程序代写代做代考 database fuzzing CSE 523S:

CSE 523S:
Systems Security

Computer & Network
Systems Security

Spring 2018
Jon Shidal

Plan for Today
• Announcements

– HW3 assigned today, due 1pm March 21st

• Questions

• Assignment

• Vulnerabilities & Exploits
– Finding known vulnerabilities

• Today: Mix of lecture and exercises.

Assignment

• HW3 assigned; due 1pm March 21st
– See hw3 file in handouts

Reviewing our progress
• Module 1 (complete)

– L01: Introduction
– L02: Security Principles
– E03: Getting to know our systems
– L04: System Design & Security:

Why are computers vulnerable?
– E05: Exploring binaries and

processes.
– L06: System Design & Security:

Why are networks vulnerable?
– E07: Exploring packets
– L08: Network Security: Revisited
– E09: Exploring Encryption
– L10: Understanding Vulnerabilities
– E11: Exploring Metasploit

• Module 2 (starts today)
– Finding known vulnerabilities
– Stack and heap buffer

overflows, integer overflows,
format string attacks

– ASLR and NX
• Addr. Space Layout Randomization
• Stack No-eXecute

– Fuzzing

Vulnerabilities & Exploits

• Monday, we used ms03_026_dcom to attack
our Windows XP instance

• We knew what we were attacking.

• We knew its vulnerabilities.

• We followed a script.

• How might we have done so on our own?

Scanners

• You can actively probe a network to identify
machines and services

• Previously, within scapy, we saw how to use
ARP to find active IPs on a network

• We can also use a tool called nmap to learn
more

Nmap

• Among the most popular open-source network
scanners

• Crafts packets to identify OS, open ports, and
services listening on ports

• Can be automated and extended via scripts

• Like many tools, integrates well with metasploit

Vulnerability scanners
• Nmap identifies machines and services

• Other tools look for known vulnerabilities
– Nessus is the best-known,

• but it is no longer open-source
– OpenVAS is a fork of Nessus, and may retake the

crown (although it is limited currently)
– others…

• We can also use tricks within metasploit itself

Organizing information

• When exploring hosts or networks for
vulnerabilities, information management can be
a problem
– Have I seen that address before?
– Has something changed in the past week?
– What target version is running?

• We can rely on metasploit’s database
integration to help with managing this
information

Let’s get to work!

• See exploring-vulns-notes in Google Docs
– Important: use your host OS browser, do not use

the browser in your VM

• Also use “Tracking Progress 2/28/2018” to
indicate when you have reached a gate