Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 5 3 2

    Uploaded by

    Rizki Hela Salam
    2 views17 pages

    Original Title

    Chapter_5_3_2

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views17 pages

    Chapter 5 3 2

    Uploaded by

    Rizki Hela Salam

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    Hacker/Intruder 入侵簡介

    博二
    888311 李鎮宇
    Outline
     Introduction
     Unix Password decryption
     Buffer Overflow Attack
     Trojan horse/Horse
     Conclusion
    Introduction
     Oversight( 人為疏忽 )
     Password decryption. (Unix/Win)
     System vulnerability ( 系統漏洞 )
     Buffer Overflow Attack( 緩衝區溢位 )
     (IIS vulnerability)
     Inveiglement( 誘騙 )
     Trojan horse( 木馬 )
    Unix Password decryption
     Get password file.
     /etc/passwd or passwd.OLD
     sirhack:89fGc%^7&a:100:100:Sir Hackalot:/usr/sirhack:/bin/sh
     username:password:UserID:GroupID:description(or real name):homedi
    r:shell

     DES one-way encryption

    DES Cipher Keep


    Password In
    Encryption password
    System
    Unix Password decryption
    Cipher Matching Cipher
    DES
    Dictionary Password Password
    Encryption
    (CP’) (CP)

     UNIX 密碼欄位使用 8 個字元,而可輸入字元


    有 95 個,所以暴力法就需要:
     (95^8+95^7+95^6+95^7+95^6+.....+95^
    1) =6.70478095451712e+15 (次)
    Buffer Overflow Attack
     Control the EIP value cause of Buffer
    Overflow.

     Calculate the predict program counter to feed


    EIP.
     Buffer Overflow -> EIP value miss load.
     Program Counter jump to new address and
    keep running.
    Buffer Overflow Attack
     #include <windows.h>
    #include <stdio.h>

     void overflow(char *s,int size)


     {
    char buffer[80];
     s[size]=0;
    strcpy(buffer,s);
    }
     int main ( )
     {
    FILE *file;
    char buf [300];
    LoadLibrary( "msvcrt.dll" );
    file = fopen("bo.txt.code","rb");
    if( file!=NULL )
    {
    fread(buf,sizeof(char),255,file);
    overflow(buf,255);
    fclose(file);
    }
    }
    Buffer Overflow Attack
    Buffer Overflow Attack
    Buffer Overflow Attack
    Buffer Overflow Attack
    Buffer Overflow Attack
     Winamp 2.62\2.64
     程式在處理 M3U 清單裡面的“ #EXTINF:” 欄位 .
     #EXTM3U
    #EXTINF:AAAAAAAAA....AAAAAAAAA<cr><lf>
    >280 個 A
     <A HREF="ATTACK.M3U">
    <BGSOUND SRC="ATTACK.M3U">
    <EMBED SRC="ATTACK.M3U">
     Outlook Express
     Field value.
     IIS printer
     Printer name.
    Trojan horse/Horse
     What is Horse
     Client/server program
     System control/monitor
     Remote access
     Hide/slink

    Client Server

    Port Victim
    Intruder
    Trojan horse/Horse
     How Horse hide/Slink.
     Form.Visible=False, Form.ShowInTaskBar=False,

     Public Declare Function RegisterServiceProcess Lib "kernel32“() As


    Long
     Public Declare Function GetCurrentProcessId Lib "kernel32" () As Lo
    ng

     Registry, win.ini, system.ini

     Port

     Driver, DLL and ICMP.


    Trojan horse/Horse
     How system EARN a Horse.
     Attach files.
     Attach files
     Web trick/trap
     221(Two To One)combine one normal program and one
    horse.
     un-authorization/share usage.
     un-authorization usage
     share usage
     Attack
     BOA
     IIS vulnerability
    Trojan horse/Horse
     ICMP Horse(without port)
     (Internet Control Message Protocol)
     Ping…
    Victim

    Invader
    Ping
    Conclusion
     Known one bully ignorant one

    You might also like