CN110300119B - Vulnerability verification method and electronic equipment - Google Patents
Vulnerability verification method and electronic equipment Download PDFInfo
- Publication number
- CN110300119B CN110300119B CN201910616324.0A CN201910616324A CN110300119B CN 110300119 B CN110300119 B CN 110300119B CN 201910616324 A CN201910616324 A CN 201910616324A CN 110300119 B CN110300119 B CN 110300119B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- remote
- local
- verification
- response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The invention provides a vulnerability verification method and electronic equipment, which are used for solving the problem that in the prior art, the local vulnerability hidden in a target host cannot be verified. The method comprises the following steps: acquiring a remote vulnerability serial number; the remote vulnerability sequence number is available, and the local vulnerability verification mark is not true, and the relationship between the length of the vulnerability utilization program of the local vulnerability and the length of the effective load of the remote vulnerability corresponding to the remote vulnerability sequence number is determined; selecting a target local vulnerability corresponding to a value obtained by adding one to the local vulnerability counter, wherein the length of a vulnerability utilization program of the local vulnerability is smaller than that of a payload of the remote vulnerability, and the vulnerability counter is smaller than the number of the current local vulnerabilities; storing the vulnerability exploiting program of the target local vulnerability into the effective load of the remote vulnerability; sending a vulnerability exploiting program of the remote vulnerability, successfully verifying the remote vulnerability, and verifying a target local vulnerability stored in a payload of the remote vulnerability; and if the target local vulnerability verification is successful, sending the successful target local vulnerability verification information.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a vulnerability verification method and electronic equipment.
Background
With the development of internet technology, great convenience is brought to the life of users, but as various vulnerabilities in a network space emerge endlessly, user assets are extremely vulnerable to threats, important materials and secret information are also damaged, and specifically, vulnerability attacks are divided into two forms, namely remote vulnerability attacks and local vulnerability attacks according to attack paths, wherein the remote vulnerability attacks are usually used for remote attacks of hackers, for example, buffer overflow vulnerability can enable the hackers to remotely obtain system authority of a target host and steal all data in the target host; the local vulnerability is generally used for authority promotion in a Trojan attack process, for example, a hacker uses office software vulnerability to deliver a document type Trojan, and after a user runs the document, the Trojan is implanted, so that a target host is controlled for a long time. Therefore, remote vulnerability verification and local vulnerability verification need to be performed on a computer network of a user, and vulnerabilities are patched, so that vulnerability attacks are reduced, and asset and information security of the user is protected.
In the prior art, a security manufacturer can only verify a remote vulnerability of a target host through a vulnerability scanner and cannot verify a local vulnerability hidden in the target host.
In summary, how to verify the local vulnerability is a problem that needs to be solved at present.
Disclosure of Invention
In view of this, the present invention provides a vulnerability verification method and an electronic device, which are used to solve the problem of how to verify a local vulnerability in the prior art.
According to a first aspect of the embodiments of the present invention, there is provided a method for vulnerability verification, including: acquiring a remote vulnerability serial number; determining a local vulnerability verification flag in response to the remote vulnerability sequence number being available; determining a relationship between the length of the exploit program of the local vulnerability and the length of the payload of the remote vulnerability corresponding to the remote vulnerability sequence number in response to the local vulnerability verification flag not being true; determining the relation between a local vulnerability counter and the current local vulnerability number in response to the fact that the length of the vulnerability utilization program of the local vulnerability is smaller than the length of the effective load of the remote vulnerability corresponding to the remote vulnerability sequence number; in response to the fact that the vulnerability counter is smaller than the number of the current local vulnerabilities, selecting a target local vulnerability corresponding to a value obtained by adding one to the local vulnerability counter; storing the vulnerability exploiting program of the target local vulnerability into the effective load of the remote vulnerability; sending the vulnerability exploiting program of the remote vulnerability and verifying the remote vulnerability; verifying the target local vulnerability stored in the payload of the remote vulnerability in response to successful verification of the remote vulnerability; and responding to the successful verification of the target local vulnerability, and sending successful verification information of the target local vulnerability.
In an embodiment, before obtaining the remote vulnerability sequence number, the method further includes: in response to the presence of the remote vulnerability, determining at least one of the remote vulnerabilities; and sequencing according to the length of the effective load of the at least one remote vulnerability, and determining the sequencing sequence of the at least one remote vulnerability and the corresponding sequence number.
In an embodiment, the determining a local vulnerability verification flag in response to the availability of the remote vulnerability sequence number specifically includes: the local vulnerability is determined in response to the remote vulnerability sequence number being available; and determining the local vulnerability verification flag in response to the local vulnerability not being acquired.
In one embodiment, after determining the local vulnerability in response to the remote vulnerability sequence number being available, the method further includes: and responding to the completion of the local vulnerability acquisition, and determining that the local vulnerability verification is completed.
In one embodiment, after determining the local vulnerability verification flag in response to the availability of the remote vulnerability sequence number, the method further includes: and responding to the fact that the local vulnerability verification mark is true, sending the vulnerability utilization program of the remote vulnerability, and verifying the remote vulnerability.
In an embodiment, after the relationship between the length of the exploit program of the local vulnerability and the length of the payload of the remote vulnerability corresponding to the remote vulnerability sequence number, the method further includes: and generating a path of the exploit program of the local vulnerability in response to the fact that the length of the exploit program of the local vulnerability is greater than or equal to the length of the payload of the remote vulnerability corresponding to the remote vulnerability sequence number.
In an embodiment, the selecting a target local vulnerability corresponding to a value obtained by adding one to the local vulnerability counter specifically includes: selecting a target local vulnerability which can be detected by a port and corresponds to the value obtained by adding one to the local vulnerability counter; or selecting a target local vulnerability of the path of the vulnerability exploiting program which corresponds to the value of adding one to the local vulnerability counter.
In one embodiment, after the exploit program that sends the remote vulnerability verifies the remote vulnerability, the method further includes: and responding to the failure of the remote vulnerability verification, and acquiring a remote vulnerability serial number.
According to a second aspect of the embodiments of the present invention, there is provided an apparatus for vulnerability verification, including: the acquisition unit is used for acquiring a remote vulnerability serial number; the judging unit is used for responding to the availability of the remote vulnerability serial number and determining whether a local vulnerability verification mark is true or not; the judging unit is further configured to determine, in response to that the local vulnerability verification flag is not true, a relationship between a length of a vulnerability exploitation program of the local vulnerability and a length of a payload of a remote vulnerability corresponding to the remote vulnerability sequence number; the judging unit is further used for determining the relation between the local vulnerability counter and the current local vulnerability number in response to the fact that the length of the vulnerability utilization program of the local vulnerability is smaller than the length of the effective load of the remote vulnerability corresponding to the remote vulnerability sequence number; the processing unit is used for responding to the situation that the vulnerability counter is smaller than the number of the current local vulnerabilities, and selecting a target local vulnerability corresponding to a value obtained by adding one to the local vulnerability counter; the processing unit is further configured to store an exploit program of the target local vulnerability into a payload of the remote vulnerability; the verification unit is used for sending the vulnerability exploiting program of the remote vulnerability and verifying the remote vulnerability; the verification unit is further used for responding to successful verification of the remote vulnerability and verifying the target local vulnerability stored in the payload of the remote vulnerability; the verification unit is further configured to send, in response to the target local vulnerability being successfully verified, the target local vulnerability verification success information.
In one embodiment, the apparatus further comprises: a determining unit, configured to determine at least one remote vulnerability in response to the existence of the remote vulnerability; and the sequencing unit is used for sequencing according to the length of the effective load of the at least one remote vulnerability and determining the sequencing sequence of the at least one remote vulnerability and the corresponding sequence number.
In an embodiment, the determining unit is specifically configured to: the local vulnerability is determined in response to the remote vulnerability sequence number being available; and determining the local vulnerability verification flag in response to the local vulnerability not being acquired.
In an embodiment, the determining unit is further configured to determine that the local vulnerability verification is complete in response to completion of the local vulnerability acquisition.
In one embodiment, the verification unit is further configured to: and responding to the fact that the local vulnerability verification mark is true, sending the vulnerability utilization program of the remote vulnerability, and verifying the remote vulnerability.
In one embodiment, the processing unit is further configured to generate a path of the exploit program of the local vulnerability in response to that the length of the exploit program of the local vulnerability is greater than or equal to the length of the payload of the remote vulnerability corresponding to the remote vulnerability sequence number.
In one embodiment, the processing unit is specifically configured to: selecting a target local vulnerability which can be detected by a port and corresponds to the value obtained by adding one to the local vulnerability counter; or selecting a target local vulnerability of the path of the vulnerability exploiting program which corresponds to the value of adding one to the local vulnerability counter.
In an embodiment, the verification unit is specifically configured to, in response to the remote vulnerability verification failure, obtain, by the obtaining unit, a remote vulnerability sequence number.
According to a third aspect of embodiments of the present invention, there is provided an electronic device comprising a memory and a processor, the memory being configured to store one or more computer program instructions, wherein the one or more computer program instructions are executed by the processor to implement the method according to the first aspect or any possibility of the first aspect.
According to a fourth aspect of embodiments of the present invention, there is provided a computer-readable storage medium on which computer program instructions are stored, wherein the computer program instructions, when executed by a processor, implement the method according to the first aspect or any possibility of the first aspect.
The embodiment of the invention has the beneficial effects that: firstly, obtaining a remote vulnerability serial number, then responding to the availability of the remote vulnerability serial number, determining a local vulnerability verification mark, and then responding to the fact that the local vulnerability verification mark is not true, and determining the relationship between the length of a vulnerability exploitation program of the local vulnerability and the length of a payload of the remote vulnerability corresponding to the remote vulnerability serial number; then, in response to the fact that the length of the vulnerability utilization program of the local vulnerability is smaller than the length of the effective load of the remote vulnerability corresponding to the remote vulnerability sequence number, determining the relation between a local vulnerability counter and the current local vulnerability number; then, in response to the fact that the vulnerability counter is smaller than the number of the current local vulnerabilities, selecting a target local vulnerability corresponding to a value obtained by adding one to the local vulnerability counter; then storing the vulnerability exploitation program of the target local vulnerability into the effective load of the remote vulnerability; then sending the vulnerability exploiting program of the remote vulnerability to verify the remote vulnerability; then, in response to the successful verification of the remote vulnerability, verifying the target local vulnerability stored in the payload of the remote vulnerability; and finally, responding to the successful verification of the target local vulnerability, and sending successful verification information of the target local vulnerability. According to the method, the local vulnerability can be verified, and the problem that the local vulnerability cannot be verified in the prior art is solved.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent from the following description of the embodiments of the present invention with reference to the accompanying drawings, in which:
fig. 1 is a flowchart of a vulnerability verification method according to an embodiment of the present invention;
fig. 2 is a flowchart of another vulnerability verification method provided in an embodiment of the present invention;
fig. 3 is a schematic diagram of a vulnerability verification apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The present invention will be described below based on examples, but the present invention is not limited to only these examples. In the following detailed description of the present invention, certain specific details are set forth. It will be apparent to one skilled in the art that the present application may be practiced without these specific details. Further, those of ordinary skill in the art will appreciate that the drawings provided herein are for illustration purposes.
Unless the context clearly requires otherwise, throughout the description and the claims, the words "comprise", "comprising", and the like are to be construed in an inclusive sense as opposed to an exclusive or exhaustive sense; that is, what is meant is "including, but not limited to".
In the description of the present invention, it is to be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In addition, in the description of the present invention, "a plurality" means two or more unless otherwise specified.
Fig. 1 is a flowchart of a vulnerability verification method according to an embodiment of the present invention, and as shown in fig. 1, the vulnerability verification method includes:
and S100, acquiring a remote vulnerability serial number.
Optionally, before the obtaining of the remote vulnerability serial number, in response to the existence of the remote vulnerability, determining at least one remote vulnerability; and sequencing according to the length of the effective load of the at least one remote vulnerability, and determining the sequencing sequence of the at least one remote vulnerability and the corresponding sequence number.
Specifically, assuming that 8 remote vulnerabilities are determined to exist, the length of the payload of each remote vulnerability is 200, 201, 300, 302, 351, 154, 311, and 280, the 8 remote vulnerabilities are sorted according to the length of the payload in the order from long to short, the sorted order is 351, 311, 302, 300, 280, 201, 200, and 154, and the sequence numbers of the 8 vulnerabilities are determined according to the sorting, which is specifically shown in table 1 below:
TABLE 1
| Remote vulnerability sequence number | Length of payload |
| 1 | 351 |
| 2 | 311 |
| 3 | 302 |
| 4 | 300 |
| 5 | 280 |
| 6 | 201 |
| 7 | 200 |
| 8 | 154 |
The length of the payload is merely an illustrative example, and the specific situation is determined according to the actual situation.
In the embodiment of the invention, when the remote vulnerability is selected, the remote vulnerability with the longest effective load length is selected, namely the remote vulnerability corresponding to the serial number 1 is selected, the remote vulnerability corresponding to the serial number 1 is adopted to mount the local vulnerability, then the local vulnerability of the target host is verified, but the remote vulnerability corresponding to the serial number 1 may not be successfully verified after all the local vulnerabilities are mounted, and then the next remote vulnerability needs to be selected, for example, the remote vulnerability corresponding to the serial number 2 is mounted to the local vulnerability, then the local vulnerability of the target host is verified, and so on until all the local vulnerability is verified. In the embodiment of the present invention, a remote vulnerability corresponding to the serial number 1 is used as an acquired remote vulnerability serial number for explanation.
And S101, responding to the availability of the remote vulnerability sequence number, and determining a local vulnerability verification mark.
Specifically, whether the local vulnerability is acquired is determined in response to the availability of the remote vulnerability sequence number; and determining the local vulnerability verification flag in response to the local vulnerability not being acquired.
After the remote vulnerability corresponding to the acquired serial number 1 is determined to be available, if the local vulnerability is determined not to be acquired, whether the local vulnerability verification mark is true is continuously determined, and if the local vulnerability is determined to be acquired, the verification is completed. If the local vulnerability verification mark is true, the verification of the local vulnerability is successful, and if the local vulnerability verification mark is not true, the verification of the local vulnerability is failed and needs to be verified again.
Step S102, in response to that the local vulnerability verification flag is not true, determining the relationship between the length of the vulnerability utilization program of the local vulnerability and the length of the effective load of the remote vulnerability corresponding to the remote vulnerability sequence number.
Specifically, since the local vulnerability verification flag does not truly indicate that the vulnerability needs to be verified, it is necessary to determine a relationship between the length of the vulnerability exploitation program of the local vulnerability and the length of the payload of the remote vulnerability corresponding to the remote vulnerability sequence number, for example, the payload of the remote vulnerability corresponding to sequence number 1 is 351, and when the length of the vulnerability exploitation program of the local vulnerability is 350, the payload of the remote vulnerability is smaller than the length of the payload of the remote vulnerability, so that the vulnerability exploitation program of the local vulnerability can be directly mounted to the remote vulnerability; and if the length of the vulnerability exploiting program of the local vulnerability is greater than or equal to the length of the effective load of the remote vulnerability corresponding to the remote vulnerability sequence number, generating a path of the vulnerability exploiting program of the local vulnerability. For example, assuming that the length of the exploit program of the local vulnerability is 500 and the payload of the remote vulnerability corresponding to sequence number 1 is 351, the exploit program of the local vulnerability cannot be mounted to the remote vulnerability, and therefore, a path of the exploit program of the local vulnerability is generated and the path of the exploit program of the local vulnerability is mounted to the remote vulnerability.
Step S103, in response to the fact that the length of the vulnerability utilization program of the local vulnerability is smaller than the length of the effective load of the remote vulnerability corresponding to the remote vulnerability sequence number, determining the relation between the local vulnerability counter and the current local vulnerability number.
Specifically, the current value of the local vulnerability counter is the verified local vulnerability.
And S104, responding to the situation that the vulnerability counter is smaller than the number of the current local vulnerabilities, and selecting a target local vulnerability corresponding to a value obtained by adding one to the local vulnerability counter.
Specifically, the selecting of the target local vulnerability corresponding to the value obtained by adding one to the local vulnerability counter specifically includes two conditions:
and under the condition I, selecting a target local vulnerability which can be detected by a port and corresponds to the value obtained by adding one to the local vulnerability counter.
Specifically, the Exploit program in the first case, which is a local vulnerability, may be directly mounted to a remote vulnerability and then verify the local vulnerability, which may be referred to as a way for the Exploit program (explore) to identify services through a port.
And under the second condition, selecting the target local vulnerability of the path of the vulnerability exploiting program which is generated and corresponds to the value obtained by adding one to the local vulnerability counter.
Specifically, the second situation corresponds to the situation that the vulnerability exploiting program of the local vulnerability first generates the path of the vulnerability exploiting program of the local vulnerability, then the path of the vulnerability exploiting program of the local vulnerability is mounted to the remote vulnerability, and finally the local vulnerability is verified, which can be called as a mode of traversal verification of the vulnerability exploiting program Exploit carrying the local vulnerability in full.
And S105, storing the vulnerability exploitation program of the target local vulnerability into the effective load of the remote vulnerability.
And S106, sending the vulnerability exploiting program of the remote vulnerability, and verifying the remote vulnerability.
And S107, responding to the successful verification of the remote vulnerability, and verifying the target local vulnerability stored in the payload of the remote vulnerability.
Optionally, in response to the failure of the remote vulnerability verification, the remote vulnerability sequence number is obtained. For example, the remote vulnerability corresponding to the serial number 2 is continuously obtained and the verification is continuously performed.
And S108, responding to the successful verification of the target local vulnerability, and sending successful verification information of the target local vulnerability.
A complete description of the vulnerability verification method according to the present invention is provided below by a complete embodiment, which is specifically shown in fig. 2:
and S200, judging whether the remote vulnerability exists.
Step S201, in response to the existence of the remote vulnerability, sequencing according to the length of the effective load of the at least one remote vulnerability.
And S202, acquiring a remote vulnerability serial number.
Step S203, in response to the availability of the remote vulnerability serial number, determining whether the local vulnerability is acquired completely, if not, executing step S2041, and if so, executing step S2042.
Step S2041, determining whether the local vulnerability verification flag is true, if true, executing step S2051, and if not, executing step S2052.
And step S2042, determining that the local vulnerability verification is finished, and ending.
Step S2051, determining whether the length of the exploit program of the local vulnerability is smaller than the length of the payload of the remote vulnerability corresponding to the remote vulnerability number, if so, executing step S2061, and if not, executing step S2062.
And S2052, sending the vulnerability exploiting program of the remote vulnerability, and verifying the remote vulnerability.
Step S2061, determining whether the local vulnerability counter is less than the number of the current local vulnerabilities, and if so, executing step S207.
Step S2062, generating a path of the vulnerability exploiting program of the local vulnerability, and then executing step S2061 to judge whether the local vulnerability counter is smaller than the current local vulnerability number.
And step S207, selecting a target local vulnerability corresponding to the value obtained by adding one to the local vulnerability counter.
Step S208, storing the vulnerability exploitation program of the target local vulnerability into the payload of the remote vulnerability, and then executing step S2052.
And step S209, responding to the successful verification of the remote vulnerability in the step S2052, and outputting a verification result.
Step S210, verifying the target local vulnerability stored in the payload of the remote vulnerability, in response to successful verification of the target local vulnerability, executing step S209, and in response to failure of verification of the target local vulnerability, executing step S202.
Step S211, after responding to the successful target local vulnerability check, judging whether a local vulnerability counter is equal to the number of the current local vulnerabilities, if so, setting the target local vulnerability check identifier as true, and then executing step S202.
Fig. 3 is a schematic diagram of a vulnerability verification apparatus according to an embodiment of the present invention. As shown in fig. 3, the vulnerability verification apparatus of the present embodiment includes: an obtaining unit 31, configured to obtain a remote vulnerability number; a determining unit 32, configured to determine a local vulnerability verification flag in response to the remote vulnerability sequence number being available; the determining unit 32 is further configured to, in response to that the local vulnerability verification flag is not true, determine a relationship between a length of a vulnerability exploitation program of the local vulnerability and a length of a payload of a remote vulnerability corresponding to the remote vulnerability sequence number; the determining unit 32 is further configured to determine a relationship between a local vulnerability counter and a current local vulnerability number in response to that the length of the vulnerability exploiting program of the local vulnerability is smaller than the length of the payload of the remote vulnerability corresponding to the remote vulnerability sequence number; the processing unit 33 is configured to select a target local vulnerability corresponding to a value obtained by adding one to the local vulnerability counter in response to the vulnerability counter being smaller than the current number of local vulnerabilities; the processing unit 33 is further configured to store an exploit program of the target local vulnerability in a payload of the remote vulnerability; a verification unit 34, configured to send the exploit program of the remote vulnerability and verify the remote vulnerability; the verification unit 34 is further configured to, in response to successful verification of the remote vulnerability, verify the target local vulnerability stored in the payload of the remote vulnerability; the verification unit 34 is further configured to, in response to the target local vulnerability being successfully verified, send the target local vulnerability verification success information.
In one embodiment, the apparatus further comprises: a determining unit 35, configured to determine at least one remote vulnerability in response to the existence of the remote vulnerability; a sorting unit 36, configured to sort according to a length of the payload of the at least one remote vulnerability, and determine a sorting order and a corresponding sequence number of the at least one remote vulnerability.
In an embodiment, the determining unit 32 is specifically configured to: the local vulnerability is determined in response to the remote vulnerability sequence number being available; and determining the local vulnerability verification flag in response to the local vulnerability not being acquired.
In an embodiment, the determining unit 35 is further configured to determine that the local vulnerability verification is completed in response to the local vulnerability acquisition being completed.
In one embodiment, the verification unit 34 is further configured to: and responding to the fact that the local vulnerability verification mark is true, sending the vulnerability utilization program of the remote vulnerability, and verifying the remote vulnerability.
In an embodiment, the processing unit 33 is further configured to generate a path of the exploit program of the local vulnerability in response to that the length of the exploit program of the local vulnerability is greater than or equal to the length of the payload of the remote vulnerability corresponding to the remote vulnerability sequence number.
In an embodiment, the processing unit 33 is specifically configured to: selecting a target local vulnerability which can be detected by a port and corresponds to the value obtained by adding one to the local vulnerability counter; or selecting a target local vulnerability of the path of the vulnerability exploiting program which corresponds to the value of adding one to the local vulnerability counter.
In an embodiment, the verification unit 34 is specifically configured to, in response to that the remote vulnerability verification fails, obtain, by the obtaining unit, a remote vulnerability sequence number.
Fig. 4 is a schematic diagram of an electronic device of an embodiment of the invention. The electronic device shown in fig. 4 is a general data transmission device comprising a general computer hardware structure, which comprises at least a processor 41 and a memory 42. The processor 41 and the memory 42 are connected by a bus 43. The memory 42 is adapted to store instructions or programs executable by the processor 41. Processor 41 may be a stand-alone microprocessor or may be a collection of one or more microprocessors. Thus, processor 41 implements the processing of data and the control of other devices by executing instructions stored by memory 42 to perform the method flows of embodiments of the present invention as described above. The bus 43 connects the above components together, and also connects the above components to a display controller 44 and a display device and an input/output (I/O) device 45. Input/output (I/O) devices 45 may be a mouse, keyboard, modem, network interface, touch input device, motion sensing input device, printer, and other devices known in the art. Typically, the input/output devices 45 are connected to the system through input/output (I/O) controllers 46.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or computer program product. Accordingly, various aspects of embodiments of the invention may take the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit," module "or" system. Furthermore, various aspects of embodiments of the invention may take the form of: a computer program product embodied in one or more computer readable media having computer readable program code embodied thereon.
Any combination of one or more computer-readable media may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of embodiments of the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to: electromagnetic, optical, or any suitable combination thereof. The computer readable signal medium may be any of the following computer readable media: is not a computer readable storage medium and may communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of embodiments of the present invention may be written in any combination of one or more programming languages, including: object oriented programming languages such as Java, Smalltalk, C + +, and the like; and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package; executing in part on a user computer and in part on a remote computer; or entirely on a remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention described above describe various aspects of embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A method for vulnerability verification, comprising:
acquiring a remote vulnerability serial number;
responding to the availability of the remote vulnerability corresponding to the remote vulnerability sequence number, and determining a local vulnerability verification mark;
in response to that the local vulnerability verification flag is not true, determining a relationship between the length of the vulnerability utilization program of the local vulnerability and the length of the payload of the remote vulnerability corresponding to the remote vulnerability sequence number, wherein the local vulnerability verification flag is used for representing the local vulnerability verification result, and the local vulnerability verification flag is not true and is used for representing that the local vulnerability verification fails;
determining the relation between a local vulnerability counter and the current local vulnerability number in response to the fact that the length of the vulnerability utilization program of the local vulnerability is smaller than the length of the effective load of the remote vulnerability corresponding to the remote vulnerability sequence number, wherein the value of the local vulnerability counter is the verified local vulnerability number;
in response to the fact that the vulnerability counter is smaller than the number of the current local vulnerabilities, selecting a target local vulnerability corresponding to a value obtained by adding one to the local vulnerability counter;
storing the vulnerability exploiting program of the target local vulnerability into the effective load of the remote vulnerability;
sending the vulnerability exploiting program of the remote vulnerability and verifying the remote vulnerability;
verifying the target local vulnerability stored in the payload of the remote vulnerability in response to successful verification of the remote vulnerability;
and responding to the successful verification of the target local vulnerability, and sending successful verification information of the target local vulnerability.
2. The method of claim 1, wherein prior to obtaining the remote vulnerability sequence number, the method further comprises:
in response to the presence of the remote vulnerability, determining at least one of the remote vulnerabilities;
and sequencing according to the length of the effective load of the at least one remote vulnerability, and determining the sequencing sequence of the at least one remote vulnerability and the corresponding sequence number.
3. The method of claim 1, wherein the determining a local vulnerability verification flag in response to availability of a remote vulnerability corresponding to the remote vulnerability sequence number comprises:
the local vulnerability is determined in response to the remote vulnerability sequence number being available;
and determining the local vulnerability verification flag in response to the local vulnerability not being acquired.
4. The method of claim 3, wherein after determining the local vulnerability in response to a remote vulnerability corresponding to the remote vulnerability sequence number being available, the method further comprises:
and responding to the completion of the local vulnerability acquisition, and determining that the local vulnerability verification is completed.
5. The method of claim 1, wherein after determining a local vulnerability verification flag in response to a remote vulnerability corresponding to the remote vulnerability sequence number being available, the method further comprises:
and responding to the fact that the local vulnerability verification mark is true, sending the vulnerability utilization program of the remote vulnerability, and verifying the remote vulnerability.
6. The method of claim 1, wherein after determining a relationship between a length of the exploit of the local vulnerability and a length of a payload of a remote vulnerability corresponding to the remote vulnerability sequence number, the method further comprises:
and generating a path of the exploit program of the local vulnerability in response to the fact that the length of the exploit program of the local vulnerability is greater than or equal to the length of the payload of the remote vulnerability corresponding to the remote vulnerability sequence number.
7. The method of claim 1, wherein the selecting the target local vulnerability corresponding to the value obtained by adding one to the local vulnerability counter specifically comprises:
selecting a target local vulnerability which can be detected by a port and corresponds to the value obtained by adding one to the local vulnerability counter; alternatively, the first and second electrodes may be,
and selecting a target local vulnerability of the path of the vulnerability exploiting program which corresponds to the value of adding one to the local vulnerability counter.
8. The method of claim 1, wherein the exploit program that sent the remote vulnerability, after verifying the remote vulnerability, further comprises:
and responding to the failure of the remote vulnerability verification, and acquiring a remote vulnerability serial number.
9. An electronic device comprising a memory and a processor, wherein the memory is configured to store one or more computer program instructions, wherein the one or more computer program instructions are executed by the processor to implement the method of any of claims 1-8.
10. A computer-readable storage medium on which computer program instructions are stored, which computer program instructions, when executed by a processor, implement the method of any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910616324.0A CN110300119B (en) | 2019-07-09 | 2019-07-09 | Vulnerability verification method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910616324.0A CN110300119B (en) | 2019-07-09 | 2019-07-09 | Vulnerability verification method and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110300119A CN110300119A (en) | 2019-10-01 |
| CN110300119B true CN110300119B (en) | 2021-09-14 |
Family
ID=68030763
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910616324.0A Active CN110300119B (en) | 2019-07-09 | 2019-07-09 | Vulnerability verification method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110300119B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7664845B2 (en) * | 2002-01-15 | 2010-02-16 | Mcafee, Inc. | System and method for network vulnerability detection and reporting |
| US8572748B2 (en) * | 2011-02-16 | 2013-10-29 | International Business Machines Corporation | Label-based taint analysis |
| CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
| CN104732144A (en) * | 2015-04-01 | 2015-06-24 | 河海大学 | Pseudo-protocol-based remote code injecting loophole detecting method |
| CN105429955A (en) * | 2015-10-30 | 2016-03-23 | 西安四叶草信息技术有限公司 | Remote vulnerability detection method |
| CN107392027A (en) * | 2017-07-13 | 2017-11-24 | 福建中金在线信息科技有限公司 | A kind of website vulnerability method of testing, test system, electronic equipment and storage medium |
| CN107437029A (en) * | 2017-08-23 | 2017-12-05 | 北京奇虎科技有限公司 | Leak restorative procedure, leak prosthetic device and server |
| CN108256322A (en) * | 2018-01-26 | 2018-07-06 | 平安科技(深圳)有限公司 | Safety detecting method, device, computer equipment and storage medium |
| CN109325351A (en) * | 2018-08-23 | 2019-02-12 | 中通服咨询设计研究院有限公司 | A kind of security breaches automatic Verification systems based on many survey platforms |
-
2019
- 2019-07-09 CN CN201910616324.0A patent/CN110300119B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7664845B2 (en) * | 2002-01-15 | 2010-02-16 | Mcafee, Inc. | System and method for network vulnerability detection and reporting |
| US8572748B2 (en) * | 2011-02-16 | 2013-10-29 | International Business Machines Corporation | Label-based taint analysis |
| CN104363236A (en) * | 2014-11-21 | 2015-02-18 | 西安邮电大学 | Automatic vulnerability validation method |
| CN104732144A (en) * | 2015-04-01 | 2015-06-24 | 河海大学 | Pseudo-protocol-based remote code injecting loophole detecting method |
| CN105429955A (en) * | 2015-10-30 | 2016-03-23 | 西安四叶草信息技术有限公司 | Remote vulnerability detection method |
| CN107392027A (en) * | 2017-07-13 | 2017-11-24 | 福建中金在线信息科技有限公司 | A kind of website vulnerability method of testing, test system, electronic equipment and storage medium |
| CN107437029A (en) * | 2017-08-23 | 2017-12-05 | 北京奇虎科技有限公司 | Leak restorative procedure, leak prosthetic device and server |
| CN108256322A (en) * | 2018-01-26 | 2018-07-06 | 平安科技(深圳)有限公司 | Safety detecting method, device, computer equipment and storage medium |
| CN109325351A (en) * | 2018-08-23 | 2019-02-12 | 中通服咨询设计研究院有限公司 | A kind of security breaches automatic Verification systems based on many survey platforms |
Non-Patent Citations (2)
| Title |
|---|
| Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications;Peter Chapman et al;《In 18th ACM Conference on Computer and Communications Security》;20111031;全文 * |
| web应用程序漏洞检测关键技术研究;万志远;《万方》;20160330;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110300119A (en) | 2019-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106534160B (en) | Identity authentication method and system based on block chain | |
| CN108960830B (en) | Intelligent contract deployment method, device, equipment and storage medium | |
| US10169580B2 (en) | Identifying whether an application is malicious | |
| CN111404923A (en) | Control method and system for access authority of container cluster | |
| CN111416811B (en) | Unauthorized vulnerability detection method, system, equipment and storage medium | |
| US8650649B1 (en) | Systems and methods for determining whether to evaluate the trustworthiness of digitally signed files based on signer reputation | |
| EP3270318B1 (en) | Dynamic security module terminal device and method for operating same | |
| CN104580075A (en) | User login validation method, device and system | |
| JP2015508549A (en) | Identify Trojanized applications for mobile environments | |
| KR20120078018A (en) | System and method for detecting malwares in a file based on genetic map of the file | |
| CN111031111B (en) | Page static resource access method, device and system | |
| CN110519280B (en) | Crawler identification method and device, computer equipment and storage medium | |
| US20180232518A1 (en) | Protecting computer code against rop attacks | |
| CN110070360B (en) | Transaction request processing method, device, equipment and storage medium | |
| KR101586048B1 (en) | System, Server, Method and Recording Medium for Blocking Illegal Applications, and Communication Terminal Therefor | |
| CN104253687A (en) | Method for reducing verification efficiency, method for generating captcha, correlated system, and server | |
| CN104915594A (en) | Application running method and device | |
| KR20200115730A (en) | System and method for generating software whistlist using machine run | |
| CN109522683A (en) | Software source tracing method, system, computer equipment and storage medium | |
| CN110300119B (en) | Vulnerability verification method and electronic equipment | |
| CN102262717B (en) | Method, device and equipment for changing original installation information and detecting installation information | |
| JPWO2019142469A1 (en) | Security design apparatus, security design method, and security design program | |
| US9998495B2 (en) | Apparatus and method for verifying detection rule | |
| CN110572371B (en) | Identity uniqueness check control method based on HTML5 local storage mechanism | |
| JP2018147444A (en) | Computer system for executing analysis program and method for monitoring execution of analysis program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |