| Finding and exploiting vulnerability is a very important aspect of network antagonism .By analyzing the principle of vulnerability, we can build a vulnerability model, which can guide us in finding vulnerabilities actively. As we know, undocumented vulnerabilities are extremely important for network war. My main work focuses on three aspects: how security vulnerabilities are introduced, how to develop software to automate the finding process, and how to design general programming templates to exploit buffer overflow vulnerabilities. In this thesis, I first introduce the current research situation in related fields, then I introduce the analysis and classification models, especially, I analyze system backdoor in detail. Second, based on security need analysis, I induce some insecure programming templates. Third, I present three methods to find vulnerabilities: source scan, fault injection and reverse engineering. Last, I give some examples on how to write exploit programs after finding vulnerabilities. I also introduce a new exploit method: exploit based on software signal.General Speaking, the detection of the vulnerability is a technique filled with inspiration and luck, but thorough analysis shows it is also deducible. If more people understand the hacking technique, it will no longer be magic mastered only by a few experts. In the aspects of security need analysis and test software development, I do some innovational work.
|
PDF Full Text Request