June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
寻找漏洞
|
135
什么是漏洞
在深入讨论之前,让我们确保对漏洞的定义的认知处于同一层面上。它有时
会与漏洞利用相混淆,当我们讨论风险和威胁时,这些术语可能会变得很混
乱。漏洞是系统或软件的弱点。这个弱点是系统或软件的配置或开发过程中
的缺陷。如果利用该漏洞获取系统访问权限或损害系统,则可以利用该漏洞。
利用该弱点的过程就是漏洞利用。威胁是可能对系统造成损害或使得系统无
法使用。风险是损失和概率交集,这意味着你必须有办法估计损失或损害并
且这种损失或损害的概率会成为现实。
这一切都相当抽象,所以让我们用具体的术语来讨论这个问题。假定某人的
系统配置了默认的用户名和密码。这会产生漏洞,因为可能会被猜到密码。
猜测密码的过程就是对该漏洞的利用。这是来自错误配置的漏洞示例。经常
被识别的漏洞本质上是程序性的,通常来自不良的输入验证。
如果你对漏洞感兴趣并希望持续跟踪它们的最新动态,可以订阅
Bugtraq
的邮
件列表。你可以获取已发现漏洞的详细信息,有时还包括可用于利用已发现
漏洞的概念验证代码。由于世界上已经出现了如此多的软件,其中包括
Web
应用程序,每天都会有大量漏洞被发现。当然,其中一些是无关紧要的。
接下来我们将介绍几种漏洞。首先是本地漏洞。它们只有在登录到具有本地
访问权限的系统时才会被触发。这并不意味着你坐在控制台前面,只是简单
地对系统进行一些交互式访问。这可能包括权限提升漏洞:具有一般权限的
普通用户获得更高级别的权限,甚至是管理员权限。通过这些,用户可以获
得他们本不应该访问的资源。
另一种漏洞是远程漏洞 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.