信息安全技術(shù)2近現(xiàn)代黑客歷史教學(xué)幻燈片

2025/1/111信息安全技術(shù)2025/1/112近現(xiàn)代黑客歷史2025/1/113近現(xiàn)代黑客歷史史前:1875-19691870’s:貝爾電話網(wǎng)絡(luò)公司的接線生第一、二次世界大戰(zhàn)期間:Enigma/Turing…1962:MIT分時系統(tǒng)（TSS）的誕生…RichardStallman:自由軟件的創(chuàng)始人…Hackingreferstospiritsoffuninwhichweweredevelopingsoftware2025/1/115近現(xiàn)代黑客歷史黃金時代:1980-1985PCs開始大規(guī)模進(jìn)入北美和歐洲的普通家庭與企事業(yè)機(jī)構(gòu)…好萊塢的電影：“WarGame”ARPANET的出現(xiàn)…2025/1/116近現(xiàn)代黑客歷史計算機(jī)犯罪行為:1985-1990美國政府的“計算機(jī)欺詐與濫用法案”…與“老一代”黑客不同，新新一代并不關(guān)心軟件“嬉戲”的愉悅或自由言論或自由通信的追求，而是更加關(guān)心如何能夠通過這些新技術(shù)盈利…Nov.1988,RobertMorrisJr.2025/1/117近現(xiàn)代黑客歷史世風(fēng)日下:1990KevinMitnick：第一個上了美國聯(lián)邦調(diào)查局追逃名單的黑客…黑客作為一種文化現(xiàn)象開始出現(xiàn)…2025/1/118近現(xiàn)代黑客歷史黑客的今朝與明天CNN/YAHOO/E-Bay…“5.12”汶川大地震的啟迪…2025/1/119緩沖區(qū)溢出攻擊2025/1/1110BOF的歷史VonNeumann’s體系結(jié)構(gòu)…AlephOne:“SmashingTheStackForFunandProfit”,Phrack49(1989)/stf/smashstack.htmlCERT/CC年度報告(1997年之前尚無緩沖區(qū)溢出攻擊的案例）2025/1/1111CERT/CC年度報告1997年度報告:28個漏洞中有8個緩沖區(qū)溢出的漏洞MIMEconversionbufferoverflowinsendmailversionsin8.8.3and8.8.4BufferoverflowinlibrariesusingNaturalLanguageService(NLS)BufferoverflowvulnerabilityinXtlibraryBufferoverflowprobleminxlockBufferoverflowinsuidperlBufferoverflowinat(1)programBufferoverflowproblemsinSGIIRISsystemsBufferoverflowprobleminrdist28.5%2025/1/1112BufferOverflowinNIS+(NetworkInformationServicePlus)BufferoverflowsinsomePOPserversBufferOverflowinSomeImplementationsofIMAP(InternetMessageAccessProtocol)ServersBufferOverflowinMIME-awareMailandNewsClientsRemotelyExploitableBufferOverflowVulnerabilityinmountd(UNIX,RemoteProcedureCall)38.4%1998年度報告:13個漏洞中有5個緩沖區(qū)溢出的漏洞CERT/CC年度報告2025/1/1113FTPBufferOverflowsIISBufferOverflowBufferOverflowVulnerabilityinCalendarManagerServiceDaemon,rpc.cmsdBufferOverflowinamdBufferOverflowsinSSHdaemonandRSAREF2LibraryBufferOverflowinSunSolsticeAdminSuiteDaemonsadmindSystemsCompromisedThroughaVulnerabilityinam-utils43.7%1999年度報告:16個漏洞中有7個緩沖區(qū)溢出的漏洞CERT/CC年度報告2025/1/1114MultipleBufferOverflowsinKerberosAuthenticatedServicesMITKerberosVulnerabletoDenial-of-ServiceAttacks9%2000年度報告:22個漏洞中有2個緩沖區(qū)溢出的漏洞CERT/CC年度報告2025/1/1115BufferOverflowVulnerabilityinMicrosoftIIS5.0BufferOverflowInIISIndexingServiceDLLBufferOverflowinSunSolarisin.lpdPrintDaemonOracle8icontainsbufferoverflowinTNSlistener"CodeRed"WormExploitingBufferOverflowInIISIndexingServiceBufferOverflowintelnetdContinuedThreatofthe"CodeRed"WormBufferOverflowinGauntletFirewallallowsintruderstoexecutearbitrarycodeOracle9iASWebCachevulnerabletobufferoverflowBufferOverflowinCDESubprocessControlServiceBufferOverflowinSystemV(UNIX)DerivedLoginBufferOverflowinUPnPServiceonMicrosoftWindows35.1%2001年度報告:37個漏洞中有13個緩沖區(qū)溢出的漏洞CERT/CC年度報告2025/1/1116ExploitationofVulnerabilityinCDESubprocessControlServiceBufferOverflowinAOLICQBufferOverflowinMicrosoftInternetExplorerMultipleVulnerabilitiesinOracleServersBufferOverflowinMicrosoft'sMSNChatActiveXControlBufferOverflowinMacromediaJRunBufferOverflowsinMultipleDNSResolverLibrariesMultipleVulnerabilitiesinOpenSSLIntegerOverflowInXDRLibraryBufferOverflowinCDEToolTalkBufferOverflowinKerberosAdministrationDaemonBufferOverflowinSolarisXWindowFontServiceBufferOverflowinMicrosoftWindowsShell35.1%2002年度報告:37個漏洞中有13個緩沖區(qū)溢出的漏洞CERT/CC年度報告2025/1/1117BufferOverflowsinISCDHCPDMiniresLibraryBufferOverflowinWindowsLocatorServiceRemoteBufferOverflowinSendmailBufferOverflowinCoreMicrosoftWindowsDLLIntegeroverflowinSunRPCXDRlibraryroutinesBufferOverflowinSendmailBufferOverflowinMicrosoftWindowsHTMLConversionLibraryBufferOverflowinMicrosoftRPCRPCSSVulnerabilitiesinMicrosoftWindowsBufferOverflowinWindowsWorkstationService35.7%2003年度報告:28個漏洞中有10個緩沖區(qū)溢出的漏洞CERT/CC年度報告2025/1/11182004AnnualReport:“Heavenhelpusifwestillhavebufferoverflowinoursoftwarein20years!”

--TomLongstaff,R&Dmanager,CERT/CCCERT/CC年度報告2025/1/1119CERT/CC關(guān)于緩沖區(qū)溢出漏洞的分析28.5%199738.4%199843.7%19999%200035.1%200135.1%200235.7%20032025/1/1120實驗二#include<stdio.h>#include<string.h>voidhelloworld(charsbuff[],charlbuff[]);charlargebuff[]="1234512345123451234512345===ABCD";intmain(void){charsmallbuff[16];helloworld(smallbuff,largebuff);}voidhelloworld(charsbuff[],charlbuff[]){}2025/1/1121實驗二：用GDB生成匯編進(jìn)入gdb調(diào)試工具環(huán)境運行被調(diào)試程序生成main函數(shù)的匯編2025/1/1122

實驗二：棧的變化push%ebpmov%esp,%ebpsub$0x18,%espsub$0x8,%esppush$0x8049478lea0xffffffe8(%ebp),%eaxpush%eaxcall0x80483ec<helloworld>add$0x10,%espleaveret···eip:0x80483d0

espebp

ebp8個字節(jié)（16字節(jié)對齊）16字節(jié)smallfuff[16]8個字節(jié)（為下一個對齊）*largebuff12345123451234512345===ABCDeaxeaxeip:0x80483ecpush%ebpmov%esp,%ebppop%ebpretebp

main函數(shù)的棧

2025/1/1123一些“危險”的C函數(shù)strcpy(char*dest,constchar*src)strcat(char*dest,constchar*src)getwd(char*buf)gets(char*s)[vf]scanf(constchar*format,...)realpath(char*path,charresolved_path[])[v]sprintf(char*str,constchar*format,...)…2025/1/1124實驗三#include<stdio.h>#include<string.h>charlargebuff[]="1234512345123451234512345===ABCD";intmain(void){charsmallbuff[16];

strcpy(smallbuff,largebuff);}2025/1/1125實驗三：用GDB生成匯編2025/1/1126

實驗三：棧的變化push%ebpmov%esp,%ebpsub$0x18,%espsub$0x8,%esppush