Comodo 缓冲区溢出测试工具：Comodo Buffer Overflow Tester

ubuntu

Melih Comodo's Hero Administrator Comodo's Hero Offline Posts: 2955

Buffer Overflow Testing Application! « on: Today at 01:33:18 AM » Lets see if your security products (AV, firewall or other) protect you from a Buffer Overflow (BO) attack, which is one of the most common form of attacks for users. Especially Drive-by-Download attacks extensively utilise BO to inject malware to users's machines. COMODO BO Tester is a testing utility which checks whether your system is vulnerable to buffer overflow attacks or not. COMODO Memory Guardian protects your applications against these attacks in both 32 bit and 64 bit environments. It includes 3 separate tests each of which tries to exploit a different type of attack technique. Test 1 ------- Tests the protection against stack overflows i.e. code execution in the stack Test 2 ------ Teststhe protection against heap overlows i.e. code execution in the heap Test 3 ------ Tests the protection against ret2libc attacks i.e. one of the most difficult to detect BO attacks. If your host (PC/Machine) is protected, the utility will report the status "Protected" ortherwise it will report "Vulnerable" Download Locations : For 32 bit Operating Systems http://download.comodo.com/cpf/download/setups/utility/Setup_BOTester_x32.exe For 64 bit Operating Systems http://download.comodo.com/cpf/download/setups/utility/Setup_BOTester_x64.exe Go ahead and distribute this to everyone you know to see if they are protected or not.. and for the Protection come and get Comodo Memory Guardian... FOR FREE!!! thanks Melih

ubuntu

缓冲区溢出 (Buffer Overflow  BO) 是网络上最常见的攻击方式。
COMODO BO Tester 可以测试你的系统安全软件是否防御BO攻击。

包括三项测试，对应于三种不同类型的攻击技术。

测试1
stack overflow 保护，代码在堆中运行




测试2
heap overflow 保护，代码在栈中运行



测试3
ret2libc 攻击，最难检测的BO 攻击，不需要运行任何shellcode，任何软/硬件 DEP无法检测



完全通过测试，会报告“Protected”



没有通过测试，会报告 “Vulnerable”



Comodo Memory Guardian 是一个完全免费的缓冲区溢出保护程序，将来发布正式版以后，会集成到 Comodo Firewall V3。
Comodo Firewall V3 正式版将可以防御90%+ 以上各种类型BO 攻击。

jpzy

现在对V3越来越期待了~！
正式版会集成BOclean，木马防火墙吗？

baerzake

那个不是木马防火墙,是反间谍 ,不知道正式版会加入反溢出吗?不过我更希望能把现在的BUG都修复才是最重要的.

sxingbai

谁用这个试试hips，嘿嘿

星之梦

这个东西好，可以测测DefencePlus等同类软件。

baerzake

你来试试

sxingbai

我期待别人当小白
如果都怕死
嘿嘿，一会儿我开影子试下

sxingbai

用普通模式测试，程序出错退出
日志：
2007-09-11 21:29:07    运行应用程序      操作:允许
进程路径:C:\windows\Explorer.EXE
文件路径:C:\Documents and Settings\nie\桌面\Setup_BOTester_x32.exe
触发规则:应用程序规则->信任组之系统程序->C:\windows\Explorer.EXE


2007-09-11 21:29:27    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\nie\桌面\Setup_BOTester_x32.exe
文件路径:C:\Documents and Settings\nie\Local Settings\Temp\is-9KIEN.tmp\is-7D147.tmp
命令行:/SL4 $A0264 "C:\Documents and Settings\nie\桌面\Setup_BOTester_x32.exe" 97339 79872
触发规则:所有程序规则->运行命令行参数->*


2007-09-11 21:29:28    创建文件      操作:阻止
进程路径:C:\Documents and Settings\nie\Local Settings\Temp\is-9KIEN.tmp\is-7D147.tmp
文件路径:C:\Documents and Settings\nie\Local Settings\Temp\is-T1EFC.tmp\_isetup\_shfoldr.dll
触发规则:所有程序规则->访问系统临时目录（LOW 保留允许）->*\Temp*\*.dll


2007-09-11 21:29:55    删除文件      操作:阻止
进程路径:C:\Documents and Settings\nie\Local Settings\Temp\is-9KIEN.tmp\is-7D147.tmp
文件路径:C:\Documents and Settings\nie\Local Settings\Temp\is-T1EFC.tmp\_isetup
触发规则:所有程序规则->保护目录名（HIGH 阻止）->*


2007-09-11 21:29:55    删除文件      操作:阻止
进程路径:C:\Documents and Settings\nie\Local Settings\Temp\is-9KIEN.tmp\is-7D147.tmp
文件路径:C:\Documents and Settings\nie\Local Settings\Temp\is-T1EFC.tmp
触发规则:所有程序规则->保护目录名（HIGH 阻止）->*


2007-09-11 21:29:55    删除文件      操作:阻止
进程路径:C:\Documents and Settings\nie\桌面\Setup_BOTester_x32.exe
文件路径:C:\Documents and Settings\nie\Local Settings\Temp\is-9KIEN.tmp
触发规则:所有程序规则->保护目录名（HIGH 阻止）->*


2007-09-11 21:31:06    创建文件      操作:阻止
进程路径:C:\windows\Explorer.EXE
文件路径:C:\Documents and Settings\nie\Recent\SYSTEM-2007-09-11.log.lnk
触发规则:应用程序规则->系统程序->C:\windows\Explorer.EXE->*.lnk

ubuntu

这是安装程序，你不能这样拦截的。安装以后才能运行。

另外，我个人觉得这只是个测试程序，不会损害系统，我都是实机跑的。