èŠ‚ç‚¹æ–‡çŒ®

ç¼“å†²åŒºæº¢å‡ºæ¼æ´žçš„æŒ–æŽ˜ä¸Žåˆ©ç”¨æ–¹æ³•ç ”ç©¶

Research on Detecting and Exploiting Method of Buffer Overflow Vulnerability

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ å½é’ç™½ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ åŽä¸ç§‘æŠ€å¤§å¦ ï¼Œ è®¡ç®—æœºç³»ç»Ÿç»“æž„ï¼Œ 2009ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ éšç€è®¡ç®—æœºåŠç½‘ç»œæŠ€æœ¯çš„é£žé€Ÿå‘å±•,è®¡ç®—æœºç½‘ç»œçŠ¯ç½ªäº‹ä»¶å±‚å‡ºä¸ç©·,æ‰“å‡»è®¡ç®—æœºç½‘ç»œçŠ¯ç½ªæ—¥æ˜¾é‡è¦ã€‚æ¤å¤–,ä¿¡æ¯æˆ˜ä¸å¯é¿å…åœ°ä¼šæˆä¸ºæœªæ¥æ–°çš„ä½œæˆ˜æ–¹å¼ã€‚å› æ¤,ç ”ç©¶æ¼æ´žæŒ–æŽ˜ä¸Žåˆ©ç”¨æŠ€æœ¯,æ— è®ºæ˜¯ä»Žæ‰“å‡»è®¡ç®—æœºç½‘ç»œçŠ¯ç½ªè¿˜æ˜¯ä»Žä¿¡æ¯å¯¹æŠ—æ¥è¯´éƒ½å…·æœ‰é‡è¦çš„ç†è®ºæ„ä¹‰å’Œå®žç”¨ä»·å€¼ã€‚åˆ†æžäº†ç›®å‰ä¸¤ç§ä¸»æµçš„æ¼æ´žæŒ–æŽ˜æ–¹æ³•,è¯´æ˜Žäº†è¿™äº›æ–¹æ³•è¿›è¡Œæ¼æ´žæŒ–æŽ˜çš„æŠ€æœ¯æ€è·¯,æ€»ç»“äº†å„è‡ªä¼˜ç¼ºç‚¹,åœ¨æ¤åŸºç¡€ä¸Šç»™å‡ºäº†æ¼æ´žåˆ†æžçš„åŸºæœ¬æ¥éª¤ã€‚å›´ç»•æ¼æ´žåˆ©ç”¨æŠ€æœ¯çš„å‘å±•,åˆ†æžäº†æ ˆæº¢å‡ºå’Œå †æº¢å‡ºçš„åŸºæœ¬åŽŸç†å’Œåˆ©ç”¨æŠ€å·§ã€‚åœ¨æ€»ç»“ä¼ ç»Ÿæ¼æ´žæŒ–æŽ˜æ–¹æ³•ä¸è¶³çš„åŸºç¡€ä¸Š,æŽ¢ç´¢æ€§åœ°ç»™å‡ºäº†ä¸€ç§åŸºäºŽé€†å‘å·¥ç¨‹å’ŒFuzzingæµ‹è¯•çš„æ¼æ´žæŒ–æŽ˜æ–¹æ³•,é˜è¿°äº†è¯¥æ–¹æ³•çš„æŒ‡å¯¼æ€æƒ³å’ŒæŠ€æœ¯æ€è·¯ã€‚åŸºäºŽæ‰€æå‡ºçš„æ¼æ´žæŒ–æŽ˜æ–¹æ³•,å›´ç»•è¶…æ˜Ÿé˜…è§ˆå™¨å˜åœ¨çš„ä¸€ä¸ª0dayå®‰å…¨æ¼æ´ž,è¯´æ˜Žäº†è¯¥æ¼æ´žçš„è¯¦ç»†æŒ–æŽ˜è¿‡ç¨‹,ç»™å‡ºäº†è¯¥æ¼æ´žçš„å½¢æˆåŽŸå› ã€‚é’ˆå¯¹æ‰€æŒ–æŽ˜å‡ºçš„è¶…æ˜Ÿé˜…è§ˆå™¨çš„æ¼æ´ž,æŽ¢è®¨äº†åˆ©ç”¨è¯¥æ¼æ´žçš„å¯è¡Œæ€§,ç»™å‡ºäº†æ¼æ´žåˆ©ç”¨ç¨‹åºçš„è®¾è®¡åŽŸåˆ™å’Œè®¾è®¡æ€æƒ³,è®¾è®¡äº†ç›¸åº”çš„æ¼æ´žåˆ©ç”¨ç¨‹åºã€‚å›´ç»•æ¼æ´žåˆ©ç”¨ç¨‹åºå®žçŽ°ä¸æ¶‰åŠåˆ°çš„å…³é”®æŠ€æœ¯,é‡ç‚¹è¯´æ˜Žäº†Shellcodeç¼–å†™çš„è¦ç‚¹,åŒ…æ‹¬è¿”å›žåœ°å€çš„å®šä½ã€API(Application Programming Interface)å‡½æ•°è°ƒç”¨åœ°å€çš„åŠ¨æ€å®šä½ä»¥åŠå¯¹Shellcodeçš„å®‰å…¨ä¿æŠ¤æŽªæ–½ã€‚å®žé™…è¿è¡Œç»“æžœè¡¨æ˜Ž,åŸºäºŽé€†å‘å·¥ç¨‹å’ŒFuzzingæµ‹è¯•çš„æ¼æ´žæŒ–æŽ˜æ–¹æ³•æ˜¯ä¸€ç§å…¼é¡¾äº†è‡ªåŠ¨åŒ–å’Œç›®çš„æ€§çš„æ¼æ´žæŒ–æŽ˜æ–¹æ³•,èƒ½æœ‰æ•ˆåœ°æŒ–æŽ˜å‡ºæŸäº›æœªçŸ¥æ¼æ´žã€‚è€Œé¢å‘SSR(Super Star Reader)æ¼æ´žçš„åˆ©ç”¨ç¨‹åºé™¤å…·æœ‰è¾ƒå¼ºçš„é€šç”¨æ€§å’Œç¨³å®šæ€§å¤–,è¿˜èƒ½åœ¨å¤šä¸ªæ“ä½œç³»ç»Ÿä¸è¿è¡Œ,å¹¶èƒ½æˆåŠŸé¿å…ä¸»æµåç—…æ¯’è½¯ä»¶çš„ç›‘æŽ§å’ŒæŸ¥æ€,å…·æœ‰ä¸€å®šçš„å®žç”¨ä»·å€¼ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ With the rapid development of computer and network technology, cyber-crimes are emerging in an endless stream, hence, it has being increasingly important to crack down cyber-crimes. Besides, information warfare will inevitably become a new way of warfare in future. Therefore, the research of vulnerability detecting and exploiting technologies is very significative for both beating cyber-crimes and information antagonizing.Based on the analysis of two existing mainstream vulnerability detecting methods, the technical characteristics of the methods are described, their advantages and disadvantages are summarized, and the basic process of vulnerability analyzing is illustrated as well. And then, referring to the development of exploiting technology, the basic principle and exploiting skills of stack overflow and heap overflow, which are the mainstream exploiting technologies are discussed. At analyzing the weak points of traditional methods of vulnerability detecting, an approach of vulnerability detecting based on reverse engineering and Fuzzing test is exploratory proposed in this paper, and the guiding ideologies and technical ideas of this approach are also discussed. Moreover, based on the approach proposed before, the detecting process is described and the cause of the 0day vulnerability from Super Star Reader is presented.For the given 0day vulnerability which is detected before, the feasibility of exploiting the 0day vulnerability is discussed, the design principles and ideas of the vulnerability exploiting program are given out, and the relevant program is designed. Concerning the key technologies involved in the realization of the vulnerability exploiting program, the key points how to write Shellcode are discussed in this paper, including the location of the return address, the dynamic positioning of the call addresses of Application Programming Interfaces and the security measures for the Shellcode.The experiment results conclude that the detecting method based on reverse engineering and Fuzzing test gives attention to both automation and purposiveness, and it can detect some unknown vulnerabilities effectively. While, besides its universal property and stability, the practical exploiting program for the 0day vulnerability can run on several operating systems, and avoid the monitoring and killing by antivirus software successfully.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ æ¼æ´žæŒ–æŽ˜ï¼› æ¼æ´žåˆ†æžï¼› æ¼æ´žåˆ©ç”¨ï¼› é€†å‘å·¥ç¨‹ï¼› æ¨¡ç³Šæµ‹è¯•ï¼› ç¼“å†²åŒºæº¢å‡ºï¼›
ã€Key wordsã€‘ vulnerability detectingï¼› vulnerability analyzingï¼› vulnerability exploitingï¼› reverse engineeringï¼› Fuzzing testï¼› buffer overflowï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ åŽä¸ç§‘æŠ€å¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘3
ã€ä¸‹è½½é¢‘æ¬¡ã€‘155

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

ç¼“å†²åŒºæº¢å‡ºæ¼æ´žçš„æŒ–æŽ˜ä¸Žåˆ©ç”¨æ–¹æ³•ç ”ç©¶

Research on Detecting and Exploiting Method of Buffer Overflow Vulnerability

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

ç¼“å†²åŒºæº¢å‡ºæ¼æ´žçš„æŒ–æŽ˜ä¸Žåˆ©ç”¨æ–¹æ³•ç ”ç©¶