn from the philosophy of these good movies!!
(All of the above movies can be found online. Here I recommend two high IQ movies to you, Saw series and The Silence of the Lambs, hoping you can get inspiration.)