第三次社課 - HackMD

###### tags: `1092` 第三次社課 === :::success 簽到 B073040047 楊志璿 B093012033 王勤 B093040016 jason B093040044 蔡明軒 B064011007 徐筱媛 M093140014 Arolpo M093140005 黃婷筠 M093140016 謝昌勝 M093140017 張守中 M083140001 stavhaygn B064020043 紀玥綺 B064020052 張瓊云 ::: [slide](https://drive.google.com/file/d/1TRPWT77x2jtpCdZl_Ge3YPInK8AEJjMu/view?usp=sharing) - [KALI ova (VM大禮包)](https://drive.google.com/file/d/11fK1ciAn0KQX5uvcoV34YSSvupJgJMHK/view?usp=sharing) 已預裝 - 帳號：`kali` - 密碼：`kali` - 自己動手裝工具 - [Cppcheck](http://cppcheck.sourceforge.net/) - [VisualCodeGrepper](https://sourceforge.net/projects/visualcodegrepp/) - [Flawfinder](https://dwheeler.com/flawfinder/) - [RIPS](https://sourceforge.net/projects/rips-scanner/) - [ZAP](https://www.zaproxy.org/download/) ## 程式安全 :::danger 不會有如何打別人，只會有如何預防(避免自己寫有漏洞) ::: ## 什麼是安全？ ## Buffer overflow ```c= short num; int array[5] = {1,2,3,4,5}; scanf("%d", &num); if ( num > 4 )return 0; printf(“%d”, arr[num]); ``` * Canary * GCC 內建的功能，在編譯時期會預留空間，執行時期會放入隨機值 * 一個隨機值，如果執行時期的值發現改變了，代表有人超出去了，就 Crash 了（SEGFAULT）一個練習： Flag_shop (picoCTF 2019) https://2019shell1.picoctf.com/static/5a20c190c65c3fe97c05cd22f2d4750f/store.c ``` nc 2019shell1.picoctf.com 25858 ``` Powshell netcat: Poewercat https://www.jianshu.com/p/b50b74a6a394 ## Boundary Condition ## Weak type 弱型別比如說... 看投影片(? ## Client comment 不建議用cookie，用session 反射型 XSS 儲存型 XSS [PDO](https://www.php.net/manual/en/book.pdo.php) ## SQL injection [SQLi payload](https://github.com/payloadbox/sql-injection-payload-list) http://demo.orange.tw/sqli/ admin':-- Insp3ct0r (picoCTF 2019) https://2019shell1.picoctf.com/problem/11196/ dont-use-client-side (picoCTF 2019) https://2019shell1.picoctf.com/problem/49886/ LOGON (picoCTF 2019) https://2019shell1.picoctf.com/problem/21895/ Irish-Name-Repo 1 (picoCTF 2019) https://2019shell1.picoctf.com/problem/21877/ RIPS local PHP check http://localhost /rips [php source code](https://drive.google.com/file/d/10uFgGr9JoJUd6og8JIbllVXXT09m3qGN/view?usp=sharing) In Kali Ova: ``` 127.0.0.1/rips 127.0.0.1/nsysuisc0317k /var/www/html/nsysuisc0317 ``` --- 頁尾