At 15:00 sharp, even when the report meeting began, the door in front of the staircase classroom opened and two people came in. One was gentle and looked very cultured, while the other was a fat man with a rich smile and a thermos cup in his hand.
On the front podium, the fat man with the thermos cup smiled even more: "so many students have come today, and I am very touched by your enthusiasm. Thank you for coming here to participate in our lecture meeting to learn about the development of Internet security. You are all aspiring young people with ideals and pursuits and full of thirst for knowledge!"
After a pause, the fat man continued to smile and said, "I think many students come here today to get to know the legendary well-known hacker Cobra,. Then I would like to ask, are there any students here who have heard of Cobra before?" If there is any, please raise your hand! "
The meeting immediately quieted down, and no one raised their hands, which more or less embarrassed the people on the stage.
Hu Yifei made a big move. "I've heard of it. I've heard of it on the forum of Wolf's Nest Base Camp!"
The stage was immediately overjoyed, and it was simply a lucky star to save the country. As soon as he saw Hu Yifei's dress, the fat man thought about it, implying that the people of this computer association really had eyes and cooperated well, and if they held a report meeting later, they would also look for them, "Congratulations to this student, you will get a set of new books autographed by Cobra, along with a set of Internet security tools collected and used by Cobra."
Hu Yifei was overjoyed. Unexpectedly, he raised his hand and got a windfall. The tools used by Cobra should not be low-grade goods spread everywhere on the Internet. At the meeting, many people began to regret it secretly. Some of them had heard of Cobra, but they were just too embarrassed to raise their hands.
"this classmate, please tell me what Cobra looks like as you know it." The fat man on the stage came down and handed the microphone to Hu Yifei.
Hu Yifei thought about it and said, "Cobra is the first generation of hackers in China.
"it's over?"
"it's over!" Hu Yifei nodded for sure.
The other party was stupefied for three seconds, and then changed into that smile. "this student said so well, Deyi Shuangxin, these four words carry a lot of weight!" So do you want to know what this virtuous and artistic Shuangxin looks like? "
This time the meeting was very enthusiastic, and everyone shouted "think", but unfortunately there was no prize.
"now I would like to introduce to you the special guest of today's report meeting, Mr. Huixin, the technical director of the well-known hacker Cobra, Micro Blue Security Technology Company." The fat man leaked loudly and stretched out his big hand and pointed to the gentle man on the stage.
"Hello, students. Thank you for coming to listen to my report!" Cobra said a few words, then made a shallow bow, and when he got up, he took a special look at Hu Yifei. It seemed that the man who had heard of him was interested.
Hu Yifei thought about it there. It turned out that Cobra's name was Huixin. This is the first time I have heard of this surname in the world.
The person with the water cup sat back on the podium and turned on the computer. "everyone must want to know what Cobra, as a well-known hacker, has done, and they must also want to know what kind of development history Chinese hackers are. Don't worry, I have made a special topic for you. After reading this topic, everyone will know!"
The projector cast a title on the screen: "A brief History of Chinese Hacker Development and Chinese Hacker Yearbook." as soon as the lights of the venue dimmed, background music began to play, and the digital ladder classroom built by the University of Science and Technology invested hundreds of thousands of dollars. It worked pretty well.
Hu Yifei has long been exposed to many similar feature articles at the Wolf Wo base camp, and knows the development history of Chinese hackers like the back of his hand, but this is the first time he has seen a feature film in this form. The feature film has a large number of picture materials, which can not be found on the Internet. It gives a clear account of the important events, important figures and groups in every period of the development of Chinese hackers. It makes people feel excited to see it.
The first to appear are "thieves", who introduce excellent foreign software products and disseminate and exchange registration codes in the initial prototype of the Internet in China.
Later, Kevin. The legendary history of Mitnick, a super hacker, was introduced into China and became the idol of many young people on the Internet in China. since then, the word "hacker" has appeared in the Chinese Internet and began to be remembered by people.
Subsequently, Trojan horse programs began to appear, the virus storm continued to expand, and the security prospect of the Internet was bleak. At that time, almost all people on the Internet were busy with antivirus, the most famous of which is the CIH virus, which still makes a lot of people hear about it.
The anti-Chinese incident in Indonesia in 1998 infuriated Chinese hackers and prompted the emergence of the earliest hacker groups in China, who attacked Indonesian government websites, condemned atrocities, and forged the spirit of the first generation of Chinese hackers with the theme of "unity and strength." this group was later known as the Whampoa military Academy in the Chinese hacker community-- the "Green Corps."
Hacker tools developed by Chinese hackers began to appear at this time, the famous Liuguang, tracing snow, random knife, the author of these tools, have a common name, he is called Xiao Rong.
A year later, 1999 was the most brilliant year for Chinese hackers, when the first Sino-US hacker war broke out and the embassy in Yugoslavia was bombed, which escalated the scale of this battle on interconnection.
with the brilliant results of this war, Chinese hackers have since occupied a place in the world security community, and Chinese red guests have taken over the baton of their predecessors.And added a new content to the Chinese hacker spirit, that is patriotism, the second generation of Chinese hackers appeared.
Patriotic Chinese hackers cleaned up the United States, and then cleaned up Taiwan, which dished out the two-state theory. The Chinese hacker software Trojan Glacier showed strong combat effectiveness in this battle, and directly stimulated the emergence of more excellent hacker software later. As a result, Huang Xin, the author of Trojan Horse Glacier, is also well-known.
In the same year, the hacker camp in China began to divide, and the Red guest was one of them. At this time, the "Green Corps" also formally established the "Zoomlion Green League" network security company, taking the step of commercialization.
After entering the new millennium, with the development of the domestic Internet, the threshold for access to the Internet began to be lowered, and the threshold for hackers was lowered accordingly. The emergence of a group of silly hacker tools represented by lone swordsmen began to flood this group. The word hacker continues to appear in the media, with a lot of hype.
The hackers of this period are known as the third-generation hackers, they no longer pay attention to technology, but rely more on off-the-shelf tools, and the clutter of personnel also makes this group become impetuous.
The second Sino-US hacker war after the 2001 Sino-US plane collision incident dealt a blow to this manic group. Chinese hackers failed to continue their glory in this war, which has largely become what the media call a patriotic show.
After the war, with the reflection on the hacker spirit and the influence of the hacker spirit, the hacker community in China continued to divide, and more genres appeared, even if they were in the same camp, they would be deeply divided. Even the "Green Corps", which came out of the same school, was also divided into the "Green League" in Beijing and the "Green League" in Shanghai.
It is precisely because of this extreme differentiation that the era of the hacker alliance is gone, replaced by scattered small groups, which led to the later Chinese hacker group no longer appeared a dominant situation, also no longer appeared like Xu Rongsheng, Chinese hawks, netcc, Yuan elder brother such a strong charismatic leader.
In the feature film, some other special characters are also introduced, such as Jinshan Qiu Baijun and Tencent Ma Huateng, which cause a lot of uproar in the venue. As long as the characters appear in the feature, they will be accompanied by Cobra and their photos.
Hu Yifei opened his eyes wide and did not expect that a person as low-key as Cobra would have such a wide range of contacts in the circle.
After the feature film was broadcast, the venue was silent for a long time. While everyone was excited about the brilliant achievements of the hackers, they were also reflecting and regretting.
"well, that's the end of our special broadcast!" The fat man with the cup laughed again. "after watching the feature film, do you all have the feeling of trying your hand? do you want to be addicted to hackers?"
"Yes!" Someone in the meeting immediately shouted excitedly.
"it's all in vain to think about it!" The fat man laughed. "I can become a hacker by watching a feature film. I don't have great skills!"
The audience also burst out laughing.
"I can't, but the eldest brother Cobra next to me is very good!" As soon as the man pointed to Cobra, "now, we will ask Brother Cobra to demonstrate the attack methods of hackers, so that we can see with our own eyes how horrible the real hackers are!" The fat man deliberately dragged the last word so long that he stirred up the atmosphere at the scene.
Cobra opened the microphone in front of him, blew air, and said, "there are many ways for hackers to attack. Today, I will mainly show you two of them, SQL injection attack and overflow attack. Many students at the scene may not understand it. It doesn't matter. I will give you some explanation."
Cobra opened the computer in front of him, connected the projector, and the big screen of the venue began to show the picture on his computer. Cobra opened a web page and showed that it was a BBS,. "this is a forum. Will you feel very familiar if you take a closer look?" Yes, this is exactly the same as the BBS of your University of Science and Technology, using the same program code! "
Now everyone's interest rose. Hu Yifei also stared at the screen. The forum shown in the screen was indeed very similar to the BBS of the University of Science and Technology, only with a new LOGO.
"this is the Microsoft server operating system used by the BBS, server I set up on the company's standby website. I have made the necessary security settings and installed a firewall and antivirus software. Now I will show you how to use this forum to achieve the purpose of invading and controlling this server!"
Some people at the scene trembled with excitement. Shit, you have to study hard. When you learn to turn around, you will hack the school's BBS, so that your fucking canteen food will run out of oil and water, and you won't pass the exam for me! Today's lecture was not in vain.
"99% of today's websites use databases, and the so-called SQL injection is a hacker means to take advantage of the loophole that websites do not filter submitted data strictly and insert some data query languages when submitting data, so as to get the information they want.
" Cobra gave a brief introduction, but did not expect people to understand that he demonstrated on the computer: "for example, when I visit this page of the forum, I add a SQL judgment sentence at the end of the URL, and the meaning of this code is very simple, that is, to ask whether 1: 1 is correct." The answer must be correct, so as soon as I hit the enter key, everyone will see that the page opens normally. "
"but if I ask if 1x2 is correct, look again, after the URL is submitted, the web page cannot be displayed properly, and the server returns the wrong prompt! Why is that? Because 1room2 itself is wrong, so after the analysis, the server thinks that the URL you submitted is wrong, it will not be displayed. "
"so what do you think of now?" Cobra suddenly asked the people at the scene.
It is normal that there is no answer at the scene. The correct answer shows that the wrong answer is not shown. What does this mean? can it be intrusive if you ask some questions that are equal to one?.
Cobra waited for a while, saw that there was no answer, then smiled and said, "think about it. If the SQL statement I submitted is not asking if 1x1 is correct, but if the forum administrator's account is called Admin, and his password is 12345, what kind of information will the web page tell us?"
Some people immediately understood that Hu Yifei was the first to understand, damn it, this is amazing. If the account of the forum administrator is really Admin, then the web page will be displayed normally. If not, the web page will go wrong. If you go on trying one by one, you can always try out what the administrator's account is and try out his password.
Cobra saw that many people understood and then continued: "of course, this is only the simplest judgment sentence, there are many kinds of SQL statements, there are queries, judgments, additions, deletions, and most importantly, modifications." If you want to understand what SQL injection is all about, you have to learn the SQL language. It's not difficult. The language format is fixed and you can master it in a few hours. "
Hu Yifei was so excited that he could master it in a few hours, and he thought it was very difficult.
Cobra clicked on the forum and said, "as you can see, the administrator account of the forum is indeed called Admin, and the forum list shows that we know his account number and guess his password sooner or later, but it seems to be a waste of time. Should we consider using a modified sentence?" Can we use SQL statement to change his password to 12345 directly? "
Cobra clicked on the forum login, entered the account Admin, and then entered the password 12345. When logging in, the forum prompted that the password was wrong and could not log in. "as you can see, the password for managing the account is not 12345. Now we use the method just now to insert the SQL statement at the back of the URL and change its password to 12345."
Enter a long SQL statement at the end of a URL. As soon as you hit enter, the page displays normally, and Cobra says, "now the page is displayed normally. This tells us that the password has been changed successfully. If it is not successful, it will prompt an error!"
Cobra returned to the login interface, entered the account number and password 12345, this time everyone saw very clearly, unexpectedly successfully logged in, the password has become 12345. This is amazing, but after adding a small piece of code to the usual URL, the administrator's password was changed. If we hadn't seen it with our own eyes, we wouldn't believe it.
The impatient person raised his hand directly, "well, Brother Cobra, can you rewrite the code just now so that I can write it down!" Those who didn't know thought he was studious, but what he knew was that the boy must have no good intentions, and he might have some bad water in his stomach.
Cobra smiled: "it's okay to write it ten times, but this code is not universal. If I can succeed, you may not succeed." Because you also have to understand the database structure of the website, the database structure of different websites is different, and not every website has this kind of loophole. For example, the website of your University of Technology has fixed this loophole three months ago! "
The young man was so shocked that he withdrew into silence.