I accidentally clicked a link, it's over!

Hello everyone, this is Jay Chou.

Basically everyone will receive information security education when they come into contact with the Internet: you can't click on the links sent by strangers casually, be careful of poisoning!

Then why can't you order it casually, and what might happen if you order it? For most people who are not in the security industry or those who have just entered the security industry, they may not have a clear understanding of this.

Some links may be phishing websites after they are clicked, pretending to be a normal page, allowing you to enter account and password information, so that the creator of the phishing website can get your account information. If you don’t enter information after opening this type of phishing link, the problem is not big.

But there are some links that are more dangerous, and you can’t even click on them. Once clicked, they may be implanted with viruses, Trojan horses, mining programs, ransomware, and computers or mobile phones will become other people’s broilers.

Today I’ll talk to you about these more dangerous links: clicking on a link will cause the computer or mobile phone to be controlled by a hacker. Is this true? If it’s true, how did he do it?

How did the link open

First of all, to clarify a question, when we click on a link, what program is responsible for opening it?

In the past, under normal circumstances, it was opened by the browser installed on the computer.

But in the past few years, many applications will have a built-in browser, instead of using the system-installed browser, they will open it with their own embedded browser.

Such as QQ, WeChat, Dingding, Weibo, Mail APP, etc., they all have their own embedded browsers.

The reason for this is actually not difficult to understand: for traffic!

But in the end, regardless of the system or APP embedded, the link was opened in the browser.

And when it comes to browsers, don’t look at the various domestic browsers, but the mainstream kernels are just a few:

IE、Chroium、Webkit···

The moment these malicious links are opened through the browser, the danger has just begun.

Vulnerability attack

The browser can display the webpages we can see is inseparable from the two most important engines in its core: HTML rendering engine and JavaScript execution engine.

The former is responsible for rendering the webpages we see according to the HTML webpage content layout, and the latter is responsible for executing the JS code in the webpages to realize the dynamic interaction of the webpages.

JavaScript is a scripting language that interprets and executes. It is this JS execution engine that is responsible for interpreting and executing it.

Imagine that there is a bug in the code of the JS execution engine, and malicious people use this bug to write a special JavaScript code to trigger the execution engine bug, which can cause the browser to crash, or execute malicious code, and control it. Host.

In fact, this is the usual method of exploiting browser vulnerabilities.

The browser with the largest market share is the most vulnerable to attacks. Before 2015, IE was the world, when IE was the most vulnerable browser. After 2015, Chrome has suddenly emerged and has become the main target of hackers today.

In addition to JavaScript, Internet Explorer can also execute VBScript. In addition to web scripts, the browser may also introduce some external plug-ins when working, such as ActiveX and Flash, which are also the favorite targets of hackers.

As for vulnerabilities, there are many different methods:

From the early stack overflow and heap overflow, to the later heap spray, ROP, array out of bounds, UAF and other moves.

Of course, browsers and operating systems are not vegetarian. With the development of attack methods, security defense methods are also added layer by layer, from stack protection GS, address space randomization ASLR, to data execution protection DEP, control flow protection CFG, and more The browser sandbox defense greatly increases the difficulty of exploiting vulnerabilities.

Classic loopholes

Next, take a look at some classic vulnerabilities in the history of browser attack and defense.

CVE-2014-6332

This is an OLE remote code execution vulnerability of IE browser. OLE (Object Linking and Embedding) is a technology that allows applications to share data and functions. Remote attackers use this vulnerability to execute arbitrary code through constructed websites. Users use the Internet. Explorer browser allows remote code execution when viewing this website.

Moreover, this vulnerability can bypass the sandbox protection, which is extremely harmful. To put it bluntly, if you click on a URL that contains this vulnerability, your computer may be controlled by the other party.

CVE-2014-0322

This is also an IE browser vulnerability. This vulnerability is a UAF (Use After Free) vulnerability, which refers to the released memory, combined with flash to achieve a breakthrough in the defense mechanism, and to execute the attacker's arbitrary code, which is equally harmful.

CVE-2021-21220

This is a vulnerability in the Chrome browser. It just broke out this year. It also bypassed the browser’s security mechanism through a series of ingenious methods to achieve remote code execution, which can be used to control the host.

You can find the POC code of these vulnerabilities on GitHub to test and verify it, but it is only for learning technical purposes. Don't use it to do bad things and send it to others.

For ordinary people, don't click on links of unknown origin. If you really want to click, click in a safe environment (such as in a virtual machine), and patch your browser and system in time.

So, now you know why not just click on links from unknown sources, right?

Oh, by the way, here is a link, who can help me click:

https://shimowendang.com/docs/TdpXTY6H9J8jygd8/read