资源描述:
《软件安全实验第五次实验报告》由会员上传分享,免费在线阅读,更多相关内容在教育资源-天天文库。
1、软件安全第五次实验报告班级:2010211316学号:10211593姓名:曹梦晨1、目标(1)了解fuzz的基本原理(2)通过FtpFuzz来fuzzeasyftpserver的服务器,使服务器停止工作(3)自己编写或修改Python脚本来自己编写FTPFUZZ简单工具,并用其来对HomeFtpServer进行Fuzz,使服务器停止工作,可以用OllyDbg附加查看异常。(4)作业要求:a)详述跟踪调试过程b)实验结果需要截图证明c)提交生成的畸形文件,fuzz程序源代码等文件(5)思考题开发一个
2、针对文件溢出的目标程序的fuzz程序,使目标程序崩溃。要求生成攻击测试文件并通过程序自动加载,并确定从哪个文件开始出现程序崩溃。2、测试步骤与结果2.1利用FtpFuzz进行攻击Step1:首先利用Quick'nEasyFTPServer搭建服务器图2-1利用Quick'nEasyFTPServer搭建服务器strengthentheconceptoforganization,subordinatetotheOrganizationtodecideaboutorganizingprinciples,
3、the"fourobedience"placedinthehigherposition,resolutelyovercomeliberalism,Anarchist,populistandotherunhealthytendencies,anddoesnotallowforarbitraryand"myhouse,myrules"donotallowbargaininginthedutyofdue设置匿名用户、开启下载权限并设置ftp的路径为d:test,然后开启服务器:图2-2配置Quick'n
4、EasyFTPServer图2-3配置Quick'nEasyFTPServer(2)图2-4配置Quick'nEasyFTPServer(3)strengthentheconceptoforganization,subordinatetotheOrganizationtodecideaboutorganizingprinciples,the"fourobedience"placedinthehigherposition,resolutelyovercomeliberalism,Anarchist,p
5、opulistandotherunhealthytendencies,anddoesnotallowforarbitraryand"myhouse,myrules"donotallowbargaininginthedutyofdueStep2:利用FtpFuzz.exe进行fuzz攻击首先对攻击的参数进行配置:图2-5配置FtpFuzz图2-6配置FtpFuzz(2)使用ipconfig指令查看本机ip地址,对FtpFuzz进行配置:图2-7查看本机ip地址strengthentheconcepto
6、forganization,subordinatetotheOrganizationtodecideaboutorganizingprinciples,the"fourobedience"placedinthehigherposition,resolutelyovercomeliberalism,Anarchist,populistandotherunhealthytendencies,anddoesnotallowforarbitraryand"myhouse,myrules"donotallow
7、bargaininginthedutyofdue图2-8配置FtpFuzz(3)图2-9配置点击start进行fuzz攻击图2-10服务器端数据接收情况strengthentheconceptoforganization,subordinatetotheOrganizationtodecideaboutorganizingprinciples,the"fourobedience"placedinthehigherposition,resolutelyovercomeliberalism,Anarch
8、ist,populistandotherunhealthytendencies,anddoesnotallowforarbitraryand"myhouse,myrules"donotallowbargaininginthedutyofdue可能由于系统的原因,fuzz并没有成功。所以果断转战windowsxpsp3,和之前配置一样,在虚拟机中进行了Fuzz攻击实验,结果如下:图2-11xp下实验结果示意图这里可以看到服务器受到Fuzz攻击后,已经崩溃,攻击成功!2.