By HireHackking in HACKER
· 1 view
This article only analyzes the technologies involved in film and television dramas, and does not explain the plot in detail. If you are interested, you can check it out. PS: Technical analysis is carried out in the plot order (1~4) episodes
At the beginning of the TV, I showed me the first attack technology, a malicious power bank. It seems that I use a power bank to charge my phone, but during the charging process, I have obtained user information.http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/1_20220915125414.png
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/2_20220915125944.png
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/3_20220915130038.png
Implementation principle This method involves 《利用树莓派监控女盆友手机》 in my previous article. It is actually very simple. It is to use the adb command to obtain the information of the phone. Of course, you can also use the adb command to install the shell.
It is easy to implement, just turn on the mobile phone developers to choose first.
But in reality, the phone developer option is turned off by default. It will not be possible in the case of television.
Information Collection
Collect information based on WeChat Moments
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/4_20220915130543.png
Ten things you can see from non-friends in the circle of friends. Check the latest updates in the circle of friends and get relevant information from the other party. In addition, it was speculated that the heroine's husband was in a cheating situation.
My cousin suggests that it is not necessary for work, so try to turn off this function in WeChat.
Information collection based on WeChat steps
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/5_20220915131352.png
Through the WeChat steps, can you get what you are doing now? If you just woke up at 8 o'clock in the morning and your friend's steps have reached 5,000 steps, it means that he is very likely to be running and exercising.
Information collection based on phishing links
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/6_20220915131541.png
I have also written similar articles in my cousin's previous article. Through the probe, you can simply obtain the target's IP address, GPS information, photos, recordings, etc. However, as the security performance of the mobile phone improves, there will be pop-up prompts.
Using Baidu Netdisk to backup data
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/7_20220915131932.png
This is often encountered in life. Moreover, after installing Baidu Netdisk, backup address book and other information is enabled by default. You can give it a try! (It is best to replace the avatar too, so that it will be true)
Use Didi to share your itinerary
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/8_20220915132245.png
Through the above plan, the protagonist successfully obtained the other party’s mobile phone number and found the relevant account through WeChat.
Of course, the computer of the network security expert was poisoned.http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/11_20220915132907.png
Cracking the driver's letter
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/14_20220915134645.png
Of course, the director gave the password here. If it were the complexity of the password in reality, it would probably not be successfully cracked when the drama ended.
Control the Internet cafe network
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/15_20220915140409.png
This should be managed using operation and maintenance apps or mini programs. Not very difficult.
Applications of Social Engineering
Get useful information from the other party by picking up garbage. Therefore, in daily life, if orders such as express delivery and takeaway are not processed, they will cause certain information leakage.
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/16_20220915141013.png
Through the other party’s account information, enumerate other account information, such as Tieba, Weibo, QQ space, to obtain the other party’s relevant personal information.
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/17_20220915141642.png
WiFi Probe
Long before, CCTV 315 exposed cases of WiFi probe stealing user information. The principle is that when the user's mobile phone wireless LAN is turned on, a signal will be sent to the surrounding areas to find the wireless network. Once the probe box discovers this signal, it can quickly identify the user's mobile phone's MAC address, convert it into an IMEI number, and then convert it into a mobile phone number.
Therefore, some companies place this small box in shopping malls, supermarkets, convenience stores, office buildings, etc. and collect personal information without the user's knowledge, even big data personal information such as marriage, education level, and income.
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/18_20220915150519.png
android shell
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/21_20220915151414.png
As can be seen from the video, the very basic msf controls android commands. But it is a bit exaggerated to be able to directly manipulate mobile phone editing.
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/22_20220915151649.png
wifi fishing
Use fluxion for WiFi fishing.
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/23_20220915154038.png
PS (4-8) episodes, only analyze the technology in film and television dramas, and the plot and characters are not explained.
Then, in order to obtain data from the fraud group, I sneaked to the computer room to download the server data.http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/1_20220916135536.gif
The software used here should use XFTP. This is also a physical attack!
Physical Attack
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/R-C_20220916160749.jpg
The so-called physical attack means that an attacker cannot find relevant vulnerabilities at the software level or system. If you cannot win the target for the time being, you will go to the field for investigation and sneak into the target through social engineering and other methods to attack. This kind of attack is the most deadly.http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/2_20220916141442.gif
Tools used in the network security competition. In the previous shot, it should be to use Owasp to scan the target website for vulnerabilities. To be honest, the page has not moved, I don’t know what I have scanned!http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/111_20220916142109.png
After entering the second level of protection, the third game should still be the msf interface. Set the msf configuration parameters, but there has been no exploit and I don't know what to wait for.
http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/123_20220916142440.png
When the countdown is three minutes, SQLmap injection should have started.http://xiaoyaozi666.oss-cn-beijing.aliyuncs.com/145_20220916142633.png
As can be seen from the video, the command used is
The use of sqlmap -r 1.txt --batch --level 5 -v current-usersqlmap has been mentioned more in previous articles. The above command should be used to obtain the current system user through post injection.
Parameter interpretation: -r 1.txt The target request data is stored in txt. Generally, burp is used to capture packets and save them as txt.
-- The user does not need to enter YES or NO during the execution process, and the default value YES prompted by sqlmap will be used to run continuously.
--level risk level, default is 1. When level is 5, many payloads will be tested, and the efficiency will be reduced.
–current-user Gets the current username.
Summary
The network security tools involved in TV series are all common network security knowledge we usually have. The film and television dramas have expanded slightly, but from the perspective of the plot, it is still very good. Especially while popularizing network security knowledge to the public, it closely links topics related to the people such as online water army, online fraud, pig killing, online loans, etc. At the end of the video, some network security knowledge will be popularized to everyone, which is worth recommending!
Recommended Comments