【正文】 軟件漏洞分析與利用的研究 摘 要 現(xiàn)如今，網(wǎng)絡(luò)市場(chǎng)上的軟件琳瑯滿目，程序員用自己的程序開發(fā)出自己的軟件，在軟件市場(chǎng)上開拓出自己的一片天空，開發(fā)了滿足不同用戶、不同需求的各種軟件，實(shí)現(xiàn)了各種不同的功能，方便了人們的生活，解決了生活中遇到的難題，讓軟件的自動(dòng)化代替人工的繁瑣，不僅省時(shí)，而且省力，為人類的生產(chǎn)、生活的發(fā)展奠定了堅(jiān)實(shí)的基礎(chǔ)。軟件的設(shè)計(jì)是程序員的心血，但是人類的思維是有限的，時(shí)代的發(fā)展是無(wú)限的，新事物的發(fā)展更是無(wú)限的，軟件就會(huì)暴露出不同的漏洞。黑客們每天精心地進(jìn)行漏洞的挖掘與分析，再對(duì)漏洞進(jìn)行處理以 及漏洞利用，就能夠遠(yuǎn)程的攻擊目標(biāo)主機(jī)，甚至于拿到目標(biāo)主機(jī)的管理員權(quán)限，隨意篡改目標(biāo)主機(jī)的數(shù)據(jù)，造成目標(biāo)主機(jī)的數(shù)據(jù)丟失或操作的錯(cuò)誤。從而給目標(biāo)主機(jī)的操作人員造成巨大的數(shù)據(jù)丟失以及經(jīng)濟(jì)損失。 本設(shè)計(jì)采用 Metasploit軟件結(jié)合 Ruby語(yǔ)言進(jìn)行主要的攻擊工具開發(fā)，使用 IDA pro advanced 進(jìn)行軟件漏洞反編譯，同時(shí)運(yùn)用 OllDbg 進(jìn)行動(dòng)態(tài)調(diào)試分析。論文主要分為兩大部分：一個(gè)是軟件的漏洞分析部分，另一個(gè)是軟件漏洞利用部分。漏洞分析部分主要實(shí)現(xiàn)：對(duì)緩沖區(qū)溢出的棧溢出原理進(jìn)行分析，針對(duì)通用的軟件漏洞，進(jìn)行通 用合理化的漏洞分析；軟件漏洞利用部分主要利用兩個(gè)攻擊實(shí)例，第一個(gè)是針對(duì) ms12_020 漏洞利用，成功入侵主機(jī)，對(duì)主機(jī)進(jìn)行破壞性的藍(lán)屏攻擊。第二個(gè)是針對(duì) ms08_067 漏洞利用，在自由網(wǎng)絡(luò)中，成功攻擊帶有此漏洞的目標(biāo)主機(jī)，查看主機(jī)的 IP，查看主機(jī)的文件目錄，修改文件名稱，在目標(biāo)主機(jī)上添加用戶，并進(jìn)一步提升至管理員權(quán)限 ,開啟后門服務(wù)，登陸遠(yuǎn)程目標(biāo)主機(jī)桌面等。真正成功實(shí)現(xiàn)了漏洞的利用過(guò)程，模擬黑客攻擊的全過(guò)程。 關(guān)鍵詞： 漏洞分析 漏洞利用 提升權(quán)限 文件讀取 遠(yuǎn)程登陸桌面 The Research of both Software Vulnerability Analysis and Exploits ABSTRACT Nowadays, there are all sorts of softwares on the work use its own procedures to develop his own software,to develop their own piece of the sky in the software market,to meet the different users, different needs of various software development, to achieve a variety of different functions, convenience to people39。s life,to solve the problems encountered during life, make automated software to replace manual tape, not only save time, but also saving strength, laid a solid foundation for the development of both the human39。s production and the human39。s software design is the programmer the human mind is limited, the development of the times is infinite, the development of new things are infinite,The software will expose different mining and analyzing the loopholes by the hackers , loopholes can be processed and exploited, hackers can attack the target host without administrator permissions, even get the administration of the target host,tamper the target host data, resulting in the target host data loss or may result in huge data loss and economic loss to the target host operator. This procedure using Metasploit software bined with Ruby language to development the attack module , use the IDA Pro advanced software to depile software vulnerabilities, while use of OllDbg software to dynamic debugging analysis. The design is divided into two parts: one is a part of analysis software vulnerabilities, the other is the part exploit the software of the vulnerability analysis: stack overflow the buffer overflow is analyzed, based on general analysis software vulnerabilities, general rational loopholes。 software vulnerability exploits mainly use two attack instances, the first is for the ms12_020 exploit, successful invasion of host, destructive attacks on the host screen. The second is for the ms08_067 exploit: in the free work, a successful attack with the vulnerability of the target host, the host IP, view the host file directory, change the file name, add a user in the target host, and further increase to administrator privileges, open the back door service, landing on the target host, remote desktop. The successful implementation of the process of real vulnerability, whole process simulation of hacker attack. Key Words: Vulnerability Analysis Exploit Elevated Permissions File Read Remote Desktop 目 錄 第一章 緒論 .................................................................................................................................... 1 軟件漏洞的概述 ................................................................................................................... 1 軟件漏洞的挖掘技術(shù) ........................................................................................................... 1 軟件漏洞的分析原理 ........................................................................................................... 2 漏洞的利用方法 ................................................................................................................... 2 本課題研究的目的與意義 ................................................................................................... 2 本文的組織和結(jié)構(gòu) ............................................................................................................... 3 第二章 滲透測(cè)試與安全漏洞 .................................................................................................... 4 滲透測(cè)試概述 ....................................................................................................................... 4 滲透測(cè)試的起源 ........................................................................................................ 4 滲透測(cè)試的概念與分類 ............................................................................................ 4 滲透測(cè)試的方法體系標(biāo)準(zhǔn) ........................................................................................ 5 PTES 滲透測(cè)試過(guò)程環(huán)節(jié) .......................................................................................... 6 安全漏洞概述 ....................................................................................................................... 7 安全漏洞生命周期 .................................................................................................... 7 安全漏洞披露方式 .................................................................................................... 8 安全漏洞公共資源庫(kù) ................................................................................................ 8 本章小結(jié) ............................................................................................................................... 9 第三章 軟件漏洞棧溢出原理分析 ........................................................................................ 10 二進(jìn)制文件概述 ................................................................................................................. 10 PE 文件格式 ............................................................................................................ 10 虛擬內(nèi)存 .......................................................