Nothing technical, just want to explain the status quo
Now I want to get the invaders who make money, it seems that the invasion of online game servers, stolen the game server programs or databases. Domestic online game companies should recruit this loss, there is exposed, have no exposure. But the game companies have a very simple, narrow! Of course, not just online game companies. In the past two years, invaders have been happy, and the stealing of various commercial data has almost quickly formed a "circle industry". Whether it is technical or organism, it is not true in the same day. The demand and supply seem to have a perfect combination. Take a look at the public security network supervision departments, the media seems to have reported an incident on certain local public security arrested a hacker. But there seems to have no truly mature cases. It is a small fish, and the big fish is being awkward. If there is no report, there is no report, and there is also a technical issue of the network supervision department. There is also bureaucracy, the public security department releases the so-called "result" and is not tired. If you don't say a long, transfer to the topic. A friend works in a network game enterprise in China, let me help test the security of their game server group. Plus me, I have been bored with my time, I will agree. I downloaded the game client program first, I got the address of several game servers. The game account can also be registered on the Web website, it seems that the WEB website of the game central database can also be. First carefully check the web site, most of which is PHP MySQL. The code is written is not bad, I can't find any breakthroughs. Take a look at MySQL and prohibit remote connections. To view other game servers, all Linux systems are just OpenSSH and Game Server Program Port. Only a web site is 80, and there is nothing to use. It looks safe to do well, but this is a kind of illusion! Then, the next client program was analyzed, and I opened the Sniffer Pro to record all the communication of the client program and the server. Discover that the client program has an automatic update feature, my SNIFF is to download the update file via FTP. But I didn't find this FTP port when I scan all game servers (8888). Look carefully, the original port connection is very long. So the scanner did not find this port. Expendantly from the update process, actually Sniff to a fixed update FTP account. Checked that the FTP server is Proftpd, I didn't use this account to overflow Proftpd. Because this server opened SSH, I took the account to log in to SSH and got a very low license shell. Just like a piece of cloth, one but torn open, just a little bit, the whole cloth will tear open! For a long time in the system, it is finally looking for a TMP directory with permissions. The kernel version was viewed, and the increase of ROOTSHELL was obtained with Kernel Do_Brk (). Didn't go to RKT, because only helping test. Check the system's routing table, found there is an intranet, and finally confirmed is VPN, the original game The connection between the server is through the VPN, the trust check of the firewall is through the IP address of the intranet. External Network Access these servers can only see 22 ports and game service programs ports. On this controlled server, a NMAP was downloaded, scanning other servers, found one of them opened Samba, viewed the version, there is a problem. Overflow and obtained Rootshell. Let's control the two servers so far, I get back the two servers' shadow files, take Jonh, there is no mentally password. It seems that the password is still very good. For a while, on the Samba server, the game server program was discovered. And discover the address of the central database and a database account in the Game.conf file.
