Add to collection(s) Add to saved
  1. No category

Slides - PRA Lab

advertisement 
 davide.ariu@diee.unica.it
P
R
A
Group
Pattern Recognition and
Applications Group
http://prag.diee.unica.it/pra/eng/home
!
>@:=?:>A
•  !%.''2!6')(.2"!6!(6!''(.!
$&$"(&'/"&$&"$&,/(8
•  '(&.+.&!"& )
'
!!!''&""&"')"!:
.)22"
–  !'." $"!!)&0&;".(&60(6&0<&
" .!%.'"0&9
•  '(
!;
6&"0'&6
!(6(8<'(!2' $%.')
"!(!!""9
•  "$"''"!"''&/&!(.&88
"."B
+"'( !"& )
@
*%  !'!&(%!$.#''&
($&.7
–  !!!&" &"$&%.
'(("&22("
–  !!!&" &$&"$&"
,"(&;&
<
./!"&!""&&,;1)<$$!"$(;<
'"0&8
+%  "$&(
!'(&("&8
–  %&&("!.&2"!.!&0
"' $"&(!(%.'( $&2"!$"''"!"
!(&".&& !''( !"& )"555
"."B
+"'( !"& )
A
?
$&!#%!$'
"%$!++
•  %$
$''
•  –  ,$''
–  $
–  !$'
•  $!$$
%$***-
$$$$'%$
$.
(
(
&
(
)
&
:<39;3:=
•  !%'%"%'"!&!'$+&%
!"% ."!&+%'&'&&1
–  &#"&(,"!!&&
–  (#%&"!+'!(
•  *!',,%&&"%'#%
#"'%!&!%'%"
•  "!'%" &+%1
–  "!+(..% –  %*"%5,"##(,"6
–  " !((% !& !"(
&!&
"+">
*"&' !"% (
?
•  %&%'%&+!#""!%&%'#+ ##"&&
&%%+!'&''%"&+!(!%..1
–  *#133-2-%&%2"%3 ##'+%&
–  *#133---2&2+2+37#%&3"3
34
*4'&'2'%2.
•  #!*#133-2-%&%2"%3#'+%'%&&"!"
#%&!(+!& #'%+(.."!%&%
"+">
*"&' !"% (
@
=
02./1.03
(4
%!" #
5
•  ( (% #!! (! +!(&)!
" –  !" #)
–  +
–  )"( *..
•  !("!( ( %+
% "(%!( )+! !! #!( ++ "
–  !! "(% )+
!+)"()( "
(4
%!" #
0/
4
•  March 27, 2012. Cyber attacks on IT systems would become a
criminal offence punishable by at least two years in prison
throughout the EU under a draft law backed by the Civil
Liberties Committee on Tuesday. Possessing or distributing
hacking software and tools would also be an offence, and
companies would be liable for cyber attacks committed for
their benefit.
•  http://www.europarl.europa.eu/news/en/pressroom/content/
20120326IPR41843/html/Hacking-IT-systems-to-become-acriminal-offence
24-13-25
•  &""".!& &#)) ,
–  %& !! "
–  !" !& ))
•  !" /0
•  &'!! !&#"!& &! –  , &" '!" )
–  ,!'" !& •  , ( ( (
•  ! "' !/
0
&6
%!" #
24
"$
•  !!&!! &#))" ! " !
•  ) ,
nmap scanme.nmap.org
&6
%!" #
25
7
13-02-14
'5
$
!"
15
•  open
–  !!$ %
•  closed
–  ! ') !
•  filtered
–  ' ! !!! ('!
•  open|filtered
–  ! •  unfiltered closed|filtered
–  !!"" '5
$
!"
16
7
8:37938;
•  ##$+"#%+ "* "$$#"
# #%+ "#%*"$0
–  $"+*"$ *
##"'
–  " "-'4#1 "'
*"+",5
–  +$" "#%#*"$
–  +*"# #%+*$"--%4#1##
$5
–  "
*<
'#$"%
8=
•  nmap$"##$ "%+--
"# #$2#$ ( "$*$
#$"*%0
– 
– 
– 
– 
– 
*<
%--"#"+%2"
%-- "%"-2"
$+"- "#!**"
# #$ "%"##
# #$#"+"#* "$ "%"
'#$"%
8>
?
*,&)+&*-
•  "–O '–v
!% "(
nmap –O –v scanme.nmap.org
•  "
–  "" "" –  ""--osscan-guess
.
*/
.
+)
*)
68257269
•  *$++#*)#
!#" ))!
•  #)""!!" )
)!")! )#""#*)!
&
–  "#*!$*'")
""
–  ""#!$*)#*#""!"##
)$++!+!# )
"!*+'*3Service Info4
):
&
"#!$
76
•  '*!#" )#"#!!#
!!"##"#!*
–  )!#!#!!")"!*+'*1
•  $!!"")!#""!*+'*
)$++$""""!"'*$
•  #!$*#!")!")#)&
/
–  !!$!"
–  ""##!""
–  """)"#$.##00
):
&
"#!$
77
66
*"
$%
&&%
$"$#
$$
$'
##"
'%
%%"(
(%#
#$%
()
(*
'%
?A9>@9?B
•  TCP SYN Stealth (-sS)
–  %$%#&"* "*(:01:$)!;( &( / " ## $ )*(2 %$&% $%$.)")1)""<
–  $/ .$.$/%"*( /.*%"8 $( )&%)*"
•  TCP Connect (-sT)
–  )")1)""%$$*
–  +" 22 "'.$%$%$) %%$% &( / " ## $ )*(2 %$
/()%# $/D&("'." "$ $
•  UDP (-sU)
–  "&%(* .)6"%)*( )&%$%$.$#)) %
%(*$("
–  "&%(*"*(**(# *.$(0""&%*(##%((%$#$*
%$".("&%(*) &(*
%."%C
-% )*# $%(#+ @C
•  TCP FIN (-sF)
–  $/ %.$&-%%$ "?
–  & #$*7
•  "&%(*&(*6( )&%$%$.$
•  "&%(* .)6 "&-%/ $ $%(*%
•  ( $+7
–  TCP NULL (-sN)
•  )).$)-*%
–  XMAS Scan (-sX)
•  -%$*#&%($#$*?66
%."%C
-% )*# $%(#+ @D
?A
24,13,25
•  & %!*
nmap –p0- –v –A –T4 scanme.nmap.org
  -p 80-85   -p 20,53 !
  -p 0-   -F (le prime 100 più usate)
•  -v •  -A .
!")
&, !")
!/ •  -T[0-5] *-1./)-6. /
%6
$
!"
37
nmap –PN --min-hostgroup 512 –n –p 80 –oG port80Scan%D.gnmap 216.163.128.0/20
•  -PN !
•  -n !& •  --min-hostgroup "!% %!"& !
%623
•  -oG ! &%!%! %%! !+;&
"!%!% !!$%!
•  !! !
%6
$
!"
38
25
68257269
•  #$""*" "
)""#("#(",,
'$
•  "%" "$$)($"0
–  #("'$",,"#$",
")#$
–  ($#+ ##"#
#(",, #%##"
(:
'#$"%
7;
•  $"*#$" "$"
"')"# "$$"$
•  (!("#" "$$"$
")(% "# #$
•  ("*3#1 $#4 ####"
("% ")"( $
(:
'#$"%
85
6:
7926827:
•  *",'3""$4
$"#!*#$ "+*
$"$ "$
•  !*#$ *$ "+"",
#*$#'"* " "$+" "
#*" "$*"003 -–g 4
nmap –sS –v –PN –g 88 172.20.0.14
*;
'#$"%
97
•  # $"1
•  '% # #!*'*
'$##"!**"$00
–  "## •  *##"*%--$ "+"##*##$
–  "## •  $'#
–  •  #$"'"$"*#"+"(*#*
–  $"
•  "$$
*;
'#$"%
98
7<
:<59;5:=
•  $%%- ! !%"%%!,'//'"$
–  ,&!$//$%%!, %"!%'-!$&
7%46%%! &8
–  "$& %&$&!$$&"$
-,$$%"! %, $&*'-
•  $&$'- &%"
!$$%%, %"!%'-!
,'// !!"/! --spoof-mac %
! !"/! --send-eth
!,!>
)!%& !$'
<<
•  ! ! #,%&&!$&,*#,),%!"!
#,! &$$!"$$!/! , %$-/!
–  , /! &!, $&
–  %%!, %$-$.
•  )!- $//&!%!-$$ !%%& !!
&! %,$&,)$%!$%72!$2 8
,%%!%"! –  !! )%
–  !! )%
•  !%3%&$,& !$-
–  )!- "!$&&!,'// !!& ! &"!$ &
!,!>
)!%& !$'
<=
:?
)+#(*#),
•  $&&%
•  $
–  $
!
–  $
–  $
–  '$ !$ %
–  $ ##
-
+-
!
-
+.
)/
$&!#%!$'
#
*M.
Howard, D. LeBlanc, Writing Secure Code, Microsoft Press
(
&)
#
•  –  !
–  $
–  %$&
(
&*
$+
7936837:
•  *$,$ -4 *$,$$*5*
,*$&*%&.* &$ %* . $#**"". ,$
•  *!%%$"$%&%**#*%%"$ ) % -$1
–  %&"$',
–  ""' %
–  "". &3%$,$3 %&%
* ;
) %& $'
9<
•  % $)$%',*$&
" %%$..$),$% '" 2%2
–  $,
–  ' 4%*. $&$$ 5
•  %*. $&$$ %*
%.* *. "+ %*
$" %% "$
–  &*) % & #*,&,$* *&%*
–  "$ *&& $#*& "+,'
% "$, * ,%*& * ;
) %& $'
:6
86
%'#$&#%(
•  #**
–  •  #**
–  strcpy ( char * destination, const char * source )
)
(%
Buffer Sorgente
Buffer Destinazione
Locazione 0
Locazione 0
Locazione 1
Locazione 1
Locazione 2
Locazione 2
Locazione 3
Locazione 3
?
Locazione 4
Locazione 5
?
Locazione 6
?
Locazione 7
?
)
(&
&%
68257269
•  ,#!! !"#)
*)!# , )""!
"!)&# !")!)
•  ")#)!*!!)
•  !#)'&) ""&!)
")")!")!/" !!
"$
):
&"#!$
98
•  " ,!# !) !""
")*"8 !$0
–  0$")$"#$
–  0$$,,,$1
)""!"#"
3/+/#14
–  0)"#""# !!,,!$#!
)#$/*!/!"#!!,")
#),
•  #!)&)!$$ •  "" !$*
•  !* !"$!#),
):
&"#!$
99
77
(*%')%(+
Crescita
indirizzi
memoria
,
+,
•  !
–  #
!
•  $ –  #
!
•  –  #
!
•  –  ,
+-
)*
57.46.58
•  #&""#
•  !" 0"" 1&"
!"0* **'!!1
–  "0 **'1
–  "0 **' 1
•  !" **" 0!& #(
&&*1
•  & !" " ! (
** ( " &9
%!" #
8;
•  &&&*&" -
–  !("!""&"!" &#
" 0 "& !!1
–  !("&*"
–  &*"("&*
"
–  "" !*
!" &*"
•  !! ** &#
&**) !! 076/:8"1
&9
%!" #
8<
68
%'#$&#%(
void function (char* str){
char buffer[16];
strcpy(buffer,str);
}
Top dello
stack
void main(){
char large_string[256];
int i;
for(i=0; i<=255; i++)
large_string[i] = A;
function(large_string);
}
High
memory
addresses
sfp
ret (IP)
Fondo dello
stack
)
buffer
large_string
Low
memory
addresses
(*
•  •  )
)$
&)
7926827:
•  '"#"""#!!'""
"',!!3 '#!!
',#4/"!("'#'
!!(!" '!0
–  ""!"'!',"#"'
3"1'"4
–  '!(!#
"'
•  #"+"*(!"
–  ,##!,,
!#!'$!'!
';
&
"#!$
;7
•  !("#(#
!
•  #!!,,! '"#$&
"#!!"+"/""!#!
#!#&'!""#!$(0
–  '"!$',(""$
"#/#!"!"#!
–  '"#!!'#!""!!
##(")!/#!"'"+"
–  !###!##!
,,")!
';
&
"#!$
;8
8<
:<29;2:=
•  ( ++ " !"& !" 4
# ""&?=5
–  & ( )'!!.!!1
•  ( & ( ) !!" #(
" #&
(! ! ! "!&3!&
–  & ( )'!!.!!1
•  ! !
•  "*!!
–  %/22&! !00&0&26 &*2& !!2:A=A@3:92!2""3*!!3( ()0
&>
%!" #
><
•  ""&(+&"
•  !!"+ ""! ( &!"
•  2BB!/
–  strcpy((""1
–  strncpy'!& •  strncpy(buf, input, sizeof(input)-1) ""((&! !" *1
–  char* gets(char* buffer)
&( !"! &( )
& –  sprintf(char *buffer, const char* format)
&>
%!" #
>=
;@
!
"
13,02,14
•  $*%%$$&
$'%
•  % +
•  &%!+
–  –  ''#%$
$5
# !
56
•  '$ %# +-*!.
•  $$
•  #%$ •  % '
•  !- $%'.
$5
# !
57
28
68057069
•  !#!*!"!'&'('!#
•  !'##&!(!"!#
•  """$!#!
&#$1'"!"")!2
•  $.
–  !##!1""*2
–  $!#!1""*2
–  ##!'##!1*2
':
&"#!$
:<
•  #!*#""# '
!!(
•  !&!(!"!! '""
•  ""(#!*
•  !!"'
•  '"$!#!'!#
$"#""1!#! '"##!3
2/
':
&"#!$
;5
85
9;38:39<
•  )( # #+ (
!!(-"""
* (!0+ " 2
•  # !!
!!"*" ( ("#-
•  " (!"" 5"
!! 6
(=
%
!" #
>9
•  4
1!+ *( !(" "
- #*&*"(""
•  * !!" "-1
–  –  !"- +! –  !
–  –  + 5* #!!( "!
6
•  *!! " !(##* (!5
(-"!,+ !! "(!+ 6
•  !!!! # +
(=
%
!" #
>:
;9
46.35.47
•  ,
•  "((,
–  . –  "!$
•  & &
•  !!% !
&0&("1
-%+-%!/ '
!
%8
$ !"
96
Win2K Rootkit by the team rootkit.com (Version 0.4 alpha)
command ps help buffertest hidedir hideproc debugint sniffkeys description
show process list
this data
debug output
hide prefixed file or directory
hide prefixed processes
(BSOD)fire int3
toggle keyboard sniffer
*"(BSOD)" means Blue Screen of Death if a kernel debugger is not present!
*"prefixed" means the process or filename starts with the letters '_root_'.
*"sniffer" means listening or monitoring software.
%8
$ !"
97
65
13*02*14
•  2005
'#%
,.&+3-#100 •  %"$#
%
•  #$$$#
""
%,$#.%-
#5
"
65
#5
"
66
33
!"
!#
"
!
,.'+-',/
0
2,
•  %!
–  –  •  (!)%!
"!&
–  "
–  0
2-
.1
replicazione autonoma
no replicazione
replicazione
Virus
Worm
Dialer
Rootkit
Spyware
Trojan horse
necessita ospite
Keylogger
nessun ospite
dipendenza da ospite
Fonte Roberto Paleari
roberto@security.dico.unimi.it
" "!
#
!
"
"
!
Related documents
Nmap - Personal Home Pages (at UEL)
Nmap - Personal Home Pages (at UEL)
Presentations
Presentations
H.264 Rate Control
H.264 Rate Control
Penetration Testing Part 2
Penetration Testing Part 2
Nmap
Nmap
elements of fiction
elements of fiction
Regular Expressions
Regular Expressions
Assessing Vulnerabilities - jedge.com Information Security
Assessing Vulnerabilities - jedge.com Information Security
ORDBMS
ORDBMS
Reaver
Reaver
Fighting Zombies with FastNMAP Plus Other Tools for the Toolbox
Fighting Zombies with FastNMAP Plus Other Tools for the Toolbox
Scripting and Extending Nmap and Wireshark with Lua
Scripting and Extending Nmap and Wireshark with Lua
Download
advertisement