This document provides an overview and introduction to techniques for writing secure code. It discusses common programming languages like C/C++ and Java that are often used to write applications. It also describes methods for avoiding vulnerabilities like buffer overflows and ensuring code is free from errors. The document aims to educate programmers on secure coding best practices.

1. Äæåéìñ Ñ. Ôîñòåðïðè ó÷àñòèè Ìàéêà ÏðàéñàТехника взлома:сокеты, эксплойты, shеll код

2. Серия «Информационная безопасность»Москва, 2006

3. УДК 004.2ББК 32.973.26 018.2Ф81Ф81 Äæåéìñ Ôîñòåð, ïðè ó÷àñòèè Ìàéêà ÏðàéñàÄæåéìñ Ôîñòåð, ïðè ó÷àñòèè Ìàéêà ÏðàéñàÄæåéìñ Ôîñòåð, ïðè ó÷àñòèè Ìàéêà ÏðàéñàÄæåéìñ Ôîñòåð, ïðè ó÷àñòèè Ìàéêà ÏðàéñàÄæåéìñ Ôîñòåð, ïðè ó÷àñòèè Ìàéêà ÏðàéñàТехника взлома: сокеты, эксплойты, shell код: Пер. с англ. Слинкина А. А. –М.: ДМК пресс, 2006. – 784 с.: ил. (Серия «Информационная безопасность»).ISBN 5 9706 0019 9 ñâîåé íîâîé êíèãå Äæåéìñ Ôîñòåð, àâòîð ðÿäà áåñòñåëëåðîâ, âïåð-âûå îïèñûâàåò ìåòîäû, êîòîðûìè ïîëüçóþòñÿ õàêåðû äëÿ àòàê íà îïå-ðàöèîííûå ñèñòåìû è ïðèêëàäíûå ïðîãðàììû. Îí ïðèâîäèò ïðèìåðûðàáîòàþùåãî êîäà íà ÿçûêàõ C/C++, Java, Perl è NASL, â êîòîðûõ èëëþ-ñòðèðóþòñÿ ìåòîäû îáíàðóæåíèÿ è çàùèòû îò íàèáîëåå îïàñíûõ àòàê. êíèãå ïîäðîáíî èçëîæåíû âîïðîñû, ðàçáèðàòüñÿ â êîòîðûõ íàñóùíîíåîáõîäèìî ëþáîìó ïðîãðàììèñòó, ðàáîòàþùåìó â ñôåðå èíôîðìà-öèîííîé áåçîïàñíîñòè: ïðîãðàììèðîâàíèå ñîêåòîâ, shell-êîäû, ïåðåíî-ñèìûå ïðèëîæåíèÿ è ïðèíöèïû íàïèñàíèÿ ýêñïëîéòîâУДК 004.2ББК 32.973.26 018.2Original English language edition published by Syngress Publishing, Inc. Copyright © 2005 bySyngress Publishing, Inc. All rights reserved.Все права защищены. Любая часть этой книги не может быть воспроизведена в какойбы то ни было форме и какими бы то ни было средствами без письменного разрешения владельцев авторских прав.Материал, изложенный в данной книге, многократно проверен. Но поскольку вероятностьтехнических ошибок все равно существует, издательство не может гарантировать абсолютнуюточность и правильность приводимых сведений. В связи с этим издательство не несет ответственности за возможные ошибки, связанные с использованием книги.ISBN 1-597490-05-9 (àíãë.) Copyright © 2005 by Syngress Publishing, Inc.ISBN 5-9706-0019-9 © Ïåðåâîä íà ðóññêèé ÿçûê, îôîðìëåíèå, èçäàíèå,Èçäàòåëüñêèé Äîì ÄÌÊ-ïðåññ, 2006СодержаниеБлагодарности ......................................................................................... 23Об авторе ................................................................................................. 24Об основном соавторе............................................................................ 25Прочие соавторы, редакторы и авторы кода ..................................... 26Об авторе предисловия .......................................................................... 28Предисловие............................................................................................. 29Íàñòóïèò ëè «ñóäíûé äåíü»? ............................................................................. 29Глава 1. Написание безопасных программ......................................... 31Ââåäåíèå ............................................................................................................... 32C/C++ .................................................................................................................... 33Õàðàêòåðèñòèêè ÿçûêà...................................................................................... 34ßçûê C ........................................................................................................ 34ßçûê C++.................................................................................................... 35Áåçîïàñíîñòü ............................................................................................... 35Ïðèìåð «Çäðàâñòâóé, ìèð!» ............................................................................. 36Òèïû äàííûõ .................................................................................................... 37Ïîòîê óïðàâëåíèÿ ........................................................................................... 40Ôóíêöèè ........................................................................................................... 41Êëàññû (òîëüêî C++) ....................................................................................... 42Ïðèìåð: ðÿäû Ôóðüå ....................................................................................... 44ßçûê Java.............................................................................................................. 48Õàðàêòåðèñòèêè ÿçûêà...................................................................................... 49Îáúåêòíî-îðèåíòèðîâàííûå âîçìîæíîñòè .............................................. 49Ïëàòôîðìåííàÿ íåçàâèñèìîñòü ................................................................. 49Ìíîãîïîòî÷íîñòü ....................................................................................... 49Áåçîïàñíîñòü ............................................................................................... 50Äîïîëíèòåëüíûå âîçìîæíîñòè ................................................................. 50Ïðèìåð «Çäðàâñòâóé, ìèð!» ............................................................................. 50Òèïû äàííûõ .................................................................................................... 51Ïîòîê óïðàâëåíèÿ ........................................................................................... 52Ìåòîäû ............................................................................................................. 54

4. 6 Техника взлома: сокеты, эксплойты и shell код Содержание 7Êëàññû............................................................................................................... 54Ïîëó÷åíèå çàãîëîâêîâ HTTP............................................................................ 57ßçûê C# ................................................................................................................ 59Îñíîâàíèÿ äëÿ ïåðåõîäà íà C# ......................................................................... 59Õàðàêòåðèñòèêè ÿçûêà...................................................................................... 60Îáúåêòíî-îðèåíòèðîâàííûå âîçìîæíîñòè .............................................. 60Ïðî÷èå âîçìîæíîñòè ................................................................................. 61Áåçîïàñíîñòü ............................................................................................... 61Ïðèìåð «Çäðàâñòâóé, ìèð!» íà ÿçûêå C# ........................................................ 62Òèïû äàííûõ .................................................................................................... 62Ïîòîê óïðàâëåíèÿ ........................................................................................... 64Ìåòîäû ............................................................................................................. 66Êëàññû............................................................................................................... 66Ïîòîêè â ÿçûêå C# ........................................................................................... 69Ïðèìåð: ðàçáîð IP-àäðåñà, çàäàííîãî â êîìàíäíîé ñòðîêå........................... 70ßçûê Perl .............................................................................................................. 79Òèïû äàííûõ .................................................................................................... 80Îïåðàòîðû ........................................................................................................ 82Ïðèìåð Perl-ñöåíàðèÿ...................................................................................... 84Àíàëèç ......................................................................................................... 85Ñïåöèàëüíûå ïåðåìåííûå .............................................................................. 86Ñîïîñòàâëåíèå ñ îáðàçöîì è ïîäñòàíîâêà ...................................................... 87Ìîäèôèêàòîðû ðåãóëÿðíûõ âûðàæåíèé ........................................................ 88Êàíîíè÷åñêèå èíñòðóìåíòû, íàïèñàííûå íà Perl .......................................... 88ß óìåþ ïèñàòü íà Perl! ...................................................................................... 89Êàíîíè÷åñêàÿ àòàêà íà Web-ñåðâåð ............................................................ 89Àíàëèç ......................................................................................................... 90Óòèëèòà ìîäèôèêàöèè ôàéëà ïðîòîêîëà......................................................... 90Ðåçóëüòàò âûïîëíåíèÿ ................................................................................ 93Àíàëèç ......................................................................................................... 94ßçûê Python ........................................................................................................ 96Ïàêåò InlineEgg ................................................................................................. 96Àíàëèç ......................................................................................................... 98Àíàëèç ......................................................................................................... 99Ðåçþìå ................................................................................................................ 101Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 103Ññûëêè íà ñàéòû................................................................................................ 104×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 105Глава 2. Язык сценариев NASL ............................................................ 107Ââåäåíèå ............................................................................................................. 108Èñòîðèÿ .......................................................................................................... 108Íàçíà÷åíèå NASL .......................................................................................... 109Ïðîñòîòà è óäîáñòâî ................................................................................ 109Ìîäóëüíîñòü è ýôôåêòèâíîñòü................................................................ 109Áåçîïàñíîñòü ............................................................................................. 110Îãðàíè÷åíèÿ NASL................................................................................... 110Ñèíòàêñèñ ÿçûêà NASL ..................................................................................... 110Êîììåíòàðèè ............................................................................................ 110Ïðèìåð ïðàâèëüíîãî êîììåíòàðèÿ ................................................... 110Ïðèìåðû íåïðàâèëüíûõ êîììåíòàðèåâ ............................................ 111Ïåðåìåííûå.............................................................................................. 111Öåëûå ÷èñëà ......................................................................................... 111Ñòðîêè.................................................................................................. 111Ìàññèâû ............................................................................................... 111NULL.................................................................................................... 113Áóëåâñêèå âåëè÷èíû ........................................................................... 113Îïåðàòîðû ................................................................................................ 113Îïåðàòîðû âíå êàòåãîðèè .................................................................. 113Îïåðàòîðû ñðàâíåíèÿ ......................................................................... 114Àðèôìåòè÷åñêèå îïåðàòîðû .............................................................. 114Îïåðàòîðû ðàáîòû ñî ñòðîêàìè ........................................................ 115Ëîãè÷åñêèå îïåðàòîðû........................................................................ 115Ïîáèòîâûå îïåðàòîðû........................................................................ 116Îïåðàòîðû ñîñòàâíîãî ïðèñâàèâàíèÿ â ñòèëå C............................... 116Óïðàâëÿþùèå êîíñòðóêöèè..................................................................... 117Èíñòðóêöèè if ....................................................................................... 117Öèêëû for.............................................................................................. 117Öèêëû foreach....................................................................................... 118Öèêëû while ......................................................................................... 118Öèêëû repeat-until ............................................................................... 118Èíñòðóêöèÿ break ................................................................................ 118Ïîëüçîâàòåëüñêèå ôóíêöèè ............................................................... 119Âñòðîåííûå ôóíêöèè.......................................................................... 120Èíñòðóêöèÿ return ............................................................................... 120Íàïèñàíèå ñöåíàðèåâ íà ÿçûêå NASL .......................................................... 120Íàïèñàíèå ñöåíàðèåâ äëÿ ëè÷íîãî ïîëüçîâàíèÿ ........................................ 121Ñåòåâûå ôóíêöèè ..................................................................................... 121Ôóíêöèè, ñâÿçàííûå ñ ïðîòîêîëîì HTTP ................................................ 121

5. 8 Техника взлома: сокеты, эксплойты и shell код Содержание 9Ôóíêöèè ìàíèïóëèðîâàíèÿ ïàêåòàìè ..................................................... 121Ôóíêöèè ìàíèïóëèðîâàíèÿ ñòðîêàìè ..................................................... 122Êðèïòîãðàôè÷åñêèå ôóíêöèè ................................................................. 122Èíòåðïðåòàòîð êîìàíä NASL .................................................................. 122Ïðèìåð................................................................................................. 122Ïðîãðàììèðîâàíèå â ñðåäå Nessus ............................................................... 124Îïèñàòåëüíûå ôóíêöèè ........................................................................... 124Ôóíêöèè, îòíîñÿùèåñÿ ê áàçå çíàíèé............................................... 124Ôóíêöèè èçâåùåíèÿ î ðåçóëüòàòàõ ðàáîòû ....................................... 125Ïðèìåð................................................................................................. 125Ïðèìåð: êàíîíè÷åñêèé ñöåíàðèé íà ÿçûêå NASL....................................... 127Ïåðåíîñ íà ÿçûê NASL è íàîáîðîò ............................................................... 131Ëîãè÷åñêèé àíàëèç ......................................................................................... 131Ëîãè÷åñêàÿ ñòðóêòóðà ïðîãðàììû ............................................................ 131Ïñåâäîêîä ................................................................................................. 132Ïåðåíîñ íà NASL ...................................................................................... 133Ïåðåíîñ íà NASL ñ C/C++ ........................................................................ 134Ïåðåíîñ ñ ÿçûêà NASL .............................................................................. 140Ðåçþìå ................................................................................................................ 142Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 143Ññûëêè íà ñàéòû................................................................................................ 144×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 145Глава 3. BSD сокеты............................................................................... 147Ââåäåíèå ............................................................................................................. 148Ââåäåíèå â ïðîãðàììèðîâàíèå BSD-ñîêåòîâ ............................................. 148Êëèåíòû è ñåðâåðû äëÿ ïðîòîêîëà TCP ........................................................ 149Êîìïèëÿöèÿ ................................................................................................... 151Ïðèìåð âûïîëíåíèÿ ...................................................................................... 151Àíàëèç............................................................................................................. 151Êîìïèëÿöèÿ ................................................................................................... 154Ïðèìåð âûïîëíåíèÿ ...................................................................................... 154Àíàëèç............................................................................................................. 154Àíàëèç............................................................................................................. 156Êëèåíòû è ñåðâåðû äëÿ ïðîòîêîëà UDP ....................................................... 156Êîìïèëÿöèÿ ................................................................................................... 158Ïðèìåð èñïîëíåíèÿ ....................................................................................... 158Àíàëèç............................................................................................................. 158Êîìïèëÿöèÿ ................................................................................................... 160Ïðèìåð èñïîëíåíèÿ ....................................................................................... 160Àíàëèç............................................................................................................. 161Êîìïèëÿöèÿ ................................................................................................... 163Ïðèìåð èñïîëíåíèÿ ....................................................................................... 163Àíàëèç............................................................................................................. 163Êîìïèëÿöèÿ ................................................................................................... 165Ïðèìåð èñïîëíåíèÿ ....................................................................................... 165Àíàëèç............................................................................................................. 165Îïöèè ñîêåòîâ .................................................................................................. 166Àíàëèç............................................................................................................. 168Ñêàíèðîâàíèå ñåòè ñ ïîìîùüþ UDP-ñîêåòîâ ............................................ 169Êîìïèëÿöèÿ ................................................................................................... 176Ïðèìåð èñïîëíåíèÿ ....................................................................................... 176Àíàëèç............................................................................................................. 177Ñêàíèðîâàíèå ñåòè ñ ïîìîùüþ TCP-ñîêåòîâ............................................. 178Êîìïèëÿöèÿ ................................................................................................... 188Ïðèìåð èñïîëíåíèÿ ....................................................................................... 188Àíàëèç............................................................................................................. 189Ìíîãîïîòî÷íîñòü è ïàðàëëåëèçì .................................................................. 191Ðåçþìå ................................................................................................................ 193Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 193Ññûëêè íà ñàéòû................................................................................................ 195×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 195Глава 4. Сокеты на платформе Windows (Winsock) ......................... 197Ââåäåíèå ............................................................................................................. 198Îáçîð Winsock ................................................................................................... 198Winsock 2.0 ......................................................................................................... 200Êîìïîíîâêà ñ èñïîëüçîâàíèåì Visual Studio 6.0 ........................................... 201Çàäàíèå êîìïîíîâêè â èñõîäíîì êîäå ......................................................... 201Àíàëèç............................................................................................................. 203Ïðèìåð: ñêà÷èâàíèå Web-ñòðàíèöû ñ ïîìîùüþ WinSock ...................... 206Àíàëèç............................................................................................................. 207Ïðîãðàììèðîâàíèå êëèåíòñêèõ ïðèëîæåíèé ............................................ 207Àíàëèç............................................................................................................. 210Ïðîãðàììèðîâàíèå ñåðâåðíûõ ïðèëîæåíèé.............................................. 211

6. 10 Техника взлома: сокеты, эксплойты и shell код Содержание 11Àíàëèç............................................................................................................. 214Íàïèñàíèå ýêñïëîéòîâ è ïðîãðàìì äëÿ ïðîâåðêè íàëè÷èÿóÿçâèìîñòåé ....................................................................................................... 215Àíàëèç............................................................................................................. 222Àíàëèç............................................................................................................. 223Ðåçþìå ................................................................................................................ 224Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 224Ññûëêè íà ñàéòû................................................................................................ 225×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 226Глава 5. Сокеты в языке Java ............................................................... 233Ââåäåíèå ............................................................................................................. 234Îáçîð ïðîòîêîëîâ TCP/IP............................................................................... 234TCP-êëèåíòû .................................................................................................. 235Êîìïèëÿöèÿ .............................................................................................. 237Ïðèìåð âûïîëíåíèÿ................................................................................. 238Àíàëèç ....................................................................................................... 238Ðàçðåøåíèå IP-àäðåñîâ è äîìåííûõ èìåí .................................................... 239Ïðèìåð âûïîëíåíèÿ................................................................................. 240Àíàëèç ....................................................................................................... 240Ïðèìåð âûïîëíåíèÿ................................................................................. 241Àíàëèç ....................................................................................................... 242Ââîä/âûâîä òåêñòà: êëàññ LineNumberReader ................................................. 242Êîìïèëÿöèÿ .............................................................................................. 245Ïðèìåð âûïîëíåíèÿ................................................................................. 245Àíàëèç ....................................................................................................... 245TCP-ñåðâåðû ................................................................................................... 246Êîìïèëÿöèÿ .............................................................................................. 249Ïðèìåð âûïîëíåíèÿ................................................................................. 249Àíàëèç ....................................................................................................... 249Èñïîëüçîâàíèå Web-áðàóçåðà äëÿ ñîåäèíåíèÿ ñ ñåðâåðîì TCPServer1 ....... 250Ðàáîòà ñ íåñêîëüêèìè ñîåäèíåíèÿìè ............................................................ 251Êîìïèëÿöèÿ .............................................................................................. 257Ïðèìåð âûïîëíåíèÿ................................................................................. 257Àíàëèç ....................................................................................................... 258Ïðîãðàììà WormCatcher ................................................................................ 260Êîìïèëÿöèÿ .............................................................................................. 264Ïðèìåð âûïîëíåíèÿ................................................................................. 264Àíàëèç ....................................................................................................... 265Êëèåíòû è ñåðâåðû äëÿ ïðîòîêîëà UDP ......................................................... 266Êîìïèëÿöèÿ .............................................................................................. 271Ïðèìåð âûïîëíåíèÿ................................................................................. 271Àíàëèç ....................................................................................................... 272Ðåçþìå ................................................................................................................ 275Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 276×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 277Глава 6. Написание переносимых программ .................................... 279Ââåäåíèå ............................................................................................................. 280Ðåêîìåíäàöèè ïî ïåðåíîñó ïðîãðàìì ìåæäó ïëàòôîðìàìè UNIXè Microsoft Windows ......................................................................................... 280Äèðåêòèâû ïðåïðîöåññîðà ............................................................................. 281Èñïîëüçîâàíèå äèðåêòèâ #ifdef ..................................................................... 281Îïðåäåëåíèå îïåðàöèîííîé ñèñòåìû ........................................................... 283Ïðèìåð èñïîëíåíèÿ ................................................................................. 284Àíàëèç ....................................................................................................... 284Ïîðÿäîê áàéòîâ ............................................................................................. 285Ïðèìåð èñïîëíåíèÿ ................................................................................. 286Àíàëèç ....................................................................................................... 286Ñîçäàíèå è çàâåðøåíèå ïðîöåññîâ............................................................... 287Ñèñòåìíûé âûçîâ exec .................................................................................... 287Ïðèìåð èñïîëíåíèÿ ................................................................................. 288Àíàëèç ....................................................................................................... 288Ïðèìåð èñïîëíåíèÿ ................................................................................. 289Àíàëèç ....................................................................................................... 289Ïðèìåð èñïîëíåíèÿ ................................................................................. 292Àíàëèç ....................................................................................................... 292Ñèñòåìíûé âûçîâ fork ................................................................................... 293Ñèñòåìíûé âûçîâ exit .................................................................................... 293Ìíîãîïîòî÷íîñòü .......................................................................................... 293Ñîçäàíèå ïîòîêà............................................................................................. 294Ïðèìåð èñïîëíåíèÿ ................................................................................. 295Àíàëèç ....................................................................................................... 295Ïðèìåð èñïîëíåíèÿ ................................................................................. 296Àíàëèç ....................................................................................................... 296Ñèíõðîíèçàöèÿ ïîòîêîâ ................................................................................ 297Ïðèìåð èñïîëíåíèÿ ................................................................................. 299Àíàëèç ....................................................................................................... 299Ïðèìåð èñïîëíåíèÿ ................................................................................. 301

7. 12 Техника взлома: сокеты, эксплойты и shell код Содержание 13Àíàëèç ....................................................................................................... 301Ñèãíàëû .......................................................................................................... 302Àíàëèç ....................................................................................................... 303Àíàëèç ....................................................................................................... 304Ðàáîòà ñ ôàéëàìè............................................................................................ 304Àíàëèç ....................................................................................................... 305Àíàëèç ....................................................................................................... 307Ðàáîòà ñ êàòàëîãàìè ........................................................................................ 307Àíàëèç ....................................................................................................... 308Àíàëèç ....................................................................................................... 309Àíàëèç ....................................................................................................... 311Áèáëèîòåêè ..................................................................................................... 311Äèíàìè÷åñêàÿ çàãðóçêà áèáëèîòåê ............................................................... 313Àíàëèç ....................................................................................................... 315Àíàëèç ....................................................................................................... 316Ïðîãðàììèðîâàíèå äåìîíîâ è Win32-ñåðâèñîâ .......................................... 317Ïðèìåð èñïîëíåíèÿ ................................................................................. 319Àíàëèç ....................................................................................................... 319Àíàëèç ....................................................................................................... 323Óïðàâëåíèå ïàìÿòüþ ..................................................................................... 324Àíàëèç ....................................................................................................... 325Îáðàáîòêà àðãóìåíòîâ, çàäàííûõ â êîìàíäíîé ñòðîêå ................................ 325Àíàëèç ....................................................................................................... 326Àíàëèç ....................................................................................................... 328Ïðèìåð èñïîëíåíèÿ ................................................................................. 329Àíàëèç ....................................................................................................... 329Öåëî÷èñëåííûå òèïû äàííûõ ....................................................................... 330Àíàëèç ....................................................................................................... 331Ðåçþìå ................................................................................................................ 332Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 332×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 332Глава 7. Написание переносимых сетевых программ ..................... 335Ââåäåíèå ............................................................................................................. 336BSD-ñîêåòû è Winsock ..................................................................................... 336Òðåáîâàíèÿ ñïåöèôèêàöèè Winsock ............................................................. 337Àíàëèç ....................................................................................................... 338Ïîäëåæàùèå ïåðåíîñó êîìïîíåíòû ............................................................. 338Âîçâðàùàåìûå çíà÷åíèÿ ............................................................................... 338Àíàëèç ....................................................................................................... 339Àíàëèç ....................................................................................................... 340Àíàëèç ....................................................................................................... 341Ðàñøèðåííàÿ èíôîðìàöèÿ îá îøèáêàõ ....................................................... 341Àíàëèç ....................................................................................................... 342API................................................................................................................... 343Ðàñøèðåíèÿ, îïðåäåëåííûå â Winsock 2.0.................................................... 343Ôóíêöèè read() è write() ................................................................................ 343Ôóíêöèÿ socket() ............................................................................................ 343Àíàëèç ....................................................................................................... 345Ôóíêöèÿ connect() .......................................................................................... 346Àíàëèç ....................................................................................................... 348Ôóíêöèÿ bind() ............................................................................................... 348Àíàëèç ....................................................................................................... 351Ôóíêöèÿ listen() ............................................................................................. 351Àíàëèç ....................................................................................................... 354Ôóíêöèÿ accept() ............................................................................................ 354Àíàëèç ....................................................................................................... 357Ôóíêöèÿ select().............................................................................................. 358Àíàëèç ....................................................................................................... 362Ôóíêöèè send() è sendto() .............................................................................. 363Àíàëèç ....................................................................................................... 366Ôóíêöèè recv() è recvfrom()........................................................................... 366Àíàëèç ....................................................................................................... 370Ôóíêöèè close() è closesocket() ...................................................................... 370Àíàëèç ....................................................................................................... 372Ôóíêöèÿ setsockopt() ...................................................................................... 372Àíàëèç ....................................................................................................... 375Ôóíêöèè ioctl() è ioctlsocket() ........................................................................ 375Àíàëèç ....................................................................................................... 377Ïðîñòûå ñîêåòû ............................................................................................. 378Îáçîð API ....................................................................................................... 378Çàãîëîâî÷íûå ôàéëû..................................................................................... 379Çàãîëîâîê IPv4 ......................................................................................... 379Çàãîëîâîê ICMP ........................................................................................ 381Çàãîëîâîê UDP .......................................................................................... 381Çàãîëîâîê TCP ........................................................................................... 382Îïðåäåëåíèå ëîêàëüíîãî IP-àäðåñà .............................................................. 383Çàïðîñ ó ïîëüçîâàòåëÿ.................................................................................... 383

8. 14 Техника взлома: сокеты, эксплойты и shell код Содержание 15Ïåðå÷èñëåíèå èíòåðôåéñîâ ...................................................................... 384Ïðèìåð èñïîëíåíèÿ ................................................................................. 388Àíàëèç ....................................................................................................... 388Áèáëèîòåêè pcap è WinPcap ........................................................................ 389Ïðèìåð èñïîëíåíèÿ ................................................................................. 394Àíàëèç ....................................................................................................... 394Ðåçþìå ................................................................................................................ 396Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 397×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 397Глава 8. Написание shell кода I........................................................... 399Ââåäåíèå ............................................................................................................. 400×òî òàêîå shell-êîä? ......................................................................................... 400Èíñòðóìåíòû ............................................................................................ 401ßçûê àññåìáëåðà ....................................................................................... 402Àíàëèç .................................................................................................. 403Àíàëèç .................................................................................................. 403Àíàëèç .................................................................................................. 404Àññåìáëåð â Windows è UNIX .................................................................. 406Ïðîáëåìà àäðåñàöèè ...................................................................................... 406Ïðèìåíåíèå êîìàíä call è jmp ............................................................... 407Àíàëèç .................................................................................................. 407Àíàëèç .................................................................................................. 408Çàòàëêèâàíèå àðãóìåíòîâ â ñòåê ............................................................. 408Ïðîáëåìà íóëåâîãî áàéòà ............................................................................... 409Ðåàëèçàöèÿ ñèñòåìíûõ âûçîâîâ..................................................................... 410Íîìåðà ñèñòåìíûõ âûçîâîâ........................................................................... 410Àðãóìåíòû ñèñòåìíûõ âûçîâîâ ............................................................... 411Àíàëèç .................................................................................................. 411Àíàëèç .................................................................................................. 412Àíàëèç .................................................................................................. 412Çíà÷åíèå, âîçâðàùàåìîå ñèñòåìíûì âûçîâîì ....................................... 413Âíåäðåíèå shell-êîäà â óäàëåííóþ ïðîãðàììó ............................................ 413Shell-êîä äëÿ ïðèâÿçêè ê ïîðòó ..................................................................... 413Àíàëèç .................................................................................................. 415Shell-êîä äëÿ èñïîëüçîâàíèÿ ñóùåñòâóþùåãî äåñêðèïòîðà ñîêåòà .............. 415Àíàëèç .................................................................................................. 416Âíåäðåíèå shell-êîäà â ëîêàëüíóþ ïðîãðàììó ............................................ 417Shell-êîä, âûïîëíÿþùèé execve..................................................................... 417Shell-êîä, âûïîëíÿþùèé setuid ..................................................................... 419Shell-êîä, âûïîëíÿþùèé chroot .................................................................... 420Íàïèñàíèå shell-êîäà äëÿ Windows................................................................ 425Ðåçþìå ................................................................................................................ 431Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 431Ññûëêè íà ñàéòû................................................................................................ 433Ñïèñêè ðàññûëêè .............................................................................................. 434×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 434Глава 9. Написание shell кода II.......................................................... 437Ââåäåíèå ............................................................................................................. 438Ïðèìåðû shell-êîäîâ ........................................................................................ 438Ñèñòåìíûé âûçîâ write .................................................................................. 441Àíàëèç ....................................................................................................... 442Àíàëèç ....................................................................................................... 444Ñèñòåìíûé âûçîâ execve ................................................................................ 446Àíàëèç ....................................................................................................... 446Àíàëèç ....................................................................................................... 447Àíàëèç ....................................................................................................... 449Àíàëèç ....................................................................................................... 451Àíàëèç ....................................................................................................... 453Àíàëèç ....................................................................................................... 454Shell-êîä äëÿ ïðèâÿçêè ê ïîðòó ..................................................................... 455Àíàëèç ....................................................................................................... 456Ñèñòåìíûé âûçîâ socket ................................................................................ 458Àíàëèç ....................................................................................................... 458Ñèñòåìíûé âûçîâ bind ................................................................................... 459Àíàëèç ....................................................................................................... 459Ñèñòåìíûé âûçîâ listen ................................................................................. 460Àíàëèç ....................................................................................................... 460Ñèñòåìíûé âûçîâ accept ................................................................................ 460Àíàëèç ....................................................................................................... 461Ñèñòåìíûé âûçîâ dup2 ................................................................................. 461Àíàëèç ....................................................................................................... 462Ñèñòåìíûé âûçîâ execve ................................................................................ 462Àíàëèç ....................................................................................................... 462Àíàëèç ....................................................................................................... 466Shell-êîä äëÿ îáðàòíîãî ñîåäèíåíèÿ............................................................. 468Àíàëèç ....................................................................................................... 470

9. 16 Техника взлома: сокеты, эксплойты и shell код Содержание 17Shell-êîä äëÿ ïîâòîðíîãî èñïîëüçîâàíèÿ ñîêåòà .......................................... 471Àíàëèç ....................................................................................................... 473Ïîâòîðíîå èñïîëüçîâàíèå ôàéëîâûõ äåñêðèïòîðîâ .................................. 474Àíàëèç ....................................................................................................... 474Àíàëèç ....................................................................................................... 476Àíàëèç ....................................................................................................... 477Àíàëèç ....................................................................................................... 478Àíàëèç ....................................................................................................... 479Àíàëèç ....................................................................................................... 480Àíàëèç ....................................................................................................... 480Êîäèðîâàíèå shell-êîäà .................................................................................. 481Àíàëèç ....................................................................................................... 482Àíàëèç ....................................................................................................... 485Àíàëèç ....................................................................................................... 486Ïîâòîðíîå èñïîëüçîâàíèå ïåðåìåííûõ ïðîãðàììû ................................ 488Ïðîãðàììû ñ îòêðûòûìè èñõîäíûìè òåêñòàìè ..................................... 488Àíàëèç ....................................................................................................... 489Ïðîãðàììû ñ íåäîñòóïíûìè èñõîäíûìè òåêñòàìè ................................ 490Àíàëèç ....................................................................................................... 491Àíàëèç ....................................................................................................... 492Shell-êîä, ðàáîòàþùèé â ðàçíûõ ÎÑ ............................................................. 492Àíàëèç ....................................................................................................... 493Êàê ðàçîáðàòüñÿ â ðàáîòå ãîòîâîãî shell-êîäà?.......................................... 493Àíàëèç ....................................................................................................... 496Ðåçþìå ................................................................................................................ 499Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 499Ññûëêà íà ñàéòû................................................................................................. 500Ñïèñêè ðàññûëêè .............................................................................................. 500×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 501Глава 10. Написание эксплойтов I....................................................... 503Ââåäåíèå ............................................................................................................. 504Îáíàðóæåíèå óÿçâèìîñòåé ............................................................................. 504Ýêñïëîéòû äëÿ àòàêè íà ëîêàëüíûå è óäàëåííûå ïðîãðàììû................. 505Àíàëèç ....................................................................................................... 507Àòàêè íà ôîðìàòíóþ ñòðîêó ........................................................................... 507Ôîðìàòíûå ñòðîêè ........................................................................................ 507Àíàëèç ....................................................................................................... 508Àíàëèç ....................................................................................................... 509Èñïðàâëåíèå îøèáêè èç-çà íåêîððåêòíîãî èñïîëüçîâàíèÿôîðìàòíîé ñòðîêè .................................................................................... 510Ïðèìåð: óÿçâèìîñòü xlockmore âñëåäñòâèå çàäàíèÿ ïîëüçîâàòåëåìôîðìàòíîé ñòðîêè (CVE-2000-0763) ............................................................. 510Äåòàëè óÿçâèìîñòè.................................................................................... 510Äåòàëè ýêñïëîéòà....................................................................................... 511Àíàëèç ....................................................................................................... 513Óÿçâèìîñòè TCP/IP........................................................................................... 513Ãîíêè ................................................................................................................... 514Ãîíêè, ñâÿçàííûå ñ ôàéëàìè......................................................................... 515Ãîíêè, ñâÿçàííûå ñ ñèãíàëàìè ...................................................................... 516Ïðèìåð: îøèáêà â ïðîãðàììå man ïðè êîíòðîëå âõîäíûõ äàííûõ ...... 517Äåòàëè óÿçâèìîñòè.................................................................................... 517Ðåçþìå ................................................................................................................ 520Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 521Ññûëêè íà ñàéòû................................................................................................ 523×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 523Глава 11. Написание эксплойтов II ..................................................... 525Ââåäåíèå ............................................................................................................. 526Ïðîãðàììèðîâàíèå ñîêåòîâ è ïðèâÿçêè ê ïîðòó â ýêñïëîéòàõ.............. 527Ïðîãðàììèðîâàíèå êëèåíòñêèõ ñîêåòîâ ...................................................... 527Àíàëèç ....................................................................................................... 528Àíàëèç ....................................................................................................... 529Ïðîãðàììèðîâàíèå ñåðâåðíûõ ñîêåòîâ ....................................................... 529Àíàëèç ....................................................................................................... 530Ýêñïëîéòû äëÿ ïåðåïîëíåíèÿ ñòåêà .............................................................. 531Îðãàíèçàöèÿ ïàìÿòè ...................................................................................... 531Ïåðåïîëíåíèå ñòåêà ......................................................................................... 532Ïîèñê ïîääàþùèõñÿ ýêñïëóàòàöèè ïåðåïîëíåíèé ñòåêà â ïðîãðàììàõñ îòêðûòûìè èñõîäíûìè òåêñòàìè.......................................................... 537Ïðèìåð: ïåðåïîëíåíèå XLOCALEDIR â X11R6 4.2 .................................... 538Îïèñàíèå óÿçâèìîñòè .............................................................................. 538Ýêñïëîéò ................................................................................................... 541Âûâîä ........................................................................................................ 543Ïîèñê ïåðåïîëíåíèé ñòåêà â ïðîãðàììàõ ñ íåäîñòóïíûìè èñõîäíûìèòåêñòàìè .................................................................................................... 543Ýêñïëîéòû äëÿ çàòèðàíèÿ êó÷è...................................................................... 544

10. 18 Техника взлома: сокеты, эксплойты и shell код Содержание 19Ðåàëèçàöèÿ Äóãà Ëåà .................................................................................. 545Àíàëèç ....................................................................................................... 547Ïðèìåð: óÿçâèìîñòü, ñâÿçàííàÿ ñ ïåðåïîëíåíèåì áóôåðàèç-çà íåïðàâèëüíî ñôîðìèðîâàííîãî êëèåíòñêîãî êëþ÷àâ OpenSSL SSLv2, CAN-2002-0656 .................................................................. 549Îïèñàíèå óÿçâèìîñòè .............................................................................. 550Îïèñàíèå ýêñïëîéòà ................................................................................. 550Òðóäíîñòè.................................................................................................. 552Óñîâåðøåíñòâîâàíèå ýêñïëîéòà............................................................... 553Âûâîä ........................................................................................................ 553Êîä ýêñïëîéòà äëÿ ïåðåïîëíåíèÿ áóôåðà èç-çà íåïðàâèëüíîñôîðìèðîâàííîãî êëèåíòñêîãî êëþ÷à â OpenSSL SSLv2................. 554Ðåàëèçàöèÿ malloc â ÎÑ System V ............................................................ 560Àíàëèç ....................................................................................................... 562Àíàëèç ....................................................................................................... 563Ýêñïëîéòû äëÿ îøèáîê ïðè ðàáîòå ñ öåëûìè ÷èñëàìè........................... 564Ïåðåïîëíåíèå öåëîãî ÷èñëà.......................................................................... 564Àíàëèç ....................................................................................................... 565Àíàëèç ....................................................................................................... 567Îáõîä ïðîâåðêè ðàçìåðà ................................................................................ 567Àíàëèç ....................................................................................................... 568Àíàëèç ....................................................................................................... 569Äðóãèå îøèáêè, ñâÿçàííûå ñ öåëûìè ÷èñëàìè ........................................... 569Ïðèìåð: óÿçâèìîñòü OpenSSH èç-çà ïåðåïîëíåíèÿ öåëîãî â ïðîöåäóðåîêëèêà/îòçûâà CVE-2002-0639 ........................................................................ 570Äåòàëè óÿçâèìîñòè ......................................................................................... 570Äåòàëè ýêñïëîéòà....................................................................................... 571Ïðèìåð: óÿçâèìîñòü â UW POP2, ñâÿçàííàÿ ñ ïåðåïîëíåíèåì áóôåðà,CVE-1999-0920 ................................................................................................... 574Äåòàëè óÿçâèìîñòè ......................................................................................... 574Ðåçþìå ................................................................................................................ 584Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 584Ññûëêè íà ñàéòû................................................................................................ 585×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 586Глава 12. Написание эксплойтов III .................................................... 587Ââåäåíèå ............................................................................................................. 588Èñïîëüçîâàíèå êàðêàñà Metasploit Framework............................................. 588Ðàçðàáîòêà ýêñïëîéòîâ ñ ïîìîùüþ êàðêàñà Metasploit .............................. 595Îïðåäåëåíèå âåêòîðà àòàêè ........................................................................... 596Íàõîæäåíèå ñìåùåíèÿ .................................................................................. 597Âûáîð âåêòîðà óïðàâëåíèÿ ............................................................................ 602Âû÷èñëåíèå àäðåñà âîçâðàòà .......................................................................... 607Èñïîëüçîâàíèå àäðåñà âîçâðàòà ..................................................................... 612Îïðåäåëåíèå íåäîïóñòèìûõ ñèìâîëîâ ......................................................... 614Îïðåäåëåíèå îãðàíè÷åíèé íà ðàçìåð............................................................ 615Äîðîæêà èç NOP-êîìàíä ............................................................................... 617Âûáîð ïîëåçíîé íàãðóçêè è êîäèðîâùèêà .................................................... 619Èíòåãðèðîâàíèå ýêñïëîéòà â êàðêàñ ............................................................. 629Âíóòðåííåå óñòðîéñòâî êàðêàñà .................................................................... 629Àíàëèç ñóùåñòâóþùåãî ìîäóëÿ ýêñïëîéòà ................................................... 631Ïåðåîïðåäåëåíèå ìåòîäîâ ............................................................................. 637Ðåçþìå ................................................................................................................ 638Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 639Ññûëêè íà ñàéòû................................................................................................ 640×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 641Глава 13. Написание компонентов для задач, связанныхс безопасностью..................................................................................... 643Ââåäåíèå ............................................................................................................. 644Ìîäåëü COM...................................................................................................... 644COM-îáúåêòû ................................................................................................ 645COM-èíòåðôåéñû .......................................................................................... 645Èíòåðôåéñ IUnknown ............................................................................... 645Ñîãëàøåíèå î âûçîâå.............................................................................. 645Ñðåäà èñïîëíåíèÿ COM ................................................................................. 646Ðåàëèçàöèÿ COM-îáúåêòà .............................................................................. 647Ðåãèñòðàöèÿ COM-îáúåêòà ....................................................................... 647Êëþ÷ HKEY_CLASSES_ROOTCLSID ....................................................... 649Êëþ÷ HKEY_CLASSES_ROOTCLSID{xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx} ................................................. 649Êëþ÷ InprocServer32................................................................................. 649Êëþ÷ LocalServer32................................................................................... 649Ðåàëèçàöèÿ âíóòðèïðîöåññíîãî ñåðâåðà ....................................................... 649Ôóíêöèÿ DllGetClassObject ....................................................................... 650Ôóíêöèÿ DllCanUnloadNow...................................................................... 650Ôóíêöèÿ DllRegisterServer.......................................................................... 650

11. 20 Техника взлома: сокеты, эксплойты и shell код Содержание 21Ôóíêöèÿ DllUnregisterServer ...................................................................... 651Áèáëèîòåêà ATL ................................................................................................. 651Øàáëîíû â ÿçûêå C++................................................................................... 652Òåõíîëîãèÿ ðåàëèçàöèè êëèåíòà ñ ïîìîùüþ ATL ........................................ 652Èíòåëëåêòóàëüíûå óêàçàòåëè ................................................................... 653Ïîääåðæêà òèïîâ äàííûõ ......................................................................... 653Òèï äàííûõ BSTR ..................................................................................... 653Òèï äàííûõ VARIANT .............................................................................. 654Òåõíîëîãèÿ ðåàëèçàöèè ñåðâåðà ñ ïîìîùüþ ATL ........................................ 656Êîìïîçèöèÿ êëàññîâ ................................................................................. 656ßçûê îïðåäåëåíèÿ èíòåðôåéñîâ ............................................................. 659Ðåãèñòðàöèÿ êëàññà .................................................................................... 663Ðåàëèçàöèÿ âíóòðèïðîöåññíîãî COM-ñåðâåðà ....................................... 666Ãëîáàëüíàÿ ïåðåìåííàÿ _AtlModule......................................................... 666Ôóíêöèè, ýêñïîðòèðóåìûå èç DLL.......................................................... 667Òî÷êà âõîäà â ìîäóëü................................................................................. 669Ðåàëèçàöèÿ âíåïðîöåññíîãî COM-ñåðâåðà ............................................. 669Ãëîáàëüíàÿ ïåðåìåííàÿ _AtlModule ................................................... 669Òî÷êà âõîäà â ìîäóëü................................................................................. 669Àòðèáóòû ATL ................................................................................................ 670Àòðèáóò module ......................................................................................... 672Àòðèáóò interface ....................................................................................... 673Àòðèáóò coclass .......................................................................................... 674Êîìïèëÿöèÿ COM-ñåðâåðà .................................................................. 675Äîáàâëåíèå COM-ðàñøèðåíèé â ïðîãðàììó RPCDUMP ......................... 675Àíàëèç ....................................................................................................... 678Ïîòîê óïðàâëåíèÿ ......................................................................................... 680Àíàëèç ....................................................................................................... 681Ïðîöåäóðû èíòåãðàöèè ñ ïðèëîæåíèåì ....................................................... 682Àíàëèç ....................................................................................................... 683Îïðåäåëåíèå èíòåðôåéñîâ COM-îáúåêòîâ .................................................. 685Èíòåðôåéñ IRpcEnum .............................................................................. 686Èíòåðôåéñ IEndPointCollection ................................................................ 686Èíòåðôåéñ IEndPoint ................................................................................ 688Êëàññû êîìïîíåíòîâ ...................................................................................... 688Àíàëèç ....................................................................................................... 689Àíàëèç ....................................................................................................... 690Àíàëèç ....................................................................................................... 693Èíòåãðàöèÿ ñ ïðèëîæåíèåì: ôàéë COMSupport.h ........................................ 695Àíàëèç ....................................................................................................... 695Èíòåãðàöèÿ ñ ïðèëîæåíèåì: ôàéë RPCDump.c ............................................. 695Àíàëèç ....................................................................................................... 696Ðåçþìå ................................................................................................................ 698Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 698Ññûëêè íà ñàéòû................................................................................................ 699×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 699Глава 14. Создание инструмента для проверки уязвимостиWeb приложения ................................................................................... 703Ââåäåíèå ............................................................................................................. 704Ïðîåêòèðîâàíèå................................................................................................ 705Ôîðìàò ñèãíàòóðû àòàêè................................................................................ 705Ñèãíàòóðû ...................................................................................................... 705Óãëóáëåííûé àíàëèç ......................................................................................... 706Ñîêåòû è îòïðàâêà ñèãíàòóðû .................................................................. 706Àíàëèç ....................................................................................................... 715Ðàçáîð áàçû äàííûõ ................................................................................. 717Àíàëèç ....................................................................................................... 721Àíàëèç ....................................................................................................... 727Çàãîëîâî÷íûå ôàéëû..................................................................................... 730Êîìïèëÿöèÿ ................................................................................................... 733Âûïîëíåíèå ................................................................................................... 733Ñïðàâêà î ïðîãðàììå............................................................................... 733Ðåçóëüòàòû ðàáîòû ........................................................................................... 734Ðåçþìå ................................................................................................................ 735Îáçîð èçëîæåííîãî ìàòåðèàëà ..................................................................... 735Ññûëêè íà ñàéòû................................................................................................ 736×àñòî çàäàâàåìûå âîïðîñû ............................................................................ 736Приложение А. Глоссарий .................................................................... 739Приложение В. Полезные программы для обеспечениябезопасности .......................................................................................... 747Ïðîâåðêà èñõîäíûõ òåêñòîâ ........................................................................... 748Èíñòðóìåíòû äëÿ ãåíåðèðîâàíèÿ shell-êîäà ................................................. 748Îòëàä÷èêè ...................................................................................................... 748Êîìïèëÿòîðû ................................................................................................. 749Ýìóëÿòîðû àïïàðàòóðû ................................................................................. 749Áèáëèîòåêè ..................................................................................................... 750

12. 22 Техника взлома: сокеты, эксплойты и shell кодБлагодарностиÏðåæäå âñåãî, õî÷ó ïîáëàãîäàðèòü ñâîþ ñåìüþ çà íåèçìåííóþ âåðó â ìåíÿè â òå àìáèöèîçíûå öåëè, êîòîðûå ÿ ïåðåä ñîáîé ñòàâëþ. Âû ïðîäîëæàåòåïîääåðæèâàòü ìîè ìå÷òû è óñòðåìëåíèÿ. Ìàìà, ïàïà, Ñòèâ è Ìàìó – ìîÿ áëà-ãîäàðíîñòü âàì íå çíàåò ãðàíèö.Õîòåë áû òàêæå âûðàçèòü ïðèçíàòåëüíîñòü âñåì, êòî ïîìîãàë ìíå â íàïè-ñàíèè ýòîé êíèãè, â òîì ÷èñëå Ìàéêó Ïðàéñó (Mike Price), Ìàðøàëëó Áåääîó(Marshall Beddoe), Òîíè Áåòòèíè (Tony Bettini), ×àäó Êýðòèñó (Chad Curtis),Íèëüñó Õåéíåíó (Niels Heinen), Ðàññó Ìèëëåðó (Russ Miller), Áëåéêó Óîòòñó(Blake Watts), Êýâèíó Õýððèôîðäó (Kevin Harriford), Òîìó Ôåððèñó (TomFerris), Äåéâó Ýéòåëþ (Dave Aitel), Ñèíàí Ýðåí (Sinan Eren) è Ñòþàðòó Ìàêêëå-ðó (Stuart McClure). Ðåáÿòà, âû âåëèêîëåïíû. Ñïàñèáî âàì!Îòäåëüíîå ñïàñèáî êîðïîðàöèè Computer Sciences Corporation çà ðàçðåøå-íèå îïóáëèêîâàòü ýòó ðàáîòó. Ðåã Ôîóëêñ (Reg Foulkes) – òû ïàðåíü ÷òî íàäî!Êðîìå òîãî, áëàãîäàðíîñòü çàñëóæèëè Êðèñ Ñòåéíáàõ (Chris Steinbach), Äæåé-ñîí Ýíðàéò (Jason Enwright), Ðîí Íîóä (Ron Knode), Äæåííèôåð Øóëüöå(Jennifer Shulze) è Ìýðè Ïðàòò (Mary Pratt).È íàïîñëåäîê õî÷ó ïîáëàãîäàðèòü âåñü êîëëåêòèâ èçäàòåëüñòâà SyngressPublishing. Ãýðè, ñïàñèáî òåáå çàòå äîëãèå ÷àñû, êîòîðûå òû ïîòðàòèëíàýòóêíèãó. Ýìè, ñïàñèáî çà ðàáîòó íàä ýòîé è äðóãèìè êíèãàìè. Ýíäðþ, ïðèìèáëàãîäàðíîñòü çà îêàçàííóþ ìíå ïîääåðæêó è çà òî, ÷òî òû ïðîäîëæàåøü ðà-áîòàòü íàä òàêèìè óâëåêàòåëüíûìè ïðîåêòàìè. Òàê äåðæàòü, Syngress. ß æåíàäåþñü â çàíÿòüñÿ áëèæàéøåì áóäóùåì íå ìåíåå èíòåðåñíûì ïðîåêòîì.Àíàëèç óÿçâèìîñòåé ....................................................................................... 750Àíàëèçàòîðû ñåòåâîãî òðàôèêà..................................................................... 751Ãåíåðàòîðû ïàêåòîâ ....................................................................................... 751Ñêàíåðû .......................................................................................................... 752Приложение С. Архивы эксплойтов.................................................... 753Àðõèâû ýêñïëîéòîâ â Èíòåðíåòå ............................................................ 754Приложение D. Краткий справочник по системным вызовам ........ 755exit (int ) .......................................................................................................... 756open (file, flags, mode) ..................................................................................... 756close (äåñêðèïòîð ôàéëà) ............................................................................... 756read (äåñêðèòîð ôàéëà, óêàçàòåëü íà áóôåð, ÷èñëî áàéòîâ) ......................... 756write (äåñêðèòîð ôàéëà, óêàçàòåëü íà áóôåð, ÷èñëî áàéòîâ) ........................ 756execve (ôàéë, ôàéë + àðãóìåíòû, ïåðåìåííûå îêðóæåíèÿ) ......................... 756socketcall (íîìåð ôóíêöèè, àðãóìåíòû) ........................................................ 757socket (àäðåñíîå ñåìåéñòâî, òèï, ïðîòîêîë) ................................................. 757bind (äåñêðèïòîð ñîêåòà, ñòðóêòóðà sockaddr, ðàçìåð âòîðîãîàðãóìåíòà) ................................................................................................. 757listen (äåñêðèïòîð ñîêåòà, ìàêñèìàëüíûé ðàçìåð î÷åðåäè ñîåäèíåíèé) ..... 757accept (äåñêðèïòîð ñîêåòà, ñòðóêòóðà sockaddr, ðàçìåð âòîðîãîàðãóìåíòà) ................................................................................................. 758Приложение Е. Справочник по преобразованию данных ............. 759Предметный указатель ......................................................................... 765

13. Об основном авторе 25Об автореÄæåéìñ Ê. Ôîñòåð ÿâëÿåòñÿ çàìåñòèòåëåì äèðåêòîðà êîìïàíèè Global SecuritySolution Development for Computer Sciences Corporation, ãäå îòâå÷àåò çà ïîñòà-íîâêó è ðåàëèçàöèþ ðåøåíèé, îòíîñÿùèõñÿ ê ðàçëè÷íûì àñïåêòàì áåçîïàñ-íîñòè: ôèçè÷åñêîé, êàäðîâîé è èíôîðìàöèîííîé. Äî ïåðåõîäà â CSC Ôîñòåððàáîòàë äèðåêòîðîì ïî èññëåäîâàíèÿì è ðàçðàáîòêàì â ôèðìå FoundstoneInc. (ïîçäíåå åå ïðèîáðåëà êîìïàíèÿ McAfee), ãäå îòâå÷àë çà âñå àñïåêòû èç-ãîòîâëåíèÿ ïðîäóêòîâ, êîíñàëòèíã è êîðïîðàòèâíûå èíèöèàòèâû â îáëàñòèÍÈÎÊÐ. Åùå ðàíüøå Ôîñòåð áûë êîíñóëüòàíòîì è íàó÷íûì ñîòðóäíèêîìâ êîìïàíèè Guardent Inc. (åå ïðèîáðåëà ôèðìà Verisign) è îäíèì èç àâòîðîâ,ïèøóùèõ äëÿ æóðíàëà Information Security (ïðèîáðåòåííîãî TechTarget). Äîýòîãî îí ðàáîòàë ñïåöèàëèñòîì-èññëåäîâàòåëåì â îáëàñòè áåçîïàñíîñòè â ìè-íèñòåðñòâå îáîðîíû. Îñíîâíûå åãî èíòåðåñû ëåæàò â ñôåðå âûñîêîòåõíîëî-ãè÷íîãî äèñòàíöèîííîãî óïðàâëåíèÿ, ìåæäóíàðîäíîé ýêñïàíñèè, ïðèêëàä-íîé áåçîïàñíîñòè, àíàëèçà ïðîòîêîëîâ è àëãîðèòìîâ ïîèñêà. Ôîñòåð ìíîãîðàç âûïîëíÿë àíàëèç êîäà îòäåëüíûõ êîìïîíåíòîâ êîììåð÷åñêèõ ÎÑ, ïðèëî-æåíèé äëÿ ïëàòôîðìû Win32 è êîììåð÷åñêèõ ðåàëèçàöèé êðèïòîãðàôè÷å-ñêèõ ñèñòåì.Ôîñòåð ÷àñòî âûñòóïàåò íà ðàçëè÷íûõ êîíôåðåíöèÿõ, òåõíè÷åñêèõ ôîðó-ìàõ, ïîñâÿùåííûõ èññëåäîâàíèÿì â îáëàñòè áåçîïàñíîñòè â ÑØÀ, óäåëÿÿ îñî-áîå âíèìàíèå òàêèì ìåðîïðèÿòèÿì êàê Microsoft Security Summit, Black HatUSA, Black Hat Windows, MIT Wireless Research Forum, SANS, MilCon, TechGov,InfoSec World 2001 è Thomson Security Conference. Åãî íåðåäêî ïðîñÿò âûñêà-çàòü ìíåíèå ïî àêòóàëüíûì ïðîáëåìàì áåçîïàñíîñòè è öèòèðóþò â òàêèõ èç-äàíèÿõ êàê USAToday, æóðíàëàõ Information Security, Baseline, Computer-world, Secure Computing è MIT Technologist. Ôîñòåð èìååò ó÷åíóþ ñòåïåíüáàêàëàâðà, îáëàäàåò ñåðòèôèêàòîì MBA, à òàêæå ìíîãèìè äðóãèìè òåõíè÷å-ñêèìè è óïðàâëåí÷åñêèìè ñåðòèôèêàòàìè. Îí ñëóøàë êóðñû èëè ïðîâîäèë íà-ó÷íûå èññëåäîâàíèÿ â òàêèõ ó÷åáíûõ çàâåäåíèÿõ, êàê Éåëüñêàÿ øêîëà áèçíå-ñà, Ãàðâàðäñêèé óíèâåðñèòåò è óíèâåðñèòåò øòàòà Ìýðèëåíä, à â íàñòîÿùååâðåìÿ çàíèìàåòñÿ èññëåäîâàòåëüñêîé ðàáîòîé â Øêîëå áèçíåñà â Âàðòîíå(Wharton), øòàò Ïåíñèëüâàíèÿ.Ôîñòåð ÷àñòî ïóáëèêóåòñÿ â ðàçëè÷íûõ êîììåð÷åñêèõ è îáðàçîâàòåëüíûõèçäàíèÿõ. Îí àâòîð, ñîàâòîð èëè ðåäàêòîð ìíîãèõ îáúåìíûõ ïóáëèêàöèé,â ÷àñòíîñòè: Snort 2.1 Intrusion Detection (Syngress Publishing, ISBN: 1-931836-04-3), Hacking Exposed (÷åòâåðòîå èçäàíèå), Anti-Hacker Toolkit (âòîðîå èçäà-íèå), Advanced Intrusion Detection, Hacking the Code: ASP.NET Web ApplicationSecurity (Syngress, ISBN: 1-932266-65-8), Anti-Spam Toolkit è Google Hacking forPenetration Techniques (Syngress, ISBN: 1-931836-36-1).Об основном соавтореÌàéêë Ïðàéñ çàíèìàåò äîëæíîñòü ãëàâíîãî èíæåíåðà ïî èññëåäîâàíèÿì èðàçðàáîòêàì â êîìïàíèè McAfee (ðàíåå ðàáîòàë â ôèðìå Foundstone, Inc.),åãî ïðîôåññèÿ – èíôîðìàöèîííàÿ áåçîïàñíîñòü.  äîïîëíåíèå ê îñíîâíîéðàáîòå Ìàéê àêòèâíî çàíèìàåòñÿ àóäèòîì áåçîïàñíîñòè, àíàëèçîì êîäà,îáó÷åíèåì, ðàçðàáîòêîé ïðîãðàììíîãî îáåñïå÷åíèÿ è èññëåäîâàíèÿìè äëÿïðàâèòåëüñòâà è ÷àñòíîãî ñåêòîðà.  êîìïàíèè Foundstone Ìàéê îòâå÷àë çàïîèñê óÿçâèìîñòåé, íàó÷íûå èçûñêàíèÿ â îáëàñòè ñåòåé è ïðîòîêîëîâ, ðàçðà-áîòêó ïðîãðàìì è îïòèìèçàöèþ êîäà. Åãî èíòåðåñû ëåæàò ãëàâíûì îáðàçîìâ ñôåðå ðàçðàáîòêè ïðîãðàìì äëÿ îáåñïå÷åíèÿ áåçîïàñíîñòè ñåòåé è îòäåëü-íûõ ìàøèí íà ïëàòôîðìàõ BSD è Windows. Ðàíåå Ìàéê ðàáîòàë â êîìïàíèèSecureSoft Systems èíæåíåðîì ïî ðàçðàáîòêå ïðîãðàìì äëÿ îáåñïå÷åíèÿ áåçî-ïàñíîñòè. Ìàéê íàïèñàë ìíîæåñòâî ïðîãðàìì, â òîì ÷èñëå ðåàëèçàöèè ðàç-ëè÷íûõ êðèïòîãðàôè÷åñêèõ àëãîðèòìîâ, àíàëèçàòîðû ñåòåâûõ ïðîòîêîëîâ èñêàíåðû óÿçâèìîñòåé.

14. Прочие соавторы, редакторыи авторы кодаÍèëüñ ÕåéíåíÍèëüñ ÕåéíåíÍèëüñ ÕåéíåíÍèëüñ ÕåéíåíÍèëüñ Õåéíåí (Niels HeinenNiels HeinenNiels HeinenNiels HeinenNiels Heinen) ðàáîòàåò íàó÷íûì ñîòðóäíèêîì â îáëàñòè áåçî-ïàñíîñòè â îäíîé åâðîïåéñêîé ôèðìå. Îí çàíèìàëñÿ èññëåäîâàíèÿìè â îáëà-ñòè òåõíèêè ïîèñêà è ýêñïëóàòàöèè óÿçâèìîñòåé, îñîáî ñïåöèàëèçèðóåòñÿ íàíàïèñàíèè ïîçèöèîííî-íåçàâèñèìîãî êîäà íà ÿçûêå àññåìáëåðà, ïðåäíàçíà-÷åííîãî äëÿ èçìåíåíèÿ ïîòîêà âûïîëíåíèÿ ïðîãðàììû. Åãî èíòåðåñóþòãëàâíûì îáðàçîì ñèñòåìû íà áàçå ïðîöåññîðîâ Intel, íî èìååòñÿ òàêæå îïûòðàáîòû ñ ïðîöåññîðàìè MIPS, HPPA è îñîáåííî PIC. Íèëüñ ïîëó÷àåò óäî-âîëüñòâèå îò ñîçäàíèÿ ïîëèìîðôíûõ «ýêñïëîéòîâ», ñêàíåðîâ äëÿ àíàëèçàáåñïðîâîäíûõ ñåòåé è äàæå èíñòðóìåíòîâ äëÿ ñíÿòèÿ öèôðîâûõ îòïå÷àòêîâÎÑ. Ó íåãî èìååòñÿ òàêæå ïîñòîÿííàÿ ðàáîòà, ñâÿçàííàÿ ñ óãëóáëåííûì àíà-ëèçîì ïðîãðàìì, îòíîñÿùèõñÿ ê áåçîïàñíîñòè.Ìàðøàëë ÁåääîóÌàðøàëë ÁåääîóÌàðøàëë ÁåääîóÌàðøàëë ÁåääîóÌàðøàëë Áåääîó (Marshall BeddoeMarshall BeddoeMarshall BeddoeMarshall BeddoeMarshall Beddoe) – íàó÷íûé ñîòðóäíèê â êîìïàíèèMcAfee (ðàíåå â ôèðìå Foundstone). Îí âûïîëíèë ìíîãî ðàáîò â îáëàñòèïàññèâíîãî àíàëèçà òîïîëîãèè ñåòåé, óäàëåííîãî îáíàðóæåíèÿ ñèñòåì, ðàáî-òàþùèõ â ðåæèìå ïðîïóñêàíèÿ (promiscuous mode), ñíÿòèÿ öèôðîâûõ îòïå-÷àòêîâ ÎÑ, âíóòðåííåãî óñòðîéñòâà îïåðàöèîííîé ñèñòåìû FreeBSD è íîâûõìåòîäîâ ïîèñêà è ýêñïëóàòàöèè óÿçâèìîñòåé. Ìàðøàëë âûñòóïàë íà òàêèõ êîí-ôåðåíöèÿõ ïî áåçîïàñíîñòè êàê Black Hat Briefings, Defcon è Toorcon.Òîíè ÁåòòèíèÒîíè ÁåòòèíèÒîíè ÁåòòèíèÒîíè ÁåòòèíèÒîíè Áåòòèíè (Tony BettiniTony BettiniTony BettiniTony BettiniTony Bettini) âîçãëàâëÿåò îòäåë ÍÈÎÊÐ â êîìïàíèèMcAfee, ðàíåå ðàáîòàë â êîìïàíèÿõ, çàíèìàþùèõñÿ áåçîïàñíîñòüþ, â òîì÷èñëå Foundstone, Guardent è Bindview. Îí ñïåöèàëèçèðóåòñÿ íà áåçîïàñíîñòèè ïîèñêå óÿçâèìîñòåé â Windows, ïðîãðàììèðóåò íà àññåìáëåðå, C è äðóãèõÿçûêàõ. Òîíè îáíàðóæèë íåñêîëüêî óÿçâèìîñòåé â ïðîãðàììàõ PGP, ISSScanner, Microsoft Windows XP è Winamp.×åä Êåðòèñ×åä Êåðòèñ×åä Êåðòèñ×åä Êåðòèñ×åä Êåðòèñ (Chad CurtisChad CurtisChad CurtisChad CurtisChad Curtis) – íåçàâèñèìûé êîíñóëüòàíò, ïðîæèâàþùèéâ Þæíîé Êàëèôîðíèè. ×åä áûë íàó÷íûì ñîòðóäíèêîì â êîìïàíèè Found-stone, ãäå âîçãëàâëÿë ãðóïïó ïî îáíàðóæåíèþ óãðîç. Îí îáëàäàåò áîëüøèìîïûòîì â ñîçäàíèè ñåòåâîãî êîäà äëÿ ïëàòôîðìû Win32, íàïèñàíèè ñöåíàðè-åâ, ýêñïëóàòèðóþùèõ èçâåñòíûå óÿçâèìîñòè è ðàçðàáîòêå èíòåðôåéñîâ.Îäíî âðåìÿ ×åä ðàáîòàë ñåòåâûì àäìèíèñòðàòîðîì â ñåòè öåíòðîâ îáó÷åíèÿðàáîòå ñ êîìïüþòåðàìè Computer America Training Centers.Ðàññ ÌèëëåðÐàññ ÌèëëåðÐàññ ÌèëëåðÐàññ ÌèëëåðÐàññ Ìèëëåð (Russ MillerRuss MillerRuss MillerRuss MillerRuss Miller) ðàáîòàåò ñòàðøèì êîíñóëüòàíòîì â êîìïàíèèVerisign, Inc. Îí âûïîëíèë àíàëèç ìíîãèõ Web-ïðèëîæåíèé è ïðîèçâåë òåñòè-ðîâàíèå ñèñòåìû íà âîçìîæíîñòü âòîðæåíèÿ äëÿ íåñêîëüêèõ êîìïàíèè èçñïèñêà Fortune 100, â òîì ÷èñëå äëÿ êðóïíåéøèõ ôèíàíñîâûõ èíñòèòóòîâ.Ðàññ ñïåöèàëèçèðóåòñÿ â îñíîâíîì íà èññëåäîâàíèÿõ â îáëàñòè áåçîïàñíîñòèâ öåëîì è ïðèêëàäíîãî óðîâíÿ â ÷àñòíîñòè, ïðîåêòèðîâàíèè ñåòåé, ñîöèàëü-íîé èíæåíåðèè è â ðàçðàáîòêå áåçîïàñíûõ ïðîãðàìì íà òàêèõ ÿçûêàõ, êàê C,Java è Lisp.Áëåéê ÓîòòñÁëåéê ÓîòòñÁëåéê ÓîòòñÁëåéê ÓîòòñÁëåéê Óîòòñ (Blake WattsBlake WattsBlake WattsBlake WattsBlake Watts) ðàáîòàåò ñòàðøèì èíæåíåðîì â êîìïàíèèMcAfee Foundstone, à ðàíåå çàíèìàëñÿ èññëåäîâàíèÿìè â ðàçëè÷íûõ êîìïàíè-ÿõ, â òîì ÷èñëå Bindview, Guardent (ïðèîáðåòåíà Verisign) è PenSafe (ïðèîáðå-òåíà NetIQ). Îí ñïåöèàëèçèðóåòñÿ íà âíóòðåííåì óñòðîéñòâå è àíàëèçå óÿçâè-ìîñòåé Windows è îïóáëèêîâàë ðÿä ðàáîò ïî âîïðîñàì áåçîïàñíîñòè â ýòîéîïåðàöèîííîé ñèñòåìå.Âèíñåíò ËþÂèíñåíò ËþÂèíñåíò ËþÂèíñåíò ËþÂèíñåíò Ëþ (Vincent LiuVincent LiuVincent LiuVincent LiuVincent Liu) – ñïåöèàëèñò ïî áåçîïàñíîñòè â îäíîé èç êîì-ïàíèé, âõîäÿùèõ â ñïèñîê Fortune 100. Ðàíåå îí çàíèìàë äîëæíîñòü êîíñóëü-òàíòà â öåíòðå îáåñïå÷åíèÿ áåçîïàñíîñòè êîìïàíèè Ernst & Young, à òàêæåðàáîòàë â Íàöèîíàëüíîì àãåíòñòâå ïî áåçîïàñíîñòè. Îí ñïåöèàëèçèðóåòñÿ íàòåñòèðîâàíèè âîçìîæíîñòè âòîðæåíèÿ, àíàëèçå áåçîïàñíîñòè Web-ïðèëîæå-íèé è ðàçðàáîòêå «ýêñïëîéòîâ». Âèíñåíò ïðèíèìàë ó÷àñòèå â èññëåäîâàíèÿõïî áåçîïàñíîñòè, ôèíàíñèðóåìûõ àãåíòñòâîì DARPA, è âíåñ ñâîé âêëàäâ ïðîåêò Metasploit. Âèíñåíò ïîëó÷èë ó÷åíóþ ñòåïåíü ïî èíôîðìàòèêå è âû-÷èñëèòåëüíîé òåõíèêå â óíèâåðñèòåòå øòàòà Ïåíñèëüâàíèÿ.Прочие соавторы, редакторы и авторы кода 27