宣传一个自己感觉不错的项目
cis...@gmail.com
但是这个项目当中遇到的一些问题,也跟我现在遇到的问题一样的使人头大,
通过数据流程建模与动态的数据流程分析,我们可以很快的实现对一个漏洞的
分析及定位,但是呢...在处理一些特定条件下的汇编代码时,又存在了N多的问题,
毕竟真正要进行漏洞挖掘的软件99.9999%都是大型的软件项目,在这些软件项目
里面有大堆的线程在运行着,有大堆的回调函数会被调用,有大堆的COM组件会
被协调使用,因此动态分析就会被这些玩意所制约。
而且在不熟悉一个软件的基本架构的情况下,能够使它自动化起来还是很累人的。
自己的想法毕竟还没有完全形成文档,而且工具也还没有成型,就不再说那么多
废话了,要我们看看SpiderPig这个项目的资料。
Paper is available here:
http://piotrbania.com/all/spiderpig/pbania-spiderpig2008.pdf
Simple video demo and some other things available on project website:
http://piotrbania.com/all/spiderpig/
SpiderPig is a project created for performing and visualizing data
flow analysis of a selected binary program. SpiderPig was created in
the purpose of providing a tool which would be able to help
vulnerability and security researchers with tracing and analyzing any
necessary data and it's further propagation. Such tasks are very often
crucial in the vulnerability discovering/identifying process and
typically require a lot of time consuming manual work. The initial
concept is pretty old, the first pseudo usable version was created
initialy for Immunity Debugger Plugin Contest back in the 2007 just to
be frozen few days after. I have reactivated the project while having
the last months of holidays (arround September 2008) and I have
decided to write a little paper about it (which was finished arround
November 2008). Since i switched for another research at the moment
the SpiderPig research is practically frozen since the time paper was
made. As you probably realize history of this project is kinda a
nutty. Anyway enjoy or erm not enjoy.
kissyll
灰鸽子控制端逻辑漏洞
发布时间:2009-5-19
更新时间:2009-5-19
严重程度:弱
威胁程度:控制远程主机
错误类型:逻辑错误
利用方式:主机模式
受影响系统
源代码灰鸽子 v1.2之前所有版本,更新版本未测试,估计也存在。
未影响系统
未知
详细描述
灰鸽子开放源代码的v1.2版本(可能包括最新版本的灰鸽子以及从这个基础上修改的上兴) 发现漏洞一个逻辑漏洞,这些漏洞可以被用户利用,如果打开控制端并且操作过一次本地打开,任意一个被控端可以向控制端发送任意文件并执行。
漏洞代码
//----------------------------------------------------- 17{本地打开}
if RecCMD = '017' then
begin
try
RsltStream := TmemoryStream.Create;
try
i := AThread.Connection.ReadInteger;
AThread.Connection.ReadStream(RsltStream, i, False);
RsltStream.Position := 0;
RsltStream.SaveToFile(HgzVip.Qviwepath);
ShellExecute(0, 'Open', pchar(HgzVip.Qviwepath),nil, nil, SW_NORMAL);
HgzVip.AddLineStr(HgzVip.Translate('ZhuanTai137','本地打开远程文件成功.'), 1, False);
except
HgzVip.AddLineStr(HgzVip.Translate('ZhuanTai138','本地打开远程文件出错! 连接已断开!'), 2, False);
end;
RsltStream.Free;
except
end;
HgzVip.Enabled := True;
Exit;
end;
解决方案
相关信息
email: kissxi...@hotmail.com
Web: http://www.cisrg.org
更多热辣资讯尽在新版MSN首页! 立刻访问!
kissyll
> Date: Tue, 19 May 2009 21:32:50 -0700
> Subject: [CISRG] 宣传一个自己感觉不错的项目
> From: cis...@gmail.com
> To: cisrg...@googlegroups.com
cis...@gmail.com
On 5月21日, 上午12时14分, kissyll <kissxiaot...@hotmail.com> wrote:
> 都是洋文看不懂
>
>
>
>
>
> > Date: Tue, 19 May 2009 21:32:50 -0700
> > Subject: [CISRG] 宣传一个自己感觉不错的项目
> > From: cis7...@gmail.com
> _________________________________________________________________
> Messenger安全保护中心,免费修复系统漏洞,保护Messenger安全!http://im.live.cn/safe/- 隐藏被引用文字 -
>
> - 显示引用的文字 -