信息安全技术2课件

信息安全技术3/23/20231近现代黑客历史3/23/20232近现代黑客历史史前:1875-19691870’s:贝尔电话网络公司的接线生第一、二次世界大战期间:Enigma/Turing…1962:MIT分时系统（TSS）的诞生…RichardStallman:自由软件的创始人…Hackingreferstospiritsoffuninwhichweweredevelopingsoftware3/23/20233近现代黑客历史黄金时代:1980-1985PCs开始大规模进入北美和欧洲的普通家庭与企事业机构…好莱坞的电影：“WarGame”ARPANET的出现…3/23/20235近现代黑客历史计算机犯罪行为:1985-1990美国政府的“计算机欺诈与滥用法案”…与“老一代”黑客不同，新新一代并不关心软件“嬉戏”的愉悦或自由言论或自由通信的追求，而是更加关心如何能够通过这些新技术盈利…Nov.1988,RobertMorrisJr.3/23/20236近现代黑客历史世风日下:1990KevinMitnick：第一个上了美国联邦调查局追逃名单的黑客…黑客作为一种文化现象开始出现…3/23/20237缓冲区溢出攻击3/23/20239BOF的历史VonNeumann’s体系结构…AlephOne:“SmashingTheStackForFunandProfit”,Phrack49(1989)CERT/CC年度报告(1997年之前尚无缓冲区溢出攻击的案例）3/23/202310CERT/CC年度报告1997年度报告:28个漏洞中有8个缓冲区溢出的漏洞MIMEconversionbufferoverflowinsendmailversionsin8.8.3and8.8.4BufferoverflowinlibrariesusingNaturalLanguageService(NLS)BufferoverflowvulnerabilityinXtlibraryBufferoverflowprobleminxlockBufferoverflowinsuidperlBufferoverflowinat(1)programBufferoverflowproblemsinSGIIRISsystemsBufferoverflowprobleminrdist28.5%3/23/202311OverflowsIISBufferOverflowBufferOverflowVulnerabilityinCalendarManagerServiceDaemon,rpc.cmsdBufferOverflowinamdBufferOverflowsinSSHdaemonandRSAREF2LibraryBufferOverflowinSunSolsticeAdminSuiteDaemonsadmindSystemsCompromisedThroughaVulnerabilityinam-utils43.7%1999年度报告:16个漏洞中有7个缓冲区溢出的漏洞CERT/CC年度报告3/23/202313MultipleBufferOverflowsinKerberosAuthenticatedServicesMITKerberosVulnerabletoDenial-of-ServiceAttacks9%2000年度报告:22个漏洞中有2个缓冲区溢出的漏洞CERT/CC年度报告3/23/202314BufferOverflowVulnerabilityinMicrosoftIIS5.0BufferOverflowInIISIndexingServiceDLLBufferOverflowinSunSolarisin.lpdPrintDaemonOracle8icontainsbufferoverflowinTNSlistener"CodeRed"WormExploitingBufferOverflowInIISIndexingServiceBufferOverflowintelnetdContinuedThreatofthe"CodeRed"WormBufferOverflowinGauntletFirewallallowsintruderstoexecutearbitrarycodeOracle9iASWebCachevulnerabletobufferoverflowBufferOverflowinCDESubprocessControlServiceBufferOverflowinSystemV(UNIX)DerivedLoginBufferOverflowinUPnPServiceonMicrosoftWindows35.1%2001年度报告:37个漏洞中有13个缓冲区溢出的漏洞CERT/CC年度报告3/23/202315BufferOverflowsinISCDHCPDMiniresLibraryBufferOverflowinWindowsLocatorServiceRemoteBufferOverflowinSendmailBufferOverflowinCoreMicrosoftWindowsDLLIntegeroverflowinSunRPCXDRlibraryroutinesBufferOverflowinSendmailBufferOverflowinMicrosoftWindowsHTMLConversionLibraryBufferOverflowinMicrosoftRPCRPCSSVulnerabilitiesinMicrosoftWindowsBufferOverflowinWindowsWorkstationService35.7%2003年度报告:28个漏洞中有10个缓冲区溢出的漏洞CERT/CC年度报告3/23/2023172004AnnualReport:“Heavenhelpusifwestillhavebufferoverflowinoursoftwarein20years!”

--TomLongstaff,R&Dmanager,CERT/CCCERT/CC年度报告3/23/202318CERT/CC关于缓冲区溢出漏洞的分析28.5%199738.4%199843.7%19999%200035.1%200135.1%200235.7%20033/23/202319实验二：用GDB生成汇编进入gdb调试工具环境运行被调试程序生成main函数的汇编3/23/202321实验二：栈的变化push%ebpmov%esp,%ebpsub$0x18,%espsub$0x8,%esppush$0x8049478lea0xffffffe8(%ebp),%eaxpush%eaxcall0x80483ec<helloworld>add$0x10,%espleaveret···eip:0x80483d0

espebp

ebp8个字节（16字节对齐）16字节smallfuff[16]8个字节（为下一个对齐）*largebuff12345123451234512345===ABCDeaxeaxeip:0x80483ecpush%ebpmov%esp,%ebppop%ebpretebp

main函数的栈

3/23/202322一些“危险”的C函数strcpy(char*dest,constchar*src)strcat(char*dest,constchar*src)getwd(char*buf)gets(char*s)[vf]scanf(constchar*format,...)realpath(char*path,charresolved_path[])[v]sprintf(char*str,constchar*format,...)…3/23/202323实验三：用GDB生成汇编3/23/202325实验三：栈的变化push%ebpmov%esp,%ebpsub$0x18,%espsub$0x8,%esppush$0x8049498lea0xffffffe8(%ebp),%eaxpush%eaxcall0x80482f0<strcpy>add$0x10,%espleavret···

eip:0x8048400