June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
170
|
第
5
章
什么是漏洞利用
?
漏洞是指某些软件或系统的弱点。利用这些弱点来破坏系统或进行未经授权
的访问,包括将你的权限提升到原有权限之上,这被称为漏洞利用。漏洞利
用会不断演进,从而充分利用已发现的漏洞。有时,漏洞利用程序的开发大
致会与漏洞被发现的时间相同。对于其他情况,漏洞首先会被发现并基本处
于理论状态;程序崩溃或源代码已被分析,表明软件存在问题。漏洞利用可
能会在将来发生。查找漏洞可能需要一组不同的技术来实现漏洞利用。
这里需要注意的是,即使存在明显的漏洞,你可能也无法利用此漏洞。可能
是因为无法利用此漏洞,或者不能自行利用此漏洞。此外,漏洞利用并不能
保证系统受损甚至权限升级。漏洞识别与攻破系统,权限提升或数据泄露之
间并不是直接的线性关系。即使你知道漏洞并进行漏洞利用,获得你想要的
东西之前也需要做大量的工作。
你可能知道漏洞利用的方法,并知道该漏洞存在。并非所有漏洞利用都可行。
这有时是时机问题,也可能是特定系统配置的问题。即使软件具有易受攻击
的代码,配置也会略有变化,从而导致漏洞无效或无法利用。有时可能连续
多次运行漏洞利用而没有成功,而第
6
次或者第
10
次却成功了。一些漏洞只
是因为工作机制如此。这需要勤奋和坚持才能成功。安全测试的工作并不简单。
道德伦理
执行任何漏洞利用都可能会损害系统的完整性以及系统上的数据。假如你和
目标协作,这是与他们沟通时需要明确的地方。如果真的是红队和蓝队对抗
测试,并且双方都不知道对方的存在,那么这对于双方和平相处和系统受损
都是一个问题。确保你知道参与其中的真正目的,并且没有做任何蓄意有害 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.