基于Ruby符号执行的Metasploit攻击流量提取
需积分: 1 150 浏览量
2024-03-24
12:37:14
上传
评论
收藏 1.43MB PDF 举报
第 51 卷 第 12 期
2018 年 12 月
通信技术
Communications Technology
Vol.51 No.12
Dec.2018
·
2939
·
0
引 言
网络攻击流量对于网络安全研究和网络防护设
备的测试具有重要意义。一方面,可以重放网络攻
击流量来检测网络防护设备的有效性;另一方面,
* 收稿日期:2018-08-09;修回日期:2018-11-12 Received date:2018-08-09;Revised date:2018-11-12
基金项目:
国家重点研发计划项目“网络空间安全”重点专项(No.2017YFB0803203)
Foundation Item:
Cyber Security from the National Key Research and Development Program(No.2017YFB0803203)
文献引用格式:
刘焕伟,王轶骏,薛质 . 基于 Ruby 符号执行的 Metasploit 攻击流量提取 [J]. 通信技术,2018,
51(12):2929-2945.
LIU Huan-wei,WANG Yi-jun,XUE Zhi.Ruby Symbolic Execution based Network Attack Traffic
Extraction from Metasploit[J].Communications Technology,2018,51(12):2939-2945.
doi:10.3969/j.issn.1002-0802.2018.12.026
基于 Ruby 符号执行的 Metasploit 攻击流量提取
*
刘焕伟,王轶骏,薛 质
(上海交通大学 网络空间安全学院,上海 200240)
摘 要
:网络攻击流量对于网络安全研究和网络防护设备测试具有重要意义。Metasploit 是目前最
流行的攻击框架,自带面向各种平台和漏洞的攻击脚本,支持新攻击脚本的快速开发。攻击框架
的出现加快了漏洞利用的编写,降低了发起网络攻击的门槛,给网络安全提出了新的挑战。因此,
研究了一种基于符号执行的 Metasploit 框架攻击流量提取方法。该方法无需搭建靶机环境,可以快
速分析Metasploit框架中的攻击脚本,获取其对应的攻击流量,并且标记攻击流量中不同部分的属性,
记录攻击状态的转移过程。
关键词
:攻击流量;Metasploit;符号执行;Ruby 语言;攻击框架
中图分类号:TP393 文献标志码:A 文章编号:
1002-0802(2018)-12-2939-07
Ruby Symbolic Execution based Network Attack Traffic
Extraction from Metasploit
LIU Huan-wei, WANG Yi-jun, XUE Zhi
(School of Cyber Security, Shanghai Jiao Tong University, Shanghai 200240, China)
Abstract:
Network attack traffic is of great significance for network security research and network protection
equipment testing. Metasploit is currently the most popular attack framework. It has attack scripts for various
platforms and vulnerabilities, supporting rapid development of new attack scripts. The emergence of the
attack framework speeds up the writing of exploits, lowers the threshold for launching network attacks, and
poses new challenges for network security. Therefore, a Metasploit framework attack traffic extraction method
based on symbolic execution is studied. This method does not need to set up the target machine environment,
and can quickly analyze the attack script in the Metasploit framework to obtain the corresponding attack
traffic. At the same time, it can mark the attributes of different parts of the attack traffic and record the
transfer process of the attack state.
Key words:
attack traffic; Metasploit; symbolic execution; Ruby language; attack framework
资源评论
