Title《你安全吗》 Interpretation of the technical aspects

This article only analyzes the technologies involved in film and television dramas, and does not explain the plot in detail. If you are interested, you can check it out. PS: technical analysis is carried out in the plot sequence (1~4) episodes

Foreword

At the beginning of the TV, I showed me the first attack technology, a malicious power bank. It seems that I use a power bank to charge my phone, but during the charging process, I have obtained user information.

Use adb command to obtain photo information on your phone to achieve the implementation principle

This method involves 《利用树莓派监控女盆友手机》 in my previous article. It is actually very simple. It is to use the adb command to obtain the information of the phone. Of course, you can also use the adb command to install the shell.

Difficulty to achieve

Easy, just turn on the phone developers to choose first.

But in reality, the phone developer option is turned off by default. It will not be possible in the case of television.

Information Collection

Collect information based on WeChat Moments

Check the latest updates in the circle of friends by not seeing friends and obtaining relevant information about the other party. In addition, it was speculated that the heroine's husband was in a cheating situation. Cousin suggests

If you don’t need it for work, try to turn off this function in WeChat.

Information collection based on WeChat steps

Through the WeChat steps, can you get what you are doing now? If you just woke up at 8 o'clock in the morning and your friend's steps have reached 5,000 steps, it means that he is very likely to be running and exercising.

Information collection based on phishing links

I have also written similar articles in my cousin's previous article. Through the probe, you can simply obtain the target's IP address, GPS information, photos, recordings, etc. However, as the security performance of the mobile phone improves, there will be pop-up prompts.

Using Baidu Netdisk to backup data

This is often encountered in life. Moreover, after installing Baidu Netdisk, backup address book and other information is enabled by default. You can give it a try! (It is best to replace the avatar too, so that it is real)

Use Didi to share your itinerary

Through the above plan, the protagonist successfully obtained the other party’s mobile phone number and found the relevant account through WeChat. Of course, the computer of the network security expert was poisoned.

Cracking the driver's letter

Of course, the director gave the password here. If it were the complexity of the password in reality, it would probably not be successfully cracked when the drama ended.

Control the Internet cafe network

This should be managed using operation and maintenance apps or mini programs. Not very difficult.

Applications of Social Engineering

Get useful information from the other party by picking up garbage. Therefore, in daily life, if orders such as express delivery and takeaway are not processed, they will cause certain information leakage.

Through the other party’s account information, enumerate other account information, such as Tieba, Weibo, QQ space, to obtain the other party’s relevant personal information.

WiFi Probe

Long before, CCTV 315 exposed cases of WiFi probe stealing user information. The principle is that when the user's mobile phone wireless LAN is turned on, a signal will be sent to the surrounding areas to find the wireless network. Once the probe box discovers this signal, it can quickly identify the user's mobile phone's MAC address, convert it into an IMEI number, and then convert it into a mobile phone number.

Therefore, some companies place this small box in shopping malls, supermarkets, convenience stores, office buildings, etc. and collect personal information without the user's knowledge, even big data personal information such as marriage, education level, and income.

android shell

As can be seen from the video, the very basic msf controls android commands. But it is a bit exaggerated to be able to directly manipulate mobile phone editing.

wifi fishing

Use fluxion for WiFi fishing.

PS(4-8) episodes only analyze the technology in film and television dramas, and the plot and characters are not explained.

Then, in order to obtain data from the fraud group, I sneaked to the computer room to download the server data.

The software used here should use XFTP. This is also a physical attack!

Physical Attack

The so-called physical attack means that an attacker cannot find relevant vulnerabilities at the software level or system. If you cannot win the target for the time being, you will go to the field for investigation and sneak into the target through social engineering and other methods to attack. This kind of attack is the most deadly. Tools used in the network security competition. In the previous shot, it should be to use Owasp to scan the target website for vulnerabilities. To be honest, the page has not moved, I don’t know what I scanned!

After the Owasp scanner entered the second level of protection, the third game should still be the msf interface. Set the msf configuration parameters, but there has been no exploit and I don't know what to wait for.

When the countdown is three minutes, SQLmap injection should have started.

As can be seen from the video, the command used is the use of sqlmap -r 1.txt --batch --level 5 -v current-usersqlmap, which has been mentioned more in previous articles. The above command should be used to obtain the current system user through post injection.

Parameter interpretation:

-r 1. The target request data is stored in txt. Generally, burp is used to catch packets and save them as txt.

-- The user does not need to enter YES or NO during batch execution, and the default value YES prompted by sqlmap will be used to run continuously.

--level risk level, default is 1. When level is 5, many payloads will be tested, and the efficiency will be reduced.

–current-user Gets the current username.

Summary

The network security tools involved in TV series are all common network security knowledge we usually have. The film and television dramas have expanded slightly, but from the perspective of the plot, it is still very good. Especially while popularizing network security knowledge to the public, it closely links topics related to the people such as online water army, online fraud, pig killing, online loans, etc. At the end of the video, some network security knowledge will be popularized to everyone, which is worth recommending!

Reprinted from the article source: https://blog.bbskali.cn/3666.html