Windows Shellcode自动构建方法研究

doi:10.3969/j.issn.1671-1122.2017.04.003

信息网络安全 ›› 2017, Vol. 17 ›› Issue (4): 15-25.doi: 10.3969/j.issn.1671-1122.2017.04.003

Windows Shellcode自动构建方法研究

朱帅, 罗森林(), 柯懂湘

北京理工大学信息系统及安全对抗实验中心,北京 100081

收稿日期:2017-02-26 出版日期:2017-04-20 发布日期:2020-05-12
作者简介:
作者简介：朱帅（1993—）,男,湖北,硕士研究生,主要研究方向为信息安全;罗森林（1968—）,男,河北,教授,博士,主要研究方向为信息安全、数据挖掘、文本安全等;柯懂湘（1994—）,男,陕西,硕士研究生,主要研究方向为信息安全。
基金资助:
国家242信息安全计划[2005C48]

Research on Automatic Building Approach of Windows Shellcode

Shuai ZHU, Senlin LUO(), Dongxiang KE

Information System and Security & Countermeasures Experimental Center, Beijing Institute of Technology, Beijing 100081, China

Received:2017-02-26 Online:2017-04-20 Published:2020-05-12

摘要/Abstract

摘要：

随着计算机技术的飞速发展,软件的规模及复杂程度在快速增加的同时也带来了极大的安全隐患,各种软件漏洞层出不穷,漏洞利用成为研究的热点。在漏洞利用的过程中,shellcode作为最关键的组件,其质量直接影响到漏洞利用的效果。针对已有的shellcode自动构建方法存在兼容性低、对大型shellcode支持性较差、自动化程度及易用性较低的缺点,文章提出一种Windows shellcode自动构建方法。该方法通过编写框架提供编程接口和编程环境,使编写者通过C语言编写shellcode,并将shellcode的编译、生成、提取、测试以及编码和优化过程进行整合,实现x86/x64平台Windows shellcode的自动构建。文章对基于该方法实现的原型系统进行了验证,结果表明,系统在兼容性、可靠性、自动化性能方面均有较好表现,能够利用系统顺利完成shellcode的构建任务,具有较高的实际应用价值。

关键词: 漏洞利用, shellcode, 自动构建

Abstract:

With the rapid development of computer technology, the scale and complexity of software is increasing, which also brought great security risk at the same time. shellcode is the key component in the process of the vulnerability exploitation. Its quality directly affects the effect of the exploit. But existing techniques have many downsides, such as less automation, usability and compatibility problems. In this paper, an automatic building approach of Windows shellcode has been proposed, which can provide programming interface & environment, and can let the programmers write shellcode with C language. In order to build the Windows shellcode of x86/x64 platform automatically, it also includes the compilation, building, extracting, testing, encoding and optimization steps. Based on the approach, this paper implements the prototype system of shellcode building automatically and makes some experiments. The result shows that the system performs well in compatibility, reliability and automatic performance. The system can be applied to shellcode building easily.

Key words: vulnerability exploitation, shellcode, automatic building

中图分类号:

TP393.08

朱帅, 罗森林, 柯懂湘. Windows Shellcode自动构建方法研究[J]. 信息网络安全, 2017, 17(4): 15-25.

Shuai ZHU, Senlin LUO, Dongxiang KE. Research on Automatic Building Approach of Windows Shellcode[J]. Netinfo Security, 2017, 17(4): 15-25.

图/表 17

图1

图2

图3

图4

图5

图6

图7

表1

表2

表3

表4

表5

表6

表7

表8

表9

表10

参考文献 18

[1]	诸葛建伟,陈力波,田繁,等. Metasploit渗透测试魔鬼训练营[M]. 北京:机械工业出版社,2013.
[2]	BIODI P. ShellForge G2 Shellcodes for Everybody and every Platform[EB/OL]. , 2017-1-22.
[3]	BIODI P. ShellForge G3[EB/OL]. , 2017-1-22.
[4]	YUANGE. WINDOWS的SHELLCODE编写高级技巧[EB/OL]. , 2017-2-11.
[5]	HUME. 关于Windows下ShellCode编写的一点思考[EB/OL]. , 2017-2-11.
[6]	NICKHARBOUR. Writing Shellcode with a C Compiler[EB/OL]. , 2010-7-1.
[7]	KMSRUSSIAN. Windows平台下高级Shellcode编程技术[EB/OL]. , 2017-2-12.
[8]	高君丰,张岳峰,罗森林,等. 网络编码协议污点回溯逆向分析方法研究[J].信息网络安全,2017(1):68-76.
[9]	TIAN Donghai, CHEN Mo, HU Changzhen, et al. Efficient Shellcode Detection on Commodity Hardware[J]. IEICE Transactions on Information and Systems.2013, E96, D(10): 2272-2276.
[10]	郭亮,罗森林,潘丽敏. 编码函数交叉定位网络协议测试数据生成方法研究[J].信息网络安全,2016(3):8-14.
[11]	SONG Yingbo, LOCASTO M E, STAVROU A, et al.On the Infeasibility of Modeling Polymorphic Shellcode[J]. Machine Learning, 2010, 81(2): 179-205.
[12]	BASU A, MATHURIA A, CHOWDARY N.Automatic Generation of Compact Alphanumeric Shellcodes for x86[C]//Springer. Smart System Platform Development for City and Society, GoeSmart 2014, September 24-25, 2014, Grand Royal Panghegar, Bandung, Indonesia. Heidelberg: Springer, 2014: 399-410.
[13]	MASON J, SMALL S, MONROSE F, et al.English Shellcode[C]//ACM. 16th ACM Conference on Computer and Communications Security, November 9-13, 2009, Chicago, Illinois, USA. New York: ACM, 2009: 524-533.
[14]	SkyLined. ALPHA3-Alphanumeric Shellcode Encoder[EB/OL]. , 2017-2-12.
[15]	tombkeeper. Shellcode_Template_in_C[EB/OL]., 2017-2-12.
[16]	丁庸,曹伟,罗森林. 基于LKM系统调用劫持的恶意软件行为监控技术研究[J].信息网络安全,2016(4):1-8.
[17]	ARCE I.The Shellcode Generation[J]. IEEE Security & Privacy, 2004, 2(5):72-76.
[18]	ROSCHKE S, CHENG Feng, MEINEL C.BALG: Bypassing Application Layer Gateways using Multi-staged Encrypted Shellcodes[C]//IEEE. 2011 IFIP/IEEE International Symposium on Integrated Network Management (IM), May 23-27, 2011, Dublin, Ireland. New Jersey: IEEE, 2011: 399-406.

Windows Shellcode自动构建方法研究

Research on Automatic Building Approach of Windows Shellcode

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 17

参考文献 18

相关文章 7

编辑推荐

Metrics

本文评价

[1]	徐鑫, 张松年, 胡建伟. 基于任意函数地址的ASLR绕过技术研究[J]. 信息网络安全, 2016, 16(7): 47-52.
[2]	毛焱颖, 罗森林. 融合多种技术的堆喷射方法研究[J]. 信息网络安全, 2016, 16(6): 48-55.
[3]	杜春来, 孙汇中, 王景中, 王宝成. 一种基于混淆机制的网页木马检测模型的研究与实现[J]. 信息网络安全, 2015, 15(10): 1-7.
[4]	. 一种非堆喷射的IE浏览器漏洞利用技术研究[J]. , 2014, 14(6): 39-.
[5]	. 基于端口和编号的漏洞代码匹配方法研究[J]. , 2014, 14(4): 20-.
[6]	. 基于 Windows 的软件安全典型漏洞利用策略探索与实践[J]. , 2014, 14(11): 59-.
[7]	王宜阳;宋苑. 浅谈渗透测试在Web系统防护中的应用[J]. , 2010, (9): 0-0.