• Web Security, 教學 12.05.2017 Enter your password to view comments.

    This content is password protected. To view it please enter your password below:

  • 4個Fuzz Testing Python範例程式

    Image result for fuzz testing

    from scapy.all import *
    IP_ADDRESS="127.0.0.1"
    PORT=6653
    
    def sendPacket():
    	sock=socket.socket()
    	sock.connect((IP_ADDRESS,PORT))
    	stream=StreamSocket(sock)
    	stream.send("\x04\x00\x00\x08\x00\x00\x00\x01")
    	stream.close()
    
    if __name__==’__main__’:
    	for i in range(0,100000):
    		sendPacket()

     

    
    from scapy.all import *
    IP_ADDRESS="127.0.0.1"
    PORT=40004
    
    if __name__==’__main__’:
    
    	for i in range(0,1000):
    		sock=socket.socket()
    		sock.connect((IP_ADDRESS,PORT))
    		stream=StreamSocket(sock)
    		payload="!#%&"
    		stream.send(payload)
    		stream.close()

     

    from scapy.all import *
    
    IP_ADDRESS="127.0.0.1"
    PORT=34343
    
    if __name__==’__main__’:
    
    for i in range(0,1000):
    	sock=socket.socket()
    	sock.connect((IP_ADDRESS,PORT))
    	stream=StreamSocket(sock)
    	payload="\x30\x0a\x33\x32\x37\x36\x39\x0a"
    	stream.send(payload)
    	stream.close()

     

     

    from scapy.all import *
    IP_ADDRESS="127.0.0.1"
    PORT=40004
    if __name__ == ’__main__’:
    	sock=socket.socket()
    	sock.connect((IP_ADDRESS,PORT))
    	stream=StreamSocket(sock)
    	payload="\x00\x00\x00\x71\x6a\x81\x6e\x30\x81\x6b\xa1"\
    			"\x03\x02\x01\x05\xa2\x03\x02\x01\x0a\xa4\x81"\
    			"\x5e\x30\x5c\xa0\x07\x03\x05\x00\x50\x80\x00"\
    			"\x10\xa2\x04\x1b\x02\x4e\x4d\xa3\x17\x30\x15"\
    			"\xa0\x03\x02\x01\x00\xa1\x0e\x30\x0c\x1b\x06"\
    			"\x6b\x72\x62\x74\x67\x74\x1b\x02\x4e\x4d\xa5"\
    			"\x11\x18\x0f\x31\x39\x37\x30\x30\x31\x30\x31"\
    			"\x30\x30\x30\x30\x30\x30\x5a\xa7\x06\x02\x04"\
    			"\x1f\x1e\xb9\xd9\xa8\x17\x30\x15\x02\x01\x12"\
    			"\x02\x01\x11\x02\x01\x10\x02\x01\x17\x02\x01"\
    			"\x01\x02\x01\x03\x02\x01\x02"
    	stream.send(payload)
    	stream.close()
  •  

     

    https://www.rsaconference.com/writable/presentations/file_upload/asec-f02-writing-secure-software-is-hard-but-at-least-add-mitigations_final.pdf

     

    https://www.owasp.org/images/5/54/OWASPSpain8_VULNEX_BinSecSweeper.pdf

     

    Microsoft Security Development Lifecycle (SDL) Process Guidance – Version 5.2

    Exploitation相關技巧與防護

    http://hick.org/~mmiller/presentations/misc/exploitation_techniques_and_mitigations_on_windows.pdf

     

    工具  BinScope

    https://www.microsoft.com/en-us/download/details.aspx?id=44995

     

    Compiler/Tool Minimum Required Version
    and Switches/Options
    Optimal/Recommended Version
    and Switches/Options
    Comments
    C/C++ Compiler Microsoft Visual Studio .NET 2008
    cl.exe Version 14.00.50727.42

    Use /GS

    Use /GS

     

    Link.exe Version 8.00.50727.762
    Use /SAFESEHUse /NXCOMPAT and don’t use /NXCOMPAT:NO.See Appendix F: SDL Requirement: No Executable Pages for more information.
    Use /SAFESEH

    Use /functionpadmin:5

    Use /DYNAMICBASE

    Visual Studio 2008 SP1 is needed for /DYNAMICBASE
    MIDL.exe Version 6.00.0366

    Use /robust

    Use /robust
    Source code analysis

     

    Visual Studio 2008 Code Analysis Options (“/analyze”)

    For Visual Studio 2008 code analysis, all warning IDs from the following list must be fixed: 4532 6029 6053 6057 6059 6063 6067 6200 6201 6202 6203 6204 6248 6259 6260 6268 6276 6277 6281 6282 6287 6288 6289 6290 6291 6296 6298 6299 6305 6306 6308 6334 6383

     

     

    Visual Studio 2008 Code Analysis Options (“/analyze”).

    For Visual Studio 2008 code analysis, all warning IDs from the following list must be fixed: 4532 6029 6053 6057 6059 6063 6067 6200 6201 6202 6203 6204 6248 6259 6260 6268 6276 6277 6281 6282 6287 6288 6289 6290 6291 6296 6298 6299 6305 6306 6308 6334 6383

     

    Standard Annotation Language (SAL): Code annotated with SAL should correct additional warnings, in addition to those listed above. See Appendix H: SDL Standard Annotation Language (SAL) Recommendations for Native Win32 Code for more information. The warnings are summarized as follows:

     

    SAL Compliance

    Visual Studio 2008: 26020–26023

     

    /analyze

    Visual Studio 2008: 6029 6053 6057 6059 6063 6067 6201–6202 6248 6260 6276 6277 6305

    Visual Studio 2008 Team Edition contains a publicly available version that is branded as “C/C++ Code Analysis.”

     

    Protecting Against Heap Corruption n/a All executable programs written using unmanaged code (.EXE) must call the HeapSetInformation interface. See Appendix I: SDL Requirement: Heap Manager Fail Fast Setting for more information.
    C4700 and C4701 Compiler Warnings n/a Compile code with C4700 and C4701 compiler warnings enabled and fix all instances of these warnings.