[原创]无线渗透--从外网到内网系列之缓冲区溢出
<p><strong><span style="FONT-SIZE: 18pt; FONT-FAMILY: 宋体;">[原创]无线渗透-从外网到内网<font color="#ff0000">系列2---</font>缓冲区溢出</span></strong></p><strong><span style="FONT-SIZE: 18pt; FONT-FAMILY: 宋体;"><font size="3"><p><font size="3"><span><font face="宋体">文</font></span><span lang="EN-US" style="FONT-FAMILY: Arial;">/</span><span><font face="宋体">图作者:</font></span></font><span><font face="Verdana">Christopher Yang</font><font face="Verdana"></font></span></p><p><span lang="EN-US" style="FONT-SIZE: 13.5pt; FONT-FAMILY: Arial;"><span style="FONT-SIZE: 18pt; FONT-FAMILY: 宋体;"><font size="3"><span style="FONT-SIZE: 13.5pt; COLOR: rgb(56,9,247); FONT-FAMILY: 宋体;">---转载请注明作者及出处,谢谢</span></font></span></span></p><strong><span lang="EN-US" style="FONT-SIZE: 13.5pt; FONT-FAMILY: Arial;"><span style="FONT-SIZE: 18pt; FONT-FAMILY: 宋体;"><font size="3"><span style="FONT-SIZE: 13.5pt; COLOR: rgb(56,9,247); FONT-FAMILY: 宋体;"><p><span><font size="3"><span style="FONT-SIZE: 18pt; FONT-FAMILY: 宋体;"><font color="#000000" size="3">这几天从论坛里小失踪了一下,哈,不好意思。因为女儿等不及到2008年当奥运宝宝了,还是想当猪宝宝,所以不等预产期到就出来了,让我手忙脚乱了不少,一些安排也因为她打乱了。不过,看到她眉清目秀一脸不在乎的样子,呵呵,算了认了吧。这两天确实没睡好,笔记本居然破天荒地连续一周没开机,哈,一开机就先上来给大家发个帖。<font color="#ff0000">就当是分享女儿出世的喜帖吧。</font></font></span></font></span></p><p><span><font size="3"><font color="#000000"><span style="FONT-SIZE: 18pt; FONT-FAMILY: 宋体;"><font color="#ff0000" size="3">本帖为应论坛多数人要求,进行的<font face="Verdana" color="#000000">BackTrack2/3</font>深入操作贴,采用一周一帖的方式从简入深地发布这些技术,扩展大家的思维,希望给更多人带来无线安全意识。<font color="#000000">本帖将不设置为回复可看帖,没意思。若你觉得学到东西了,就请支持顶一下鼓励。若有不同意见,也请回帖提出。下面这篇依旧是给新手的。</font></font></span></font></font></span></p><p><span><font color="#000000" size="4"><span style="FONT-SIZE: 18pt; FONT-FAMILY: 宋体;">无线渗透--缓冲区溢出</span></font></span></p><span><font size="3"><font color="#000000"><p><span><font size="3"><span style="FONT-SIZE: 18pt; FONT-FAMILY: 宋体;"><font size="3"><font color="#000000"><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体;">一旦黑客获取到</span><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Verdana;">WEP</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体;">或者</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Verdana;">WPA</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体;">加密密码,就可以配置自己的网卡来连接目标无线接入点,换句话说,也就渗透到目标内网,从而可以进行进行多种多样的深入攻击。而作为受害者,很难发现攻击的来源,甚至无法察觉攻击的出现。既然有人觉得在线破解帐户密码似乎比较麻烦,那这次我们就来看看缓冲区溢出,直接攻入对方主机。</span></strong></font></font></span></font></span></p></font></font></span><p><span><font size="3"><font color="#000000">在计算机内部,输入程序通常被存放在一个临时空间内,这个临时空间就称之为缓冲区,而缓冲区的长度事先已经被程序或者操作系统所定义。当黑客向缓冲区内填充数据,而数据长度超过了缓冲区本身的容量后,数据就会溢出存储空间,装不下的数据则会覆盖在合法的数据上,导致程序的出错乃至崩溃,这就是缓冲区溢出原理。 <p></p></font></font></span></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p><font color="#000000"><font size="3"><strong><span style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">作为我们常用的操作系统如</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-fareast-font-family: 宋体;">Windows2000/XP/2003/Vista</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">、</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA; mso-fareast-font-family: 宋体;">Redhat Linux / Fedora Core</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">等,无论是操作系统自身还是安装的第三方软件,都存在着不同程度的设计漏洞和程序缺陷。<span style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">针对这些软件的漏洞所编译出的攻击工具多数为缓冲区溢出工具。</span></span></strong></font></font></p><font color="#000000"><font size="3"><strong><span style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;"><span style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;"><p><font size="3"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">除去一些临时编译出的攻击代码,在黑客界,作为缓冲区溢出攻击工具,鼎鼎有名的就是</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Metasploit Exploitation Framework</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">,这款在</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">2005</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">年</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Black Hat</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">全球黑客集会上公开的免费工具从诞生起,就被黑客们给予厚望,也从那时起就被誉为缓冲区攻击平台,其作者也多次被邀请参加之后的</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">BlackHat</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">集会作演讲。我们来看一下它的界面及基本使用。</span></strong></font><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;"><br/>
<p></p></span></strong></p><p></p><p></p><p></p><p></p><p></p><p></p></span></span></strong></font></font></span></font></span></span></strong><strong><span lang="EN-US" style="FONT-SIZE: 13.5pt; FONT-FAMILY: Arial;"><span style="FONT-SIZE: 18pt; FONT-FAMILY: 宋体;"><span style="FONT-SIZE: 13.5pt; COLOR: rgb(56,9,247); FONT-FAMILY: 宋体;"><p><font size="3"><font color="#000000"><strong><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana; mso-bidi-font-family: Arial;">步骤</span></strong><strong><span lang="EN-US" style="FONT-FAMILY: Verdana; mso-bidi-font-family: Arial;">1</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">:进入到</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">BackTrack2<span style="mso-spacerun: yes;">
</span>Linux</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">的图形界面,从菜单里依次打开</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">backtrack</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">—</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Penetration</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">—</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Metasploit Exploitation Framework</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">—</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Framework Version2</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">,选择</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">MsfConsole</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">。会出现如下提示:</span></strong></font></font></p><p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font></p><p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font></p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;"><p></p><p><font size="3"><font color="#000000"><strong><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana; mso-bidi-font-family: Arial;">步骤</span></strong><strong><span lang="EN-US" style="FONT-FAMILY: Verdana; mso-bidi-font-family: Arial;">2</span></strong><strong><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana; mso-bidi-font-family: Arial;">:</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">使用</span></strong><strong><span lang="EN-US" style="FONT-FAMILY: Verdana; mso-bidi-font-family: Arial;">show exploits</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">命令参看可以使用的溢出攻击代码。可以看到</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Metaspolit</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">内包含的攻击代码非常多,目前最新的代码包已有</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">260</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">多个,涵盖了</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Windows</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">下</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">IIS </span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">、</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Exchange</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">、</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">DNS</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">,不同版本</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Linux</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">下</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Samba</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">、</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">DNS</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">、</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">SMTP</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">,</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;"><span lang="EN-US">SQL</span></span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">、</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Oracle</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">数据库以及</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Firefox</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">浏览器、</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">MSN</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">、</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">RealServer</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">等各类第三方软件从早期版本至最新出现的溢出攻击利用代码。</span></strong></font></font></p><p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font></p><p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font></p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;"><p></p><p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">使用</span></strong><strong><span lang="EN-US" style="FONT-FAMILY: Verdana; mso-bidi-font-family: Arial;">show payloads</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">命令可以查看所有支持的溢出攻击方式,有正向溢出、反向溢出、溢出后在目标后台下载指定文件等等,可根据实际情况定制。</span></strong></font></font></p><p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font></p><p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font></p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font><strong><span lang="EN-US" style="FONT-FAMILY: Verdana; mso-bidi-font-family: Arial;"><p></p><p><font size="3"><font color="#000000"><strong><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana; mso-bidi-font-family: Arial;">步骤</span></strong><strong><span lang="EN-US" style="FONT-FAMILY: Verdana; mso-bidi-font-family: Arial;">3</span></strong><strong><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana; mso-bidi-font-family: Arial;">:</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">使用</span></strong><strong><span lang="EN-US" style="FONT-FAMILY: Verdana; mso-bidi-font-family: Arial;">set</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Verdana; mso-hansi-font-family: Verdana; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">命</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">令设定攻击目标后,即可进行攻击。这里我们使用</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">ms06040</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">攻击代码,该攻击代码针对对象有:</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">
<p></p></span></strong></font></font></p><p></p><p></p><p></p><p></p><p><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;"><font size="3"><font color="#000000">Windows NT4.0 <p></p></font></font></span></strong></p><p></p><p></p><p></p><p></p><p><font size="3"><font color="#000000"><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Windows 2000 SP0</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">—</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">SP4 <p></p></span></strong></font></font></p><p></p><p></p><p></p><p></p><p><font size="3"><font color="#000000"><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">Windows XP SP0</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">—</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;">SP1 <p></p></span></strong></font></font></p><p></p><p></p><p></p><p></p><p><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;"><font size="3"><font color="#000000">Windows Server 2003 SP0 <p></p></font></font></span></strong></p><p></p><p></p><p></p><p></p><p><strong><span style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;"><font color="#000000">虽然并不是最新的漏洞,但对于很多内部网络或者网吧,依然可以有效地使用。</font></span></strong></p><p><strong><span style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;"></span></strong></p><p><strong><span style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;"><font color="#000000"></font></span></strong></p><strong><span style="FONT-WEIGHT: normal; FONT-SIZE: 10.5pt; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-hansi-font-family: 'Times New Roman'; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold; mso-bidi-font-size: 12.0pt; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;"><p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">如下图,在输入</span></strong><strong><span lang="EN-US" style="FONT-FAMILY: Verdana; mso-bidi-font-family: Arial;">exploit</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">之后,成功获取了远程系统</span></strong><strong><span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Verdana; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">Shell</span></strong><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;">,可以看到目标操作系统版本,以及所含用户,现在黑客已经成功进入该服务器内了。若是一些采用了内外网隔离的企业,可以看到,黑客不但通过破解无线加密连接进了内网,同时还在此基础上攻入了其它计算机,甚至是内部敏感服务器,危害可想而知。(下图中出现的乱码是由于语言解释不支持导致)</span></strong></font></font></p><p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"></span></strong></font></font></p><p><font size="3"><font color="#000000"><strong><span style="FONT-WEIGHT: normal; FONT-FAMILY: 宋体; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-bidi-font-weight: bold;"><font face="Verdana"><strong>Backtrack2/3 Linux</strong></font>中同时也集成了其新版<font face="Verdana"><strong>Metasploit Exploitation Framework3</strong></font>。这个版本在改进了原来版本不足的同时,添加了很多更实用的模块,支持参数更加细化。本文旨在抛砖引玉,望大家举一反三,有兴趣的朋友可以再深入研究。哈,也许攻击服务器可能会更有意思些。</span></strong></font></font><br/><br/></p></span></strong></span></strong></span></strong></span></strong></span></span></span></strong></font></span></strong><br/><br/>
[此贴子已经被作者于2008-1-6 21:53:37编辑过] 为什么我看到的是乱码? <p><font size="3"><strong>关于升级溢出攻击包,步骤如下:</strong></font></p><p>进入到BackTrack2 Linux的图形界面,从菜单里依次打开backtrack—Penetration—Metasploit Exploitation Framework—Framework Version2,选择MsfUpdate即可。</p><p>在弹出的Shell里,会先连接Metasploit 官网的升级服务器,连接成功后,会有提示:</p><p>由于对方采用了证书服务器验证,所以要求我们对是否采用证书表明态度,大意就是三个选择:一个是拒绝,一个是临时接受,一个是永久信任(<strong>选这个</strong>),然后就可以等待升级了,这个过程持续时间完全取决于网络和之前是否已经升级。这里就不截图了。</p><p>好了,大家去试试吧。 <font size="4"><strong>Join and enjoy!!</strong></font></p><p><font color="#ff0000">最后,上张宝宝图,愿给更多人带来喜气:</font></p><p></p><p>哈哈,女孩子又怎么样?技术一定要从小培养,为了以后成为国内顶尖女黑客,现在就要从微处着手,一点点培养兴趣,目前的婴儿教育是:每天间断听空键盘敲击声一小时。</p><p>下一阶段是听鼠标点击声</p>
[此贴子已经被作者于2008-1-7 11:35:10编辑过] 上午还没有,呵呵。强烈支持。慢慢的由浅入深我很崇拜你。 longas。 <p>强烈支持</p> 支持,学习!!!! 用过WIN下的,LINUX的还没有尝试过 <p>linux 下的缓冲区溢出工具!希望能详细把260个溢出工具来一个使用范围列表</p><p>还有<span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: Arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;"><font size="3">Metasploit的溢出工具能不能自己更新增加最新的溢出工具包!!!</font></span></p> <div class="msgheader">QUOTE:</div><div class="msgborder"><b>以下是引用<i>jiuweiljp</i>在2008-1-7 9:10:22的发言:</b><br/><p>linux 下的缓冲区溢出工具!希望能详细把260个溢出工具来一个使用范围列表</p><p>还有<span lang="EN-US" style="FONT-WEIGHT: normal; FONT-FAMILY: arial; mso-hansi-font-family: 宋体; mso-bidi-font-weight: bold;"><font size="3">Metasploit的溢出工具能不能自己更新增加最新的溢出工具包!!!</font></span></p></div><font style="BACKGROUND-COLOR: #f3f3f3;">正是,就这一个软件就有得好玩了</font> <p>楼主我知道不应该在这里提问这个问题,在你其他的帖子询问过,</p><p>我的网卡是dwl-g122.用bt3系统,激活模式后显示ralink rt73 </p><p>严格按照你破解wep的教程做,</p><p>台式机在命令注入后不到1w就死机了,就是抓包工作站慢慢一个</p><p>接一个的消失了,注入也慢慢停止了,所用的命令也都无效了,只能从起机器。</p><p>在笔记本下,注入命令后不死机,也有(got arp)但是data值无任何变化,</p><p>实验多次都是这样,请longas帮忙解答一下,是网卡的问题吗?操作步骤严格按照教程</p><p>在没注入攻击也破解了一个,但是是data值自己增长的。</p> <p>应该是网卡的问题,我记得这个Dlink的DWL-G122是有版本限制的,就是说虽然名称一样,但是由于其硬件版本不同,导致有些型号是不能够进行注入攻击的。你可以把这款USB无线网卡翻过来仔细看看。</p><p>这款DWL-G122就是只支持B1以前的版本,现在的版本应该都是E1的,这个是不能够进行注入的,这也是当初我选择WUSB54G的原因。</p><p>另外,下次这类问题记得发到对应主贴,或者给我短信。呵呵,帮我维护一下正常的论坛交流啊,既然之前我忽略了你的问题,这次就不删你的帖了,希望能帮到你。</p> <p>gxgx, 太可爱了</p> 多谢你这么快的回复,我的是c1版,我也去购一块<font color="#0000ff" size="2">WUSB54GC。我一直会支持你的</font>