intusion detection计算机网络攻击与防护技术第五课大纲汇编语言外壳代码从到.pdf

Outline • S Code – Exploit payload – Architecture-specific machine instructions • Written in assembly language, then converted to machine language • Need different s codes for different architectures – Self-contained program – Absolute control over the exploited program – Do anything a hacker wants • Spawn a s • Open a port/service for hacker • Open a connection back to attacker • Add password into the /etc/passwd file • Remove lines from syslog NOP Sled S Code Repeated return address 3 From C to Assembly • oworld.c # lude <stdio.h> int main() { printf(" o World.\n"); return 0; } • Linux system call – Every system call is enumerated – Can be referenced by number when making the calls in assembly – linux_system_call.pdf 4 From C to Assembly • In assembly, to do system call oworld.asm section .data ; data segment – Use int to send msg db " o, world!", 0x0a ; the string and newline char interrupt signal to section .text ; text segment kernel global _start ; Default entry point for ELF linking – int 80 is used for _start: system call. ; SYSCALL: write(1, msg, 14) – Int 80 will use four mov eax, 4 ; put 4 into eax, s e write is syscall #4 mov