T Biên www.hutech.edu.vn *1.2022.COS332* tailieuhoctap@hutech.edu.vn : I .I III 11 11 14 20 21 21 21 24 30 BÀI 3: 31 -121-5.EXE 31 38 39 39 39 39 42 46 46 47 52 BÀI 5: 67 67 67 -121-8.bin 67 GDB-PEDA 73 -PEDA LINUX 73 74 78 II 78 80 83 6.4 FUNCTIONS 86 6.5 CLASS VÀ OBJECT 87 6.6 MODULES 88 6.7 PACKAGES 90 6.8 EXCEPTION HANDLING 92 93 93 94 96 97 98 100 7.7 SUBPROCESS 101 103 8.1 MƠ HÌNH 103 - 103 8.3 WEB SERVER 107 108 111 112 115 119 122 9.1 MƠ HÌNH 122 122 125 IMMUNITY DEBUGGER 126 IMMUNITY DEBUGGER 132 9.6 PYHOOKS 135 138 III an toàn Tin ngành An tồn thơng tin BÀI 1: IDA BÀI 2: BÀI 3: BÀI 4: BÀI 5: , IV - - 50% 50% BÀI 1: BÀI 1: L 1.1 CÔNG C IDA 1.1.1 Gi i thi u IDA ( - In-built command 1.1.2 FLIRT - PIT - BÀI 1: SDK Các plugin kh Stealth (anti-debugging tricks) Findcrypt xuyên Highlighter Unispector MS DOS EXE File MS DOS COM File MS DOS Driver New Executable (NE) Linear Executable (LX) Linear Executable (LE) Portable Executable (PE) (x86, x64, ARM, etc) Windows CE PE (ARM, SH-3, SH-4, MIPS) Mach-O for OS X and iOS (x86, x64, ARM and PPC) Dalvik Executable (DEX) -ráy BÀI 1: EPOC (Symbian OS executable) Windows Crash Dump (DMP) XBOX Executable (XBE) Intel Hex Object File MOS Technology Hex Object File Netware Loadable Module (NLM) Common Object File Format (COFF) Binary File Object Module Format (OMF) OMF library S-record format ZIP archive JAR archive Executable and Linkable Format (ELF) Watcom DOS32 Extender (W32RUN) Linux a.out (AOUT) PalmPilot program file AIX ar library (AIAFF) PEF (Mac OS or Be OS executable) QNX 16 and 32-bits Nintendo (N64) SNES ROM file (SMC) Motorola DSP56000 LOD Sony Playstation PSX executable files, object (psyq) files BÀI 1: library (psyq) files B Variable Sized Structures có kích Th - Program Navigator Toolbar - 124 BÀI 9: Bên Client -Strcpy.exe $ chmod 777 strcpy.py $ /strcpy.py 192.168.254.179 $ man ascii 125 BÀI 9: 9.3 LÀM QUEN V I CÔNG C IMMUNITY DEBUGGER debugger.immunityinc.com/IMMUNITY DEBUGGER_register.py - $ /Strcpy.py 192.168.254.179 126 BÀI 9: 9.4 C O B NG GIÁM SÁT SPSE COURCE TRÊN IMMUNITY DEBUGGER C:\Program Files\Immunity Inc\Immunity Debugger\PyCommands 127 BÀI 9: -demo.py #! /usr/bin/env python import immlib def main(args): imm = immlib.Debugger() imm.log('start writing') imm.updateLog() return "Hello HUTECH" -demo.py !spse-demo - 128 BÀI 9: -demo Ta có BÀI 9: 129 130 BÀI 9: Services imm.ps() td = imm.createTable("SPSE Cource",('PIMMUNITY DEBUGGER', 'Name')) td.add(0,['3000','HUTECH']) BÀI 9: window #!/usr/bin/env python import immlib def main(args): imm = immlib.Debugger() imm.log('write') imm.updateLog() td = imm.createTable("SPSE Cource", ['PIMMUNITY DEBUGGER','Name','Path','Services']) psList = imm.ps() for process in psList: td.add(0, [ str(process[0]), process[1],process[2], str(process[3]) ]) return 'done' !spse 131 132 BÀI 9: 9.5 C O B NG GIÁM SÁT MODULE INFOMATION TRÊN IMMUNITY DEBUGGER -Strcpy.exe thông qua IMMUNITY DEBUGGER -pro.py #!/usr/bin/env python import immlib def main(args): imm = immlib.Debugger() ng d n c !spse-pro - - 133 BÀI 9: - e - attach imm.Attach(int[args[0])) -Strcpy !spse-pro 1460 134 BÀI 9: -> Executable modules #!/usr/bin/env python import immlib DESC = " play with Processes" def main(args) : imm = immlib.Debugger() td = imm.createTable("Module Infomation", ['Name','Base','Entry','Size','Version']) moduleList = imm.getAllModules() for entity in moduleList.values(): td.add(0, [entity.getname(), '%08X'%entity.getBaseAddress(), '%08X'%entity.getEntry() '%08X'%entity.getSize(), entity.getVersion() ]) return "Done" 135 BÀI 9: 9.6 PYHOOKS - #!/usr/bin/env python import immlib from immlib import AllExceptHook class Demo (AllExceptHook) : def init (self) : AllExceptHook. init (self) def run(self, regs) : imm = immlib.Debugger() imm.log(str(regs)) def main(args) : imm = immlib.Debugger() newHook = Demo() newHook.add("Demo Hook") return "done" 136 BÀI 9: ON !spse-hook $ /Strcpy.py 192.168.254.179 -> log Ta có th Trong ghi FPU eip = regs['EIP'] esp = regs['ESP'] BÀI 9: buf = imm.readString(esp) if len(buf): imm.log('String len at ESP: %d\n%s' %(len(buf), buf)) Hoàn thi #!/usr/bin/env python import immlib from immlib import AllExceptHook class Demo (AllExceptHook) : def init (self) : AllExceptHook. init (self) def run(self, regs) : imm = immlib.Debugger() eip = regs['EIP'] esp = regs['ESP'] imm.log("EIP: 0x%08X ESP: 0x%08X"%(eip, esp)) buf = imm.readString(esp) if len(buf): imm.log('String len at ESP: %d\n%s' %(len(buf), buf)) def main(args) : imm = immlib.Debugger() newHook = Demo() newHook.add("Demo Hook") return "done" 137 138 Herbert h Thompson; Scott g Chase (2008), The Software Vulnerability Guide, CHARLES RIVER MEDIA, INC., ISBN: 1-58450-358-0 Edition), Pearson Education Jang, Michael (2011), Security Strategies in Linux Platforms and Applications, Jones & Bartlett Learning, ISBN-13: 978-0763791896