摘要
在分析Stuxnet蠕虫病毒的基础上,介绍该病毒所利用的MS10_046系统漏洞原理及机制。利用VMWare和MSF(MetaSploit FrameWork)搭建局域网实验环境平台,设计MS10_046漏洞溢出实验的方法与步骤,在得到的Cmd Shell命令行下建立了测试帐户并对测试帐户进行了提权处理,最后给出了对系统漏洞的一些防范措施。结果表明,基于MSF的实验平台可以很好地验证系统存在的已知漏洞,从而帮助用户做好系统的防范措施。
Based on the analysis of Stuxnet worm virus,the MS10_046 system vulnerabilities and mechanism of the virus were introduced.The VMWare and MSF(MetaSploit FrameWork) were used to build local area network experiment platform.Besides,the MS10_046 overflow vulnerability experimental methods and steps were designed.Moreover,a test account was established to enhance the users' permissions after the Cmd Shell command line was obtained.Finally,some preventive measures for system vulnerabilities were provided.The results show that MSF-based experiment platform can well validate the vulnerabilities of the system and help users take preventive measures.
出处
《实验室研究与探索》
CAS
北大核心
2012年第12期242-244,共3页
Research and Exploration In Laboratory
基金
河北省高等学校科学研究计划课题(Z2011273)
河北省教育学会"十二五"教育规划课题(XHXNO:12110501)
