Nothing technically, just want to explain the status quo to the invaders who want to make money, seem to be invaded to invade online game servers, stolen game server programs or databases. Domestic online game companies should recruit this loss, there is exposed, have no exposure. But the game companies have a very simple, narrow! Of course, not just online game companies. In the past two years, invaders have been happy, and the stealing of various commercial data has almost quickly formed a "circle industry". Whether it is technical or organism, it is not true in the same day. The demand and supply seem to have a perfect combination. Take a look at the public security network supervision departments, the media seems to have reported an incident on certain local public security arrested a hacker. But there seems to have no truly mature cases. It is a small fish, and the big fish is being awkward. If there is no report, there is no report, and there is also a technical issue of the network supervision department. There is also bureaucracy, the public security department releases the so-called "result" and is not tired. If you don't say a long, transfer to the topic. A friend works in a network game enterprise in China, let me help test the security of their game server group. Plus me, I have been bored with my time, I will agree. I downloaded the game client program first, I got the address of several game servers. The game account can also be registered on the Web website, it seems that the WEB website of the game central database can also be. First carefully check the web site, most of which is PHP MySQL. The code is written is not bad, I can't find any breakthroughs. Take a look at MySQL and prohibit remote connections. To view other game servers, all Linux systems are just OpenSSH and Game Server Program Port. Only a web site is 80, and there is nothing to use. It looks safe to do well, but this is a kind of illusion! Then, the next client program was analyzed, and I opened the Sniffer Pro to record all the communication of the client program and the server. Discover that the client program has an automatic update feature, my SNIFF is to download the update file via FTP. But I didn't find this FTP port when I scan all game servers (8888). Look carefully, the original port connection is very long. So the scanner did not find this port. Expendantly from the update process, actually Sniff to a fixed update FTP account. Checked that the FTP server is Proftpd, I didn't use this account to overflow Proftpd. Because this server opened SSH, I took the account to log in to SSH and got a very low license shell. Just like a piece of cloth, one but torn open, just a little bit, the whole cloth will tear open! For a long time in the system, it is finally looking for a TMP directory with permissions. The kernel version was viewed, and the increase of ROOTSHELL was obtained with Kernel Do_Brk (). Didn't go to RKT, because only helping test. Check the system's routing table, found there is an intranet, and finally confirmed is VPN, the original game The connection between the server is through the VPN, the trust check of the firewall is through the IP address of the intranet. External Network Access these servers can only see 22 ports and game service programs ports. On this controlled server, a NMAP was downloaded, scanning other servers, found one of them opened Samba, viewed the version, there is a problem. Overflow and obtained Rootshell. Let's control the two servers so far, I get back the two servers' shadow files, take Jonh, there is no mentally password. It seems that the password is still very good. For a while, on the Samba server, the game server program was discovered. And discover the address of the central database and a database account in the Game.conf file.
I went up and saw it, the database was too large, gave up the idea of DUMP. It seems that there is no need to analyze the game server program, find VUL, go to exp, to tear open other servers but from one of the TABLE named "weihu", discover a background management account and password, this password case interchange Digital plus symbol. I found a background entry on the Web site and used the account obtained in the database to log in. Discover there is an upload function in the background management system, and there is no inspection of the file suffix name. The storage file directory is also under the web directory. Upload a phpshell, execute the command success, and then I got improved authority as the shell of root. It is found that there is also a root on this machine on it, but focusing on editing a file with VI. Didn't find me. But I think of a prank. I put this web website server with SNIFF that monitors TTY entered. Subsequently, the root was played down, and there was not long after it was played. But I immediately caught his password. I use this caught password to log in to other servers, and use root accounts to log in. Feeling that all servers should be directly copied, because the system version and the installed programs are the same. At that, all servers of the game server group have been controlled, including a SMS gateway. Our game time ends. Just because of a small problem, finally leads to the entire server group to be controlled, in fact, this will happen on security issues. Safe, there is no small thing! In fact, this company also has input, hardware firewall, support VPN. But because the small failed in the design of a program automatically updated. Leading everything is done. Then I told me the whole process and listened to him to report a question to their supervisors. If other game companies have been invaded, Lei Tong article said, that is purely coincident, I am not responsible! I want to get the invader who makes money, seems to be invaded to invade online game servers, stole the game server program or database. Domestic online game companies should recruit this loss, there is exposed, have no exposure. But the game companies have a very simple, narrow! Of course, not just online game companies. In the past two years, invaders have been happy, and the stealing of various commercial data has almost quickly formed a "circle industry". Whether it is technical or organism, it is not true in the same day. The demand and supply seem to have a perfect combination. Take a look at the public security network supervision departments, the media seems to have reported an incident on certain local public security arrested a hacker. But there seems to have no truly mature cases. It is a small fish, and the big fish is being awkward. If there is no report, there is no report, and there is also a technical issue of the network supervision department. There is also bureaucracy, the public security department releases the so-called "result" and is not tired. If you don't say a long, transfer to the topic. A friend works in a network game enterprise in China, let me help test the security of their game server group. Plus me, I have been bored with my time, I will agree. I downloaded the game client program first, I got the address of several game servers. The game account can also be registered on the Web website, it seems that the WEB website of the game central database can also be. First carefully check the web site, most of which is PHP MySQL. The code is written is not bad, I can't find any breakthroughs. Take a look at MySQL and prohibit remote connections. To view other game servers, all Linux systems are just OpenSSH and Game Server Program Port. Only a web site is 80, and there is nothing to use. It looks safe to do well, but this is a kind of illusion! Then, the next client program was analyzed, and I opened the Sniffer Pro to record all the communication of the client program and the server.
